Documente Academic
Documente Profesional
Documente Cultură
BLUETOOTH SECURITY
ABSTRACT
Bluetooth is a way of connecting machines to each other without cables or any other physical
medium. It uses radio waves to transfer information, so it is very easily affected by attacks. In
this let me first give some background information about Bluetooth system and security issues
in ad hoc networks, a security framework is introduced for the description of the Bluetooth
security layout.
Then both link-level and service-level security schemes are discussed in detail on the basis of
the framework and then it concentrates on specific security measures in Bluetooth, mainly
authentication, encryption, key management and ad hoc aspects. Corresponding
countermeasures are also proposed in order to improve the Bluetooth security.
1
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER-1
INTRODUCTION
Bluetooth is a wireless communications specification named after the 10th century Danish King
Harald Blatland, or “Bluetooth”. King Harald united the separate kingdoms of Denmark and
Norway. The Bluetooth specification is intended to “unite” separate personal computing devices
such as laptops, PDAs, palmtops, cell phones and peripherals, like printers for example. In short,
Bluetooth is wireless technology intended for short-range radio links to replace cables. Its
primary features are voice and data capabilities, robustness, low complexity, low power and low
cost.
2
VPCOE,Baramati. BLUETOOTH SECURITY
As a specification, Bluetooth has some new and unique capabilities, but borrows heavily from
prior standards, including Motorola's Piano, IrDA, IEEE 802.11, and Digital Enhanced Cordless
Telecommunications (DECT). The Bluetooth SIG adopted Motorola's Piano to provide for
"Personal-Area Networks," (e.g. piconets) to extend the original Bluetooth concept beyond
simple cable replacement. Bluetooth voice transmission features are derived from the DECT
specification. IrDA specifications give Bluetooth its object exchange capabilities. The IEEE
802.11 specification provided Bluetooth with the 2.4GHz ISM band, frequency-hopping spread
spectrum (FHSS), authentication, privacy, power management, and wireless LAN potential.
This report gives information about the security measures of Bluetooth, where we
examine the Bluetooth security architecture in detail, how they should be different from the old
security measures of the cable-connected world and are they sufficient enough, so that
Bluetooth can be used for everyday communications. I have examined the Bluetooth security in
two parts according to the framework proposed, including the build-in link-level Bluetooth
security as the main part, and the service level Bluetooth security architecture as the practice
part, respectively. And what possible uses it has.
1.2 APPLICATIONS
The Bluetooth works for the wide range of applications. These range from straightforward
cable replacement to sophisticated networking applications.
Examples:
Wireless headsets for cell phones for hands-free, wire-free phone calls.
Wireless PC Mouse connection to the PC using Bluetooth.
Wireless printing between a PC or handheld and a Bluetooth enabled printer.
Wireless barcode scanner input for retail and warehousing.
Automated synchronization of Personal Digital Assistant (PDAs) and PCs using Bluetooth.
Ad hoc networking and file sharing between PCs, PDAs & laptops in a meeting.
Automated cell phone dialing from a laptop’s contact database with logging of the activity on
3
VPCOE,Baramati. BLUETOOTH SECURITY
the laptop.
Internet access for Bluetooth used devices via the Bluetooth enabled device on the Internet.
Synchronize contact information between a cell phone, PDA, notebook, and desktop wirelessly.
With automatic synchronization enabled, everyone can see changes to the shared material on
his or her own computer.
1.3 BENEFITS
The most basic benefit from Bluetooth is of simple cable replacement between two devices. For
many situations were the physical elimination of inconvenient cables that take space and limit
device placement. In industrial and commercial applications, the presence of wires creates
problems and task interference issues. The wide range of device types and standard interface
make by Bluetooth. Which allows selection of devices optimized each for their particular
functions. The multi-point capabilities of Bluetooth communications allows one interface to
support communications a set of wired and wireless devices are Bluetooth connectable,
including office appliances, e.g. desktop PCs, printers, projectors, laptops, and PDAs;
communication appliances, e.g. speakers, handsets, pagers, and mobile phones; home
appliances, e.g. DVD players, digital cameras, cooking ovens, washing machines, refrigerators,
and thermostats. Bluetooth is suitable for a wide range of applications, e.g. wireless office and
meeting room, smart home and vehicle, intelligent parking, electrical paying and banking.
printers, scanners, scales, PDAs, other PCs, etc.
Bluetooth wireless networking, in general, provides a simple and fast path to ad hoc networks
with minimal equipment and overhead.
1.4 CHALLENGES
Widespread adoption of Bluetooth still faces significant hurdles. First and foremost, there
remain interoperability issues between products from different vendors. The Bluetooth
specification has had a number of “holes” which left too much latitude between vendors’
implementations. While the specification continues to be worked on by the Bluetooth SIG and
4
VPCOE,Baramati. BLUETOOTH SECURITY
the IEEE 802.15 task group, interoperability between products is still somewhat spotty. Testing
is advised.
Secondly, as a wireless technology, there are concerns around security. Information could be
intercepted by other devices. While the basic security and encryption capabilities of the
specification are fundamentally sound, vendor implementations can vary.
Finally, there is significant competition from IEEE 802.11b wireless LAN technology which
has seen tremendous market acceptance and price drops in the past two years. This technology
has many of the same capabilities as Bluetooth, much greater speed and range and costs in line
with early Bluetooth radios.
1.5 PROSPECTS
Cable replacement and Wireless Personal-Area Networks (PANs) represent the major
opportunities for Bluetooth technology in the near future. For Bluetooth technology to achieve
ubiquitous adoption, interoperability, security and interference issues must be addressed,
vendors must bring more, and a wider array of products to market and chip pricing must become
significantly less expensive.
To be fair, as with many emerging technologies, Bluetooth specifications and products will
mature and eventually these issues will be resolved. Then Bluetooth adoption will grow
exponentially.
5
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER-2
Figure 2.1 illustrates the Bluetooth protocol stack, which can be divided into four layers
according to their purpose, in the following way:
1. Bluetooth Core Protocols, including Baseband, LMP, L2CAP, and SDP, comprise
exclusively Bluetooth-specific protocols developed by the Bluetooth SIG that are required by
most of the Bluetooth devices.
2. Cable Replacement Protocol, i.e. RFCOMM protocol, is based on the ETSI TS 07.10 that
emulate serial line control and data signals over Bluetooth Baseband to provide transport
capabilities for upper level services.
3. Telephony Control Protocols, including TCS Binary and AT-commands, are used to define
the call control signalling, mobility management procedures, and multiple usage models for the
Bluetooth devices to establish the speech and data calls and provide FAX and modem services.
4. Adopted Protocols, including PPP, UDP/TCP/IP, WAP, WAE, etc. Due to the open nature of
the Bluetooth specification, additional protocols (e.g., HTTP, FTP, etc.) can be accommodated
in an interoperable fashion.
5. Host Controller Interface (HCI), i.e. the boundary between hardware and software, provides
a uniform command interface to access capabilities of hardware, e.g. Baseband controller, link
manager, control and event registers.
6
VPCOE,Baramati. BLUETOOTH SECURITY
The layers of Cable Replacement, Telephony Control, and Adopted Protocols form the
application-oriented protocols that enable applications to run over the Bluetooth core protocols.
Not all applications make use of all the protocols shown in Figure 2.1 Instead, applications run
over one or more vertical slices of this protocol stack. In other words, applications may run
over different protocol stacks. Nevertheless, each one of these different protocol stacks uses a
common Bluetooth data link and physical layer, i.e. Bluetooth core protocols, including:
· Baseband. Based on the physical radio link, the Baseband can form the piconets between
Bluetooth units and decide the roles of master and slave in the piconet. The Baseband provides
physical links of both Synchronous Connection- Oriented (SCO) and Asynchronous
Connectionless (ACL) to support the transmission of data and/or audio with corresponding
packets. Other functions include error correction, link management and control, audio
transmission, etc.
· Link Manager Protocol (LMP). The Bluetooth protocol LMP is responsible for link set-up
between Bluetooth devices. This includes security aspects and the control and negotiation of
Baseband packet sizes. Furthermore, it controls the power modes and duty cycles of the
Bluetooth radio device, and the connection states of a Bluetooth unit in a piconet.
· Logical Link Control and Adaptation Protocol (L2CAP). The protocol of L2CAP provides
7
VPCOE,Baramati. BLUETOOTH SECURITY
connection-oriented and connectionless data services to the upper layer protocols over the
Baseband, with protocol multiplexing capability, segmentation and reassembly operation, and
group abstractions, which permits higher level protocols and applications to transmit and
receive L2CAP data packets. L2CAP is defined only for ACL links.
· Service Discovery Protocol (SDP). Using SDP to discover services is a crucial part of the
Bluetooth framework and provides the basis for all the usage models. SDP query device
information, services information, and the characteristics of the services, according to which a
suitable connection between two or more Bluetooth devices can be established.
8
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER-3
SECURITY FRAMEWORK
The Bluetooth technology provides security at both the application layer and the link layer. In
this there are two kinds of features that make attacks more difficult. A hop selection mechanism
of up to 1600 hops/sec is used to avoid the interference from external or other piconets. An
automatic output power adaptation scheme is also included in the standard for the low power
consumption of light-weight mobile devices, which can reduce the radio spread range for data
transmission exactly according to requirements based on the detected intensity.
• Encryption: The process of transforming data into a form that it cannot be understood
without a key. Both data and control information can be encrypted.
• Authentication: means the ensuring of the identity of another user, so that he knows to
whom is communicating with. In which to verify ‘who’ is at the other end of the link.
Authentication is performed for both devices and users.
9
VPCOE,Baramati. BLUETOOTH SECURITY
each connection is given a unique secret authentication key and encryption key that is derived
from the first one. More of these later in the paper.
On the other hand the low transmission power prevents the transmission to propagate
far and makes it harder to cut between the transmission.
10
VPCOE,Baramati. BLUETOOTH SECURITY
Security Mode 1
A device will not initiate any security. A non-secure mode.
A device will not initiate any security procedures. In this nonsecure mode, the security
functionality (authentication and encryption) is completely bypassed. In effect, the Bluetooth
device in Mode 1 is in a promiscuous mode that allows other Bluetooth devices to connect to it.
This mode is provided for applications for which security is not required, such as exchanging
business cards.
Security Mode 2
A device does not initiate security procedures before channel establishment on
L2CAP level This mode allows different and flexible access policies for applications,
especially running applications with different security requirements in parallel. A service level
enforced security mode. Service-level security where a device does not initiate security function
before channel establishment and whether to initiate or not depends on the security requirements
of the requested channel or service. Broadcast traffic is not encrypted, but the individually
addressed traffic is encrypted with the master key.
Security Mode 3
A device initiates security procedures before the link set-up on LPM level is
completed. A link level enforced security mode. A link-level security in which a Bluetooth
device shall initiate security function before the link set-up. All traffic is encrypted with the
master key.
11
VPCOE,Baramati. BLUETOOTH SECURITY
Service-level security, The Bluetooth device initiates security functions after the channel is
established, i.e. at the higher layers.
Bluetooth allows different security levels to be used for devices and various services.
To secure devices two security levels can be defined. An authorized device has unrestricted
access to all or some specific services. Basically this means that the device has been previously
authenticated is marked as “trusted”. An unauthorized device has restricted access to services.
Usually the device has been previously authenticated but has not been marked as “trusted”. An
unknown device is also an untrusted device.
Three levels of service security are used to be defined so that the requirements for
authorization, authentication, and encryption can be set independently, including services that
require authorization and authentication, services that require authentication only, and services
open to all devices.
The need for authorisation, authentication and encryption changes. When the
connection is set there are different levels of security where the user can choose from.
Encryption Required: The link must be changed to encrypted mode, before access
to the service is possible.
On the lowest level the services can be set to be accessible to all devices. Usually there is
a need for restrictions so the user can set the service so that it needs authentication. When
the highest level of security is needed the service can require authorisation and
authentication. At this level trusted device has access to the services, but untrusted
device needs manual authorisation.
12
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER-4
Link-level security, The Bluetooth device initiates security functions before the channel is
established. This is the in-built security mechanism.
Figure 4.1 illustrates the link-level security framework of Bluetooth. In the
figure, the Bluetooth devices (the claimant) try to communicate the other device (the verifier).
Generally the whole scheme is divided in four levels as shown below in the figure.
13
VPCOE,Baramati. BLUETOOTH SECURITY
There are four link keys to cover the different applications it is used for. All the keys are
128-bit random numbers and are either temporary or semi-permanent.
14
VPCOE,Baramati. BLUETOOTH SECURITY
KA, is derived at the installation of the Bluetooth device from a unit A. The storage of
KA requires little memory space and is often used when device has little memory or
when the device should be accessible to a large group of users.
KAB, is derived from two units A and B. This key is generated for each pair of devices and
is used when more security is needed. This requires more memory, since device has
to store one combination key for each connection it has.
Kmaster, is used when the master device wants to transmit to several devices at ones. It
over rides the current link key only for one session.
Kinit, is used in the initialisation process. This key protects initialisation parameters
when they are transmitted. This key is formed from a random number, an L-octet PIN
code, and the BD_ADDR of the claimant unit.
Encryption key is derived from the current link key. Each time encryption is needed the
encryption key will be automatically changed. The purpose of separating the
15
VPCOE,Baramati. BLUETOOTH SECURITY
authentication key and encryption key is to facilitate the use of a shorter encryption key
without weakening the strength of the authentication procedure.
This is a number, which can be fixed or selected by the user. The length is usually 4
digits, but it can be anything between 1 to 16 octets. The user can change it when it
wants to and this adds security to the system. The PIN can be used entering it into one
device (fixed PIN), but it is safer to enter it to both units. Example the latter one can be
used when there is a laptop and a phone to be connected.
16
VPCOE,Baramati. BLUETOOTH SECURITY
First, the verifier sends the claimant a random number for authention. Then both
participants use the authentication function E1 with the random number, the claimants
Bluetooth Device Address and the current link key to get a response. The claimant sends the
response to the verifier, who then makes sure the responses match. The used application
indicates who is to be authenticated. So the verifier may not necessarily be the master, where
both parties are authenticated in turn. If the authentication fails, there is a period of time that
must pass until a new attempt at authentication can be made. The period of time doubles for
each subsequent failed attempt from the same address reached. The waiting time decreases
exponentially to a minimum when no failed authentication are made during a time period.
17
VPCOE,Baramati. BLUETOOTH SECURITY
Figure 4 shows the encryption procedure. The encryption key (KC) is generated from the
current link key.
The Bluetooth encryption system encrypts the payloads of the packets. This is done
with a stream cipher E0, which is re-synchronized for every payload. The E0 stream cipher
consists of the payload key generator, the key stream generator and the encryption/decryption
part. The payload key generator combines the input bits in an appropriate order and shifts them
to the four Linear Feedback Shift Registers (LSFR) of the key stream generator.
Depending on whether a device uses a semi-permanent link key or a master key, there
are several encryption modes available. If a unit key or a combination key is used, broadcast
18
VPCOE,Baramati. BLUETOOTH SECURITY
traffic is not encrypted. Individually addressed traffic can be either encrypted or not. If a master
key is used, there are three possible modes. In encryption mode 1, nothing is encrypted. In
encryption mode 2, broadcast traffic is not encrypted, but the individually addressed traffic is
encrypted with the master key. And in encryption mode 3, all traffic is encrypted with the
master key.
As the encryption key size varies from 8 bits to 128 bits, the size of the encryption key used
between two devices must be negotiated. In each device, there is a parameter defining the
maximum allowed key length. In the key size negotiation, the master sends its suggestion for
the encryption key size to the slave. The slave can either accept and acknowledge it, or send
another suggestion. This is continued, until a consensus is reached or one of the devices aborts
the negotiation. The abortion of the negotiation is done by the used application. In every
application, there is defined a minimum acceptable key size, and if the requirement is not met
by either of the participants, the application aborts the negotiation and the encryption cannot be
used. This is necessary to avoid the situation where a malicious device forces the encryption to
be low in order to do some harm.
The encryption algorithm uses four LFSRs of lengths 25, 31, 33 and 39, with the total length of
128. The initial 128-bit value of the four LFSRs is derived from the key stream generator itself
using the encryption key, a 128-bit random number, the Bluetooth device address of the device
and the 26-bit value of the master clock. The feedback polynomials used by the LFSRs are all
primitive, with the Hamming weight of 5. The polynomials used are (25, 20, 12, 8, 0), (31, 24,
16, 12, 0), (33, 28, 24, 4, 0) and (39, 36, 28, 4, 0).
19
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER 5
This section gives basic issues involved in the implementation of security mechanisms; this is
an approach for a flexible security architecture built on top of the link-level security features of
Bluetooth. Figure 5.1 gives the general security architecture. The key component in the
architecture is a security manager, with the following functions:
• Store security-related information on both services and devices into corresponding service
and device databases.
• Permit or refuse access requested by protocol implementations or applications.
• Command the link manager to enforce authentication and/or encryption before connecting to
the application, using the HCI.
• Query Personal Identification Number (PIN) entry to set-up trusted device relationship.
Such a centralized security manager is flexible to implement different access strategy
policies and easy to add new strategy without affecting other parts.
The security manager acts as a bridge to join application level and link level
security controls together and thus helps in providing end-to-end security. Authentication
should be performed after determining what the security level of the requested service is. That is
to say, the authentication can only be performed when a connection request to a service (SCO
link) is submitted.
Logical Link Control and Adaptation Protocol (L2CAP). This protocol provides
connection-oriented and connectionless data services to the upper layer protocols, with protocol
multiplexing capability.
Host Controller Interface (HCI), i.e. the boundary between hardware and software,
provides a uniform command interface to access capabilities of hardware, e.g. link manager,
link control and event registers.
Cable Replacement Protocol, i.e. RFCOMM protocol, is based on the ETSI TS 07.10
that matches serial line control and data signals over Bluetooth Base band to provide transport
20
VPCOE,Baramati. BLUETOOTH SECURITY
After the Bluetooth link is established, service-level security governs access to the services on
Bluetooth devices. This access can be limited at the device and service level. A Bluetooth
device can be “trusted” or “untrusted” when attempting to access services on another
device. A trusted device has unrestricted access to all services on the other device. In contrast,
an untrusted device may have its access to services limited. Dell recommends that customers
21
VPCOE,Baramati. BLUETOOTH SECURITY
configure each device and service with appropriate security measures based on the sensitivity
of the data involved, the need to limit access to a particular device such as a printer, and so
forth. For further Bluetooth security, Dell recommends that customers:
22
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER 6
23
VPCOE,Baramati. BLUETOOTH SECURITY
_ Privacy may be compromised if the Bluetooth device address (BD ADDR) is captured and
associated with a particular user:
Once the BD ADDR is associated with a particular user, that user’s activities could be logged,
resulting in a loss of privacy.
24
VPCOE,Baramati. BLUETOOTH SECURITY
25
VPCOE,Baramati. BLUETOOTH SECURITY
CHAPTER 7
BLUETOOTH SECURITY ATTACKS
When no encryption is activated, this can easily be achieved by correctly setting the CRC check
data in the payload after the data in the payload has been changed. When ciphering is activated,
the attacker can compute how to modify the CRC to make it agree with modifications in the
encrypted data bits. In a practical system were encryption is activated, it is not at all easy to
make something useful of this attack beyond the point of just disrupting the communication.
The attacker must somehow know the context of the payload data to conduct changes that are
meaningful or effective.
26
VPCOE,Baramati. BLUETOOTH SECURITY
27
VPCOE,Baramati. BLUETOOTH SECURITY
be free to continue to use any resource that a trusted relationship with that device grants access
to. This means that not only data can be retrieved from the phone, but other services, such as
modems or Internet,WAP and GPRS gateways may be accessed without the owner’s
knowledge or consent. Once the Backdoor is installed, the Bluesnarf attack will function on
devices that previously denied access, and without the restrictions of a plain Bluesnarf attack.
28
VPCOE,Baramati. BLUETOOTH SECURITY
29
VPCOE,Baramati. BLUETOOTH SECURITY
CONCLUSION
We have now examined Bluetooth in general, some of the Bluetooth security mechanisms. As
was seen, the Bluetooth's security seemed to be adequate only for small ad hoc networks, such
as a network of the participants in a meeting. Connecting a Personal Digital Assistant (PDA) to
a mobile phone using Bluetooth may also be secure enough, but is Bluetooth secure enough for
larger networks, money transfers and transferring other sensitive information.
In the light of this study, it seems that the security of Bluetooth is still not suitable for
any serious, security sensitive work; the more sophisticated security methods may be
implemented. Since the Bluetooth security scheme is reasonably useful to the applications with
less security requirements. Based on the original design goal of cable replacement, Bluetooth is
more suitable to short-range and small-size wireless personal area networks than for connecting
with outside public networks, comparing.
30
VPCOE,Baramati. BLUETOOTH SECURITY
BIBLIOGRAPHY
1. Bluetooth SIG, Specification of the Bluetooth System: Volume 1, Core, Version 1.1, Feb. 22,
2001.
2. Bluetooth SIG, Specification of the Bluetooth System: Volume 2, Profile, Version 1.1, Feb.
22, 2001.
4. Mettala R., Bluetooth Protocol Architecture: Version 1.0, Bluetooth White Paper, Document
# 1.C.120/1.0, Aug 25, 1999.
6. Candolin C., Security Issues for Wearable Computing and Bluetooth Technology, Online
report, http://www.cs.hut.fi/Opinnot/Tik-86.174/btwearable.pdf
8 IEEE Standards Board, “802 Part 11: Wireless LAN Medium Access Control
(MAC) and Physical Layer (PHY) specifications.”
31