VPCOE,Baramati.

BLUETOOTH SECURITY

ABSTRACT

Bluetooth is a way of connecting machines to each other without cables or any other physical
medium. It uses radio waves to transfer information, so it is very easily affected by attacks. In
this let me first give some background information about Bluetooth system and security issues
in ad hoc networks, a security framework is introduced for the description of the Bluetooth
security layout.

Then both link-level and service-level security schemes are discussed in detail on the basis of
the framework and then it concentrates on specific security measures in Bluetooth, mainly
authentication, encryption, key management and ad hoc aspects. Corresponding
countermeasures are also proposed in order to improve the Bluetooth security.

1
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER-1

INTRODUCTION

Bluetooth is a wireless communications specification named after the 10th century Danish King
Harald Blatland, or “Bluetooth”. King Harald united the separate kingdoms of Denmark and
Norway. The Bluetooth specification is intended to “unite” separate personal computing devices
such as laptops, PDAs, palmtops, cell phones and peripherals, like printers for example. In short,
Bluetooth is wireless technology intended for short-range radio links to replace cables. Its
primary features are voice and data capabilities, robustness, low complexity, low power and low
cost.

1.1 THE BLUETOOTH SPECIFICATION

L. M. Ericsson of Sweden invented Bluetooth in 1994. The Bluetooth Special Interest

Group (SIG) was founded by Ericsson, IBM, Intel, Nokia and Toshiba in February
1998, to develop an open specification for short-range wireless communications. The group now
consists of over 1900 companies.
Bluetooth is built around the notion of a Personal-Area Network or PAN. It operates in the
2.4GHz radio frequency band, offers 721Kb data rates, and has a range of
approximately 10 meters. Application of Bluetooth technology has also been extended to offer
wireless access to LANs, PSTN, the mobile phone network and the internet.
Since it operates in the 2.4GHz ISM band, the Bluetooth standard is targeted for worldwide
approvals so that, anywhere in the world, any Bluetooth enabled device can connect to other
Bluetooth devices in its proximity, regardless of manufacturer. According to the specification,
Bluetooth devices communicate wirelessly in short- range, ad hoc networks called piconets.
Each device can simultaneously communicate with up to seven other devices in the piconet.
Also, each device can be a participant in several piconets. These piconets are established
automatically as devices enter and leave the radio network.

2
 VPCOE,Baramati. BLUETOOTH SECURITY

As a specification, Bluetooth has some new and unique capabilities, but borrows heavily from
prior standards, including Motorola's Piano, IrDA, IEEE 802.11, and Digital Enhanced Cordless
Telecommunications (DECT). The Bluetooth SIG adopted Motorola's Piano to provide for
"Personal-Area Networks," (e.g. piconets) to extend the original Bluetooth concept beyond
simple cable replacement. Bluetooth voice transmission features are derived from the DECT
specification. IrDA specifications give Bluetooth its object exchange capabilities. The IEEE
802.11 specification provided Bluetooth with the 2.4GHz ISM band, frequency-hopping spread
spectrum (FHSS), authentication, privacy, power management, and wireless LAN potential.

This report gives information about the security measures of Bluetooth, where we
examine the Bluetooth security architecture in detail, how they should be different from the old
security measures of the cable-connected world and are they sufficient enough, so that
Bluetooth can be used for everyday communications. I have examined the Bluetooth security in
two parts according to the framework proposed, including the build-in link-level Bluetooth
security as the main part, and the service level Bluetooth security architecture as the practice
part, respectively. And what possible uses it has.

1.2 APPLICATIONS

The Bluetooth works for the wide range of applications. These range from straightforward
cable replacement to sophisticated networking applications.

Examples:
Wireless headsets for cell phones for hands-free, wire-free phone calls.
Wireless PC Mouse connection to the PC using Bluetooth.
Wireless printing between a PC or handheld and a Bluetooth enabled printer.
Wireless barcode scanner input for retail and warehousing.
Automated synchronization of Personal Digital Assistant (PDAs) and PCs using Bluetooth.
Ad hoc networking and file sharing between PCs, PDAs & laptops in a meeting.
Automated cell phone dialing from a laptop’s contact database with logging of the activity on

3
 VPCOE,Baramati. BLUETOOTH SECURITY

the laptop.
Internet access for Bluetooth used devices via the Bluetooth enabled device on the Internet.
Synchronize contact information between a cell phone, PDA, notebook, and desktop wirelessly.
With automatic synchronization enabled, everyone can see changes to the shared material on
his or her own computer.

1.3 BENEFITS

The most basic benefit from Bluetooth is of simple cable replacement between two devices. For
many situations were the physical elimination of inconvenient cables that take space and limit
device placement. In industrial and commercial applications, the presence of wires creates
problems and task interference issues. The wide range of device types and standard interface
make by Bluetooth. Which allows selection of devices optimized each for their particular
functions. The multi-point capabilities of Bluetooth communications allows one interface to
support communications a set of wired and wireless devices are Bluetooth connectable,
including office appliances, e.g. desktop PCs, printers, projectors, laptops, and PDAs;
communication appliances, e.g. speakers, handsets, pagers, and mobile phones; home
appliances, e.g. DVD players, digital cameras, cooking ovens, washing machines, refrigerators,
and thermostats. Bluetooth is suitable for a wide range of applications, e.g. wireless office and
meeting room, smart home and vehicle, intelligent parking, electrical paying and banking.
printers, scanners, scales, PDAs, other PCs, etc.
Bluetooth wireless networking, in general, provides a simple and fast path to ad hoc networks
with minimal equipment and overhead.

1.4 CHALLENGES

Widespread adoption of Bluetooth still faces significant hurdles. First and foremost, there
remain interoperability issues between products from different vendors. The Bluetooth
specification has had a number of “holes” which left too much latitude between vendors’
implementations. While the specification continues to be worked on by the Bluetooth SIG and

4
 VPCOE,Baramati. BLUETOOTH SECURITY

the IEEE 802.15 task group, interoperability between products is still somewhat spotty. Testing
is advised.

Secondly, as a wireless technology, there are concerns around security. Information could be
intercepted by other devices. While the basic security and encryption capabilities of the
specification are fundamentally sound, vendor implementations can vary.

There is potential for interference in HIGHLY congested areas.

Finally, there is significant competition from IEEE 802.11b wireless LAN technology which
has seen tremendous market acceptance and price drops in the past two years. This technology
has many of the same capabilities as Bluetooth, much greater speed and range and costs in line
with early Bluetooth radios.

1.5 PROSPECTS

Cable replacement and Wireless Personal-Area Networks (PANs) represent the major
opportunities for Bluetooth technology in the near future. For Bluetooth technology to achieve
ubiquitous adoption, interoperability, security and interference issues must be addressed,
vendors must bring more, and a wider array of products to market and chip pricing must become
significantly less expensive.
To be fair, as with many emerging technologies, Bluetooth specifications and products will
mature and eventually these issues will be resolved. Then Bluetooth adoption will grow
exponentially.

5
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER-2

BLUETOOTH PROTOCOL OVERVIEW

Figure 2.1 illustrates the Bluetooth protocol stack, which can be divided into four layers
according to their purpose, in the following way:

1. Bluetooth Core Protocols, including Baseband, LMP, L2CAP, and SDP, comprise
exclusively Bluetooth-specific protocols developed by the Bluetooth SIG that are required by
most of the Bluetooth devices.

2. Cable Replacement Protocol, i.e. RFCOMM protocol, is based on the ETSI TS 07.10 that
emulate serial line control and data signals over Bluetooth Baseband to provide transport
capabilities for upper level services.

3. Telephony Control Protocols, including TCS Binary and AT-commands, are used to define
the call control signalling, mobility management procedures, and multiple usage models for the
Bluetooth devices to establish the speech and data calls and provide FAX and modem services.

4. Adopted Protocols, including PPP, UDP/TCP/IP, WAP, WAE, etc. Due to the open nature of
the Bluetooth specification, additional protocols (e.g., HTTP, FTP, etc.) can be accommodated
in an interoperable fashion.

5. Host Controller Interface (HCI), i.e. the boundary between hardware and software, provides
a uniform command interface to access capabilities of hardware, e.g. Baseband controller, link
manager, control and event registers.

6
 VPCOE,Baramati. BLUETOOTH SECURITY

Figure 2.1 Bluetooth protocol stack.

The layers of Cable Replacement, Telephony Control, and Adopted Protocols form the
application-oriented protocols that enable applications to run over the Bluetooth core protocols.
Not all applications make use of all the protocols shown in Figure 2.1 Instead, applications run
over one or more vertical slices of this protocol stack. In other words, applications may run
over different protocol stacks. Nevertheless, each one of these different protocol stacks uses a
common Bluetooth data link and physical layer, i.e. Bluetooth core protocols, including:
· Baseband. Based on the physical radio link, the Baseband can form the piconets between
Bluetooth units and decide the roles of master and slave in the piconet. The Baseband provides
physical links of both Synchronous Connection- Oriented (SCO) and Asynchronous
Connectionless (ACL) to support the transmission of data and/or audio with corresponding
packets. Other functions include error correction, link management and control, audio
transmission, etc.
· Link Manager Protocol (LMP). The Bluetooth protocol LMP is responsible for link set-up
between Bluetooth devices. This includes security aspects and the control and negotiation of
Baseband packet sizes. Furthermore, it controls the power modes and duty cycles of the
Bluetooth radio device, and the connection states of a Bluetooth unit in a piconet.
· Logical Link Control and Adaptation Protocol (L2CAP). The protocol of L2CAP provides

7
 VPCOE,Baramati. BLUETOOTH SECURITY

connection-oriented and connectionless data services to the upper layer protocols over the
Baseband, with protocol multiplexing capability, segmentation and reassembly operation, and
group abstractions, which permits higher level protocols and applications to transmit and
receive L2CAP data packets. L2CAP is defined only for ACL links.
· Service Discovery Protocol (SDP). Using SDP to discover services is a crucial part of the
Bluetooth framework and provides the basis for all the usage models. SDP query device
information, services information, and the characteristics of the services, according to which a
suitable connection between two or more Bluetooth devices can be established.

8
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER-3

SECURITY FRAMEWORK

The Bluetooth technology provides security at both the application layer and the link layer. In
this there are two kinds of features that make attacks more difficult. A hop selection mechanism
of up to 1600 hops/sec is used to avoid the interference from external or other piconets. An
automatic output power adaptation scheme is also included in the standard for the low power
consumption of light-weight mobile devices, which can reduce the radio spread range for data
transmission exactly according to requirements based on the detected intensity.

3.1 Basic Definitions

A total of three different information security objectives are to be reached one or all.
Confidentiality means that the data can only be used by authorized users and/or parties. Integrity
means that the data cannot be modified during transfer and stored by adversaries. Availability
means that the data is always available for authorized use.
Bluetooth gives three main techniques to achieve security features:

• Encryption: The process of transforming data into a form that it cannot be understood
without a key. Both data and control information can be encrypted.

• Authentication: means the ensuring of the identity of another user, so that he knows to
whom is communicating with. In which to verify ‘who’ is at the other end of the link.
Authentication is performed for both devices and users.

• Authorization: The process of deciding, if a device is allowed to have access to a service.

Authorization always includes authentication.

This is the process of deciding if device X is allowed to have access to service Y.

This is where the concept of“trusted” exist. Bluetooth uses link level security where

9
 VPCOE,Baramati. BLUETOOTH SECURITY

each connection is given a unique secret authentication key and encryption key that is derived
from the first one. More of these later in the paper.

Communication between different Bluetooth (BT) devices use fast frequency-hopping

spread spectrum (FHSS) technique, which uses 79 different radio channels.
Bluetooth uses the same frequency than other household machines, example microwave
oven, which can cause interference. FHSS prevents this interference to cause too much
harm, since it changes transmission frequency 1600 times per second and if there is an
interference at some frequency, only that one transmission is damaged. FHSS also add
security on data transmission between devices since it makes it harder to eavesdrop.

On the other hand the low transmission power prevents the transmission to propagate
far and makes it harder to cut between the transmission.

The information on a BT packet can be protected by encryption. Only the packet

payload is encrypted, never the access code and the packet header. The encryption is done
with a stream cipher E0, which is synchronised for each payload.

3.2 Security Levels

Bluetooth has several different security levels that can be defined for devices and services.
All the devices get a status when they connect the first time to another device.

3.2.1 Device Trust Level

The devices can have two trust levels; trusted and untrusted. The trusted level
requires a fixed and trusted relationship and it has unrestricted access to all services.
The device has to be previously authenticated. The untrusted device doesn’t have
fixed relationship and its access to services is limited. An untrusted device can also have a
fixed relationship, but it’s not considered as trusted. A new device is labelled as
unknown device and it is always untrusted.

10
 VPCOE,Baramati. BLUETOOTH SECURITY

3.2.1.1 Security Modes In Device Trust Level

Each Bluetooth device can work on one of the three security modes. Depending on whether a
device uses a semi link key or a master key, there are several encryption modes available. If a
unit key or a combination key is used, broadcast traffic is not encrypted. Individually addressed
traffic can be either encrypted or not. If a master key is used, there are three possible
modes.Bluetooth has three different security modes build in it and they are as follows:

Security Mode 1
A device will not initiate any security. A non-secure mode.
A device will not initiate any security procedures. In this nonsecure mode, the security
functionality (authentication and encryption) is completely bypassed. In effect, the Bluetooth
device in Mode 1 is in a promiscuous mode that allows other Bluetooth devices to connect to it.
This mode is provided for applications for which security is not required, such as exchanging
business cards.

Security Mode 2
A device does not initiate security procedures before channel establishment on
L2CAP level This mode allows different and flexible access policies for applications,
especially running applications with different security requirements in parallel. A service level
enforced security mode. Service-level security where a device does not initiate security function
before channel establishment and whether to initiate or not depends on the security requirements
of the requested channel or service. Broadcast traffic is not encrypted, but the individually
addressed traffic is encrypted with the master key.

Security Mode 3
A device initiates security procedures before the link set-up on LPM level is
completed. A link level enforced security mode. A link-level security in which a Bluetooth
device shall initiate security function before the link set-up. All traffic is encrypted with the
master key.

11
 VPCOE,Baramati. BLUETOOTH SECURITY

3.2.2 Security Level of Services

Service-level security, The Bluetooth device initiates security functions after the channel is
established, i.e. at the higher layers.
Bluetooth allows different security levels to be used for devices and various services.
To secure devices two security levels can be defined. An authorized device has unrestricted
access to all or some specific services. Basically this means that the device has been previously
authenticated is marked as “trusted”. An unauthorized device has restricted access to services.
Usually the device has been previously authenticated but has not been marked as “trusted”. An
unknown device is also an untrusted device.

Three levels of service security are used to be defined so that the requirements for
authorization, authentication, and encryption can be set independently, including services that
require authorization and authentication, services that require authentication only, and services
open to all devices.

The need for authorisation, authentication and encryption changes. When the
connection is set there are different levels of security where the user can choose from.

The security level of a service is defined by three attributes:

Authorisation required: Access is only granted automatically to trusted devices

or untrusted devices after an authorisation procedure.

Authentication required: Before connecting to the application, the remote device

must be authenticated.

Encryption Required: The link must be changed to encrypted mode, before access
to the service is possible.

On the lowest level the services can be set to be accessible to all devices. Usually there is
a need for restrictions so the user can set the service so that it needs authentication. When
the highest level of security is needed the service can require authorisation and
authentication. At this level trusted device has access to the services, but untrusted
device needs manual authorisation.

12
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER-4

LINK LEVEL SECURITY

Link-level security, The Bluetooth device initiates security functions before the channel is
established. This is the in-built security mechanism.
Figure 4.1 illustrates the link-level security framework of Bluetooth. In the
figure, the Bluetooth devices (the claimant) try to communicate the other device (the verifier).
Generally the whole scheme is divided in four levels as shown below in the figure.

Figure 4.1: Bluetooth link-level security scheme.

13
 VPCOE,Baramati. BLUETOOTH SECURITY

4.1 Key Management Scheme

There are several kinds of keys in the Bluetooth system to ensure secure transmission. The
most important key is the link key, which is used between two BT devices for
authentication purpose. Using the link key an encryption key is derived. This secures the
data of the packet and is regenerated for all new transmissions.

Figure 4.2: Bluetooth key structure.

4.1.1 Link key

There are four link keys to cover the different applications it is used for. All the keys are
128-bit random numbers and are either temporary or semi-permanent.

14
 VPCOE,Baramati. BLUETOOTH SECURITY

4.1.2 Unit key

KA, is derived at the installation of the Bluetooth device from a unit A. The storage of

KA requires little memory space and is often used when device has little memory or
when the device should be accessible to a large group of users.

4.1.3 Combination key

KAB, is derived from two units A and B. This key is generated for each pair of devices and
is used when more security is needed. This requires more memory, since device has
to store one combination key for each connection it has.

4.1.4 The master key

Kmaster, is used when the master device wants to transmit to several devices at ones. It
over rides the current link key only for one session.

4.1.5 The initialisation key

Kinit, is used in the initialisation process. This key protects initialisation parameters
when they are transmitted. This key is formed from a random number, an L-octet PIN
code, and the BD_ADDR of the claimant unit.

4.1.6 Encryption key

Encryption key is derived from the current link key. Each time encryption is needed the
encryption key will be automatically changed. The purpose of separating the

15
 VPCOE,Baramati. BLUETOOTH SECURITY

authentication key and encryption key is to facilitate the use of a shorter encryption key
without weakening the strength of the authentication procedure.

4.1.7 PIN code

This is a number, which can be fixed or selected by the user. The length is usually 4
digits, but it can be anything between 1 to 16 octets. The user can change it when it
wants to and this adds security to the system. The PIN can be used entering it into one
device (fixed PIN), but it is safer to enter it to both units. Example the latter one can be
used when there is a laptop and a phone to be connected.

Figure 4.3: Bluetooth key structure.

16
 VPCOE,Baramati. BLUETOOTH SECURITY

3.2 Authentication Scheme

The Bluetooth authentication scheme uses a challenge-response strategy in which a 2-move

protocol is used to check whether the other party knows the secret key. The protocol uses
similar keys, so a successful authentication is based on the fact that both participants share the
same key.

Figure 4.4: Challenge-response for the Bluetooth authentication.

First, the verifier sends the claimant a random number for authention. Then both
participants use the authentication function E1 with the random number, the claimants
Bluetooth Device Address and the current link key to get a response. The claimant sends the
response to the verifier, who then makes sure the responses match. The used application
indicates who is to be authenticated. So the verifier may not necessarily be the master, where
both parties are authenticated in turn. If the authentication fails, there is a period of time that
must pass until a new attempt at authentication can be made. The period of time doubles for
each subsequent failed attempt from the same address reached. The waiting time decreases
exponentially to a minimum when no failed authentication are made during a time period.

17
 VPCOE,Baramati. BLUETOOTH SECURITY

3.3 Encryption Scheme

Figure 4 shows the encryption procedure. The encryption key (KC) is generated from the
current link key.

Figure 4.5: Encryption procedure.

The Bluetooth encryption system encrypts the payloads of the packets. This is done
with a stream cipher E0, which is re-synchronized for every payload. The E0 stream cipher
consists of the payload key generator, the key stream generator and the encryption/decryption
part. The payload key generator combines the input bits in an appropriate order and shifts them
to the four Linear Feedback Shift Registers (LSFR) of the key stream generator.

Depending on whether a device uses a semi-permanent link key or a master key, there
are several encryption modes available. If a unit key or a combination key is used, broadcast

18
 VPCOE,Baramati. BLUETOOTH SECURITY

traffic is not encrypted. Individually addressed traffic can be either encrypted or not. If a master
key is used, there are three possible modes. In encryption mode 1, nothing is encrypted. In
encryption mode 2, broadcast traffic is not encrypted, but the individually addressed traffic is
encrypted with the master key. And in encryption mode 3, all traffic is encrypted with the
master key.

As the encryption key size varies from 8 bits to 128 bits, the size of the encryption key used
between two devices must be negotiated. In each device, there is a parameter defining the
maximum allowed key length. In the key size negotiation, the master sends its suggestion for
the encryption key size to the slave. The slave can either accept and acknowledge it, or send
another suggestion. This is continued, until a consensus is reached or one of the devices aborts
the negotiation. The abortion of the negotiation is done by the used application. In every
application, there is defined a minimum acceptable key size, and if the requirement is not met
by either of the participants, the application aborts the negotiation and the encryption cannot be
used. This is necessary to avoid the situation where a malicious device forces the encryption to
be low in order to do some harm.

The encryption algorithm uses four LFSRs of lengths 25, 31, 33 and 39, with the total length of
128. The initial 128-bit value of the four LFSRs is derived from the key stream generator itself
using the encryption key, a 128-bit random number, the Bluetooth device address of the device
and the 26-bit value of the master clock. The feedback polynomials used by the LFSRs are all
primitive, with the Hamming weight of 5. The polynomials used are (25, 20, 12, 8, 0), (31, 24,
16, 12, 0), (33, 28, 24, 4, 0) and (39, 36, 28, 4, 0).

19
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER 5

SERVICE LEVEL SECURITY

This section gives basic issues involved in the implementation of security mechanisms; this is
an approach for a flexible security architecture built on top of the link-level security features of
Bluetooth. Figure 5.1 gives the general security architecture. The key component in the
architecture is a security manager, with the following functions:
• Store security-related information on both services and devices into corresponding service
and device databases.
• Permit or refuse access requested by protocol implementations or applications.
• Command the link manager to enforce authentication and/or encryption before connecting to
the application, using the HCI.
• Query Personal Identification Number (PIN) entry to set-up trusted device relationship.
Such a centralized security manager is flexible to implement different access strategy
policies and easy to add new strategy without affecting other parts.
The security manager acts as a bridge to join application level and link level
security controls together and thus helps in providing end-to-end security. Authentication
should be performed after determining what the security level of the requested service is. That is
to say, the authentication can only be performed when a connection request to a service (SCO
link) is submitted.
Logical Link Control and Adaptation Protocol (L2CAP). This protocol provides
connection-oriented and connectionless data services to the upper layer protocols, with protocol
multiplexing capability.
Host Controller Interface (HCI), i.e. the boundary between hardware and software,
provides a uniform command interface to access capabilities of hardware, e.g. link manager,
link control and event registers.
Cable Replacement Protocol, i.e. RFCOMM protocol, is based on the ETSI TS 07.10
that matches serial line control and data signals over Bluetooth Base band to provide transport

20
 VPCOE,Baramati. BLUETOOTH SECURITY

capabilities for upper level services.

The Device database stores information about the device type, the trust level (whether
trusted or untrusted) and about the link key (used for encryption) length.
The Service database stores information regarding the authentication, authorization and
encryption requirements for the services. It also stores other routing information for the
services.

Figure 5.1 Bluetooth Security Architecture

After the Bluetooth link is established, service-level security governs access to the services on
Bluetooth devices. This access can be limited at the device and service level. A Bluetooth
device can be “trusted” or “untrusted” when attempting to access services on another
device. A trusted device has unrestricted access to all services on the other device. In contrast,
an untrusted device may have its access to services limited. Dell recommends that customers

21
 VPCOE,Baramati. BLUETOOTH SECURITY

configure each device and service with appropriate security measures based on the sensitivity
of the data involved, the need to limit access to a particular device such as a printer, and so
forth. For further Bluetooth security, Dell recommends that customers:

• Enable encryption of services.

• Avoid storing confidential files in a portable computer's Bluetooth shared folders.
• Avoid pairing devices in a public place where the signal can be easily picked up.
• Manage “discoverability” of your device by other devices.

22
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER 6

PROBLEMS IN THE SECURITY OF BLUETOOTH

_ Strength of the challenge-response pseudorandom generator is not known:

The Random Number Generator (RNG) may produce static number or periodic numbers that
may reduce the effectiveness of the authentication scheme.

_ Short PINS are allowed:

Weak PINs, which are used for the generation of link and encryption keys, can be easily
guessed. Increasing the PIN length in general increases the security. People have a tendency to
select short PINs.

_ An elegant way to generate and distribute PINs does not exist:

Establishing PINs in large Bluetooth networks with many users may be difficult. Scalability
problems frequently yield security problems.

_ Encryption key length is negotiable:

The Bluetooth SIG needs to develop a more robust initialization key generation procedure.

_ Unit key is reusable and becomes public once used:

A unit key is a link key that one unit generates by itself and uses as a link key with any other
device. Unit keys can only be safely used when there is full trust among the devices that are
paired with the same unit key. This is because every paired device can impersonate any other
device holding the same unit key. Since Bluetooth version 1.2, the use of unit keys is not
recommended. But, for legacy reasons, unit keys have not been completely removed from the
specification.

_ The master key is shared:

23
 VPCOE,Baramati. BLUETOOTH SECURITY

The Bluetooth SIG needs to develop a better broadcast keying scheme.

_ No user authentication exists:

Device authentication only is provided. Application level security and user authentication
can be employed.

_ Attempts for authentication are repeated:

The Bluetooth SIG needs to develop a limit feature to prevent unlimited requests. The
Bluetooth specification requires a time-out period between repeated attempts that will increase
exponentially.

_ E0 stream cipher algorithm is weak:

The stream cipher E0 has its roots in the so-called summation combiner stream cipher. This
was a stream cipher that was proposed by Massey and Rueppel in the mid-1980s. The most
powerful attacks on this type of stream ciphers are the correlation attacks in combination with
exhaustive search over a limited key space (this is sometimes also referred to as initial
guessing). Recent cryptanalysis shows that the E0 cipher is weaker than this.

_ Key length is negotiable:

A global agreement must be established on minimum key length.

_ Unit key sharing can lead to eavesdropping:

A corrupt user may be able to compromise the security between (gain unauthorized access to)
two other users if that corrupt user has communicated with either of the other two users. This is
because the link key (unit key), derived from shared information, is disclosed.

_ Privacy may be compromised if the Bluetooth device address (BD ADDR) is captured and
associated with a particular user:
Once the BD ADDR is associated with a particular user, that user’s activities could be logged,
resulting in a loss of privacy.

24
 VPCOE,Baramati. BLUETOOTH SECURITY

_ Device authentication is simple shared-key challenge-response:

One-way-only challenge-response authentication is subject to man-in-the-middle attacks.
Mutual authentication is required to provide verification that users and the network are
legitimate.
_ End-to-end security is not performed:
Only individual links are encrypted and authenticated. Data is decrypted at intermediate points.
Applications software above the Bluetooth software can be developed.

_ Security services are limited:

Audit, nonrepudiation, and other services do not exist. If needed, these can be developed at
particular points in a Bluetooth network.

25
 VPCOE,Baramati. BLUETOOTH SECURITY

CHAPTER 7
BLUETOOTH SECURITY ATTACKS

7.1 Impersonation attack by inserting/replacing data

When no encryption is activated, this can easily be achieved by correctly setting the CRC check
data in the payload after the data in the payload has been changed. When ciphering is activated,
the attacker can compute how to modify the CRC to make it agree with modifications in the
encrypted data bits. In a practical system were encryption is activated, it is not at all easy to
make something useful of this attack beyond the point of just disrupting the communication.
The attacker must somehow know the context of the payload data to conduct changes that are
meaningful or effective.

7.2 Bluetooth Wardriving

Map the physical whereabouts of users carrying Bluetooth-enabled devices. Since each
Bluetooth device is freely broadcasts its unique 48-bit address, it is possible to track the user
movements. To protect a device against location tracking, an anonymity mode is needed.
Devices operating in anonymous mode regularly update their device address by randomly
choosing a new one.

7.3 Denial-of-Service attack on the device

When the Bluetooth authentication fails, a certain amount of time must elapse before the
verifier will initiate a new attempt to the same claimant and before the claimant sends a
response to an authentication attempt by a unit using the same identity as the unit that notified
an authentication failure. For each additional authentication failure, the waiting interval should
be exponentially increased until a certain maximum value is obtained. The attacker prevents or
prohibits the normal use or management of communications facilities. The resulting system
degradation can, for example, be the result of the system being fully occupied by handling
bogus connection requests. If the attacker simulates a trustable device during these DoS,
making the system decline trustable devices.

26
 VPCOE,Baramati. BLUETOOTH SECURITY

7.4 Disclosure of keys

_ A Bluetooth device attached to the computer may be exchanged for a false one, whose only
purpose is to ’suck’ out link keys from the host.
_ A rightful USB plug or PCMCIA card may be removed from the owners computer and
inserted into a corresponding slot of the adversarys computer. On this computer, one or more
keys stored on the Bluetooth controller can be read out. Once the list of keys has been read out,
the USB plug (or card) is returned to its proper owner, who may be completely unaware.
_ Malicious software
A Trojan horse disguised as something quite innocent can send the key database to some place
where the adversary can access it. If this malicious code is distributed through a virus or worm,
the attack can quickly spread to a large number of computers. Once the link key of a computer
and phone (and the BD ADDR of the computer) is known, the adversary can silently connect to
the mobile phone, impersonate the computer, and make use of any service the phone offers
over Bluetooth.

7.5 Unit key attacks

A unit that uses a unit key is only able to use one key for all its secure connections. Hence, it
has to share this key with all other units that it trusts. Consequently, a trusted device (a device
that possesses the unit key) that eavesdrops on the initial authentication messages between two
other units that utilize the unit key will be able to eavesdrop on any traffic between these two
units. The unit will be able to impersonate the unit distributing the unit key. The potential risks
with units keys have also been recognized by the Bluetooth SIG. Originally, the unit key was
introduced in order to reduce memory requirements on very limited devices and remains part of
the standard for backward compatibility reasons.

7.6 Backdoor attack

The Backdoor attack involves establishing a trust relationship through the ”pairing”
mechanism, but ensuring that it no longer appears in the target’s register of paired devices. In
this way, unless the owner is actually observing their device at the precise moment a
connection is established, they are unlikely to notice anything untoward, and the attacker may

27
 VPCOE,Baramati. BLUETOOTH SECURITY

be free to continue to use any resource that a trusted relationship with that device grants access
to. This means that not only data can be retrieved from the phone, but other services, such as
modems or Internet,WAP and GPRS gateways may be accessed without the owner’s
knowledge or consent. Once the Backdoor is installed, the Bluesnarf attack will function on
devices that previously denied access, and without the restrictions of a plain Bluesnarf attack.

7.7 Pairing attack

The Bluetooth 1.1 specification is sensitive to passive and active attacks on the pairing
procedure. The attacks only work if the attacker is present at the pairing occasion, which
typically only occurs once between one pair of devices. If pairing is performed in public places
during a connection to an access point, point-of-sale machine, or printer, this can be a
dangerous threat.

7.8 BlueBug attack

The BlueBug attack creates a serial profile connection to the device, thereby giving full access
to the AT command set, which can then be exploited using standard off the shell tools, such as
PPP for networking and gnokii for messaging, contact management, diverts and initiating calls.
With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send
sms messages, read sms messages, connect todata services such as the Internet, and even
monitor conversations in the vicinity of the phone. This latter is done via a voice call over the
GSM network, so the listening post can be anywhere in the world. Bluetooth access is only
required for a few seconds in order to set up the call. Call forwarding diverts can be set up,
allowing the owner’s incoming calls to be intercepted, either to provide a channel for calls to
more expensive destinations, or for identity theft by impersonation of the victim. Bluesnarf
attack does allow the unauthorized downloading of items via the OBEX protocol, while the
loophole identified in BlueBug allows to control the device via a plain serial connection.

7.9 PSM Scanning

Works on the idea that not all PSM (Protocol/Service Multiplexer) ports are registered with the
local SDP (Service Discovery Protocol). So if we bypass the SDP database and try and connect

28
 VPCOE,Baramati. BLUETOOTH SECURITY

to PSM’s sequentially we may locate hidden functionality

Impact:
_ No PSM’s found to-date that offer other than advertised services
_ Idea could be used to create a ’knock’ style backdoor for Bluetooth devices

7.10 Off-line encryption key (via Kc)

Extends on from the Kinit recovery attack Very similar method as 2 of 3 needed seeds are
known (i.e.master clock and Kc), simply sniff the EN RAND in addition

7.11 Attack on the Bluetooth Key Stream Generator

Break the security of the cipher. Algebraic attack on the Linear Feedback Shift Register Work
effort circa 2ˆ67,58 operations.

7.12 Reflection Attack

A hacker can capture the MIN and ESN and pretend to be someone else Stealing the Unit Key
Highlights weakness of only authenticating the device and not the user

7.13 Replay attacks

A hacker can record Bluetooth transmissions in all 79 frequencies and then in some way figure
out frequency hopping sequence and then replay the whole transmission.

7.14 Man-in-the-middle attack

Intervention of traffic during pairing Bluetooth authentication does not use public key
certificates to authenticate users.

29
 VPCOE,Baramati. BLUETOOTH SECURITY

CONCLUSION

We have now examined Bluetooth in general, some of the Bluetooth security mechanisms. As
was seen, the Bluetooth's security seemed to be adequate only for small ad hoc networks, such
as a network of the participants in a meeting. Connecting a Personal Digital Assistant (PDA) to
a mobile phone using Bluetooth may also be secure enough, but is Bluetooth secure enough for
larger networks, money transfers and transferring other sensitive information.

In the light of this study, it seems that the security of Bluetooth is still not suitable for
any serious, security sensitive work; the more sophisticated security methods may be
implemented. Since the Bluetooth security scheme is reasonably useful to the applications with
less security requirements. Based on the original design goal of cable replacement, Bluetooth is
more suitable to short-range and small-size wireless personal area networks than for connecting
with outside public networks, comparing.

30
 VPCOE,Baramati. BLUETOOTH SECURITY

BIBLIOGRAPHY

1. Bluetooth SIG, Specification of the Bluetooth System: Volume 1, Core, Version 1.1, Feb. 22,
2001.

2. Bluetooth SIG, Specification of the Bluetooth System: Volume 2, Profile, Version 1.1, Feb.
22, 2001.

3. IEEE 802.15 Working Group for WPANs, http://ieee802.org/15/.

4. Mettala R., Bluetooth Protocol Architecture: Version 1.0, Bluetooth White Paper, Document
# 1.C.120/1.0, Aug 25, 1999.

5. Jakobsson M. and Wetzel S., Security Weaknesses in Bluetooth, online report,

http://www.bell-labs.com/user/markusj/bluetooth.pdf

6. Candolin C., Security Issues for Wearable Computing and Bluetooth Technology, Online
report, http://www.cs.hut.fi/Opinnot/Tik-86.174/btwearable.pdf

7 Bluetooth White paper, “Bluetooth Security Architecture,” Version 1.0.

8 IEEE Standards Board, “802 Part 11: Wireless LAN Medium Access Control
(MAC) and Physical Layer (PHY) specifications.”

31