Académique Documents
Professionnel Documents
Culture Documents
The name was adopted because Bluetooth wireless technology is expected to unify the telecommunications and computing industries
What Is Bluetooth?
Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology
Bluetooth
Simplifying communications between: - devices and the internet - data synchronization Operates in licensed exempt ISM band at 2.4ghz Uses frequency hoping spread spectrum Omni directional, no requiring line of sight Bluetooth offers data speeds of up to 1 Mbps up to 10 meters (Short range wireless radio technology ) Unlike IrDA, Bluetooth supports a LAN-like mode where multiple devices can interact with each other. The key limitations of Bluetooth are security and interference with wireless LANs. Short range wireless radio technology
Bluetooth
Bluetooth is a PAN Technology
Offers fast and reliable transmission for both voice and data Can support either one asynchronous data channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously Support both packet-switching and circuitswitching
Bluetooth
Personal Area Network (PAN) Bluetooth is a standard that will
Eliminate wires and cables between both stationary and mobile devices Facilitate both data and voice communications Offer the possibility of ad hoc networks and deliver synchronicity between personal devices
Bluetooth Topology
Bluetooth-enabled devices can automatically locate each other Topology is established on a temporary and random basis Up to eight Bluetooth devices may be networked together in a master-slave relationship to form a Piconet
Cont.
One is master, which controls and setup the network All devices operate on the same channel and follow the same frequency hopping sequence Two or more piconet interconnected to form a scatter net Only one master for each piconet A device cant be masters for two piconets The slave of one piconet can be the master of another piconet
Ad-hoc
is a network connection method which is most often associated with wireless devices. The connection is established for the duration of one session and requires no base station. Instead, devices discover others within range to form a network for those computers. Devices may search for target nodes that are out of range by flooding the network with broadcasts that are forwarded by each node. Connections are possible over multiple nodes (multihop ad hoc network). Routing protocols then provide stable connections even if nodes are moving around
A piconet
is an ad-hoc computer network of devices using Bluetooth technology protocols to allow one master device to interconnect with up to seven active slave devices Up to 255 further slave devices can be inactive, or parked, which the master device can bring into active status at any time.
Security Protocol
There are five phases of Simple Pairing: Phase 1: Public key exchange Phase 2: Authentication Stage 1 Phase 3: Authentication Stage 2 Phase 4: Link key calculation Phase 5: LMP Authentication and Encryption
Phases 1, 3, 4 and 5 are the same for all protocols whereas phase 2 (Authentication Stage 1) is different depending on the protocol used. Distributed through these five phases are 13 steps.
Bluetooth Frequency
Has been set aside by the ISM( industrial ,sientific and medical ) for exclusive use of Bluetooth wireless products
Frequency Selection
FH is used for interference mitigation and media access; TDD (Test-Driven Development) is used for separation of the transmission directions In 3-slot or 5-slot packets
In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range Transmitters change frequency 1600 times a second
Cont.
Each channel is divided into time slots 625 microseconds long Packets can be up to five time slots wide
Cont.
FH-CDMA to separate piconets within a scatternet
More piconets within a scatter net degrades performance Possible collision because hopping patterns are not coordinated
At any instant of time, a device can participate only in one piconet If the device participates as a slave, it just synchronize with the masters hop sequence
Cont.
The master for a piconet can join another piconet as a slave; in this case, all communication within in the former piconet will be suspended . When leaving a piconet, a slave notifies the master about its absence for certain amount of time. Communication between different piconets takes place by devices jumping back and forth between these nets
for tiny, radio frequency chips that can be plugged into your devices
These chips were designed to
take all of the information that your wires normally send, and transmit it at a special frequency to something called a receiver Bluetooth chip. The information is then transmitted to your device
Bluetooth Chip
Bluetooth Chip
RF
Baseband Controller
Link Manager
SPECIFICATIONS
Application Specifications
These specifications include the following Profiles Cordless Telephony Serial Port Headset Intercom Dialup Networking Fax File Transfer Service Discovery Application Generic Access
Wireless synchronization
Synchronize personal information contained in the address books and date books between different devices such as PDAs, cell phones, etc.
Bridging of networks
Cell phone connects to the network through dial-up connection while connecting to a laptop with Bluetooth.
Bluetooth Devices
Bluetooth will soon be enabled in everything from:
Telephones Headsets Computers Cameras PDAs Cars Etc
Bluetooth Products
Bluetooth-enabled PC Card
Bluetooth Products
Bluetooth-enabled PDA
Bluetooth Products
Bluetooth-enabled Cell Phone
Bluetooth Products
Bluetooth-enabled Head Set
Usage Models
Cordless computer Ultimate headset Three-in-one phone Interactive conference (file transfer) Direct network access Instant postcard
Wireless Technologies
There are two technologies that have been developed as wireless cable replacements: Infrared (IRDA) and radio (Bluetooth).
Connection Type
Spectrum Data Rate Range Supported Devices
Spread Spectrum
2.4GHz 1Mbps 30 Feet Upto 8
Cont..
Voice Channels 3 1 No special security
Addressing
48 bit MAC
32 bit ID
Our Focus
Bluetooth security
Security of Bluetooth
Security in Bluetooth is provided on the radio paths only Link authentication and encryption may be provided True end-to-end security relies on higher layer security solutions on top of Bluetooth Bluetooth provides three security services Authentication identity verification of communicating devices Confidentiality against information compromise Authorization access right of resources/services
Fast FH together with link radio link power control provide protection from eavesdropping and malicious access Fast FH makes it harder to lock the frequency Power control forces the adversary to be in relatively close proximity
Confidentiality
ACO (Authenticated Cipher Offset) is 96-bit, generated during the authentication procedure
ACO and the link key are never transmitted
The key stream is different for different packet since slot number is different
Three Encryption Modes for Confidentiality Encryption Mode 1: -- No encryption is performed on any traffic Encryption Mode 2: -- Broadcast traffic goes unprotected
while uni cast traffic is protected by the unique key
Step 3: Encryption key (128 bits, store temporarily) Step 4: key stream generation for xor-ing the payload
Security cont.
The security of the whole system relies on the PIN which may be too short
Users intend to use 4-digit short PINs, or even a null PIN
Utilized new cryptographic primitives, which have not gone through enough security analysis. (E0,E1,E20,E22) algorithms
E0 algorithm
The E0 algorithm is designed specifically for Bluetooth E0 has gone many security analysis. When used in Bluetooth mode, the security of E0 is decreased from 128-bit to 84-bit; when used outside of a Bluetooth system, its effective security is only 39-bit A Bluetooth device resets the E0 key after every 240 output bits, severely limiting the amount of known key stream that may be available to the cryptanalyst.
Hacker Tools
Bluesnarfing: is the theft of information from a wireless device through a Bluetooth connection. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
Hacker Tools
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field It is widely believed that the term bluejacking comes from Bluetooth and hijacking. However, a bluejacker doesn't hijack anything: he or she merely uses a feature on the sender and the recipient's device. Both parties remain in absolute control over their devices, and a bluejacker will not be able to take over your phone or steal your personal information. Bluejacking is usually technically harmless, but because bluejacked people don't know what is happening, they think their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well.
Problems with E0
Given all cryptographic primitives (E0, E1, E21, E22) used in Bluetooth Pairing/Bonding and authentication process the Bluetooth PIN can be cracked ? Focus on short PIN now. Output (KC) = combination of 4 LFSRs (Linear Feedback Shift Register) Key (KC) = 128 bits Best attack: guess some registers
PIN
Some devices use a fixed PIN (default=0000) Security keys = security PIN !!!! Possible to check guesses of PIN (SRES) -> brut force attack Weak PINs (1234, 5555,
Problems with E1
E1 = SAFER+ In cryptography, SAFER (Secure And Fast Encryption Routine) is the name of a family of block ciphers The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions SAFER+ and SAFER++ All of the algorithms in the SAFER family are unpatented and available for unrestricted use.
Location privacy
Devices can be in discoverable mode Every device has fixed hardware address Addresses are sent in clear
possible to track devices (and users)
Other weaknesses
No integrity checks No prevention of replay attacks Man in the middle attacks Sometimes: default = no security
Advantages (+)
Wireless (No Cables)
No Setup Needed
Disadvantages (-)
Short range (10 meters)
Small throughput rates
Fairly Expensive
Bluetooths Future
The future of this technology becoming a standard is likely
Bluetooth will soon be known as Bluetooth 2.2 as they are trying to develop the product to better fulfill the needs of consumers Often, with new technology, early changes mean reconstruction. Not With Bluetooth, instead, there will be an improvement to the existing standard.
The End
Thank You, for attending my presentation.