1 / 72

BLUETOOTH TECHNOLOGY/SECURITY Prepared By: Lo’ai Hattar Supervised By: Dr. Lo’ai Tawalbeh New York Institute of Technolo

BLUETOOTH TECHNOLOGY/SECURITY Prepared By: Lo’ai Hattar Supervised By: Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s campus-2006. What’s With the Name?.

amiel
Download Presentation

BLUETOOTH TECHNOLOGY/SECURITY Prepared By: Lo’ai Hattar Supervised By: Dr. Lo’ai Tawalbeh New York Institute of Technolo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BLUETOOTH TECHNOLOGY/SECURITYPrepared By: Lo’ai HattarSupervised By: Dr. Lo’ai TawalbehNew York Institute of Technology (NYIT)Jordan’s campus-2006

  2. What’s With the Name? • The name ‘Bluetooth’ was named after 10th century Viking king in Denmark Harald Bluetooth who united and controlled Denmark and Norway. • The name was adopted because Bluetooth wireless technology is expected to unify the telecommunications and computing industries

  3. Who Started Bluetooth? • Bluetooth Special Interest Group (SIG) • Founded in Spring 1998 • By Ericsson, Intel, IBM, Nokia, Toshiba; • Now more than 2000 organizations joint the SIG

  4. What Is Bluetooth? ☼ Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras by developing a single-chip, low-cost, radio-based wireless network technology

  5. Bluetooth • Simplifying communications between: - devices and the internet - data synchronization • Operates in licensed exempt ISM band at 2.4ghz • Uses frequency hoping spread spectrum • Omni directional, no requiring line of sight • Bluetooth offers data speeds of up to 1 Mbps up to 10 meters (Short range wireless radio technology ) • Unlike IrDA, Bluetooth supports a LAN-like mode where multiple devices can interact with each other. • The key limitations of Bluetooth are security and interference with wireless LANs. • Short range wireless radio technology

  6. Bluetooth • Bluetooth is a PAN Technology • Offers fast and reliable transmission for both voice and data • Can support either one asynchronous data channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneously • Support both packet-switching and circuit-switching

  7. Bluetooth • Personal Area Network (PAN) Bluetooth is a standard that will … • Eliminate wires and cables between both stationary and mobile devices • Facilitate both data and voice communications • Offer the possibility of ad hoc networks and deliver synchronicity between personal devices

  8. Bluetooth Topology • Bluetooth-enabled devices can automatically locate each other • Topology is established on a temporary and random basis • Up to eight Bluetooth devices may be networked together in a master-slave relationship to form a Piconet

  9. Cont. • One is master, which controls and setup the network • All devices operate on the same channel and follow the same frequency hopping sequence • Two or more piconet interconnected to form a scatter net • Only one master for each piconet • A device can’t be masters for two piconets • The slave of one piconet can be the master of another piconet

  10. Ad-hoc • is a network connection method which is most often associated with wireless devices. • The connection is established for the duration of one session and requires no base station. • Instead, devices discover others within range to form a network for those computers. • Devices may search for target nodes that are out of range by flooding the network with broadcasts that are forwarded by each node. • Connections are possible over multiple nodes (multihop ad hoc network). • Routing protocols then provide stable connections even if nodes are moving around

  11. A piconet • is an ad-hoc computer network of devices using Bluetooth technology protocols to allow one master device to interconnect with up to seven active slave devices • Up to 255 further slave devices can be inactive, or parked, which the master device can bring into active status at any time.

  12. A Typical Bluetooth Network Piconet • Master sends its globally unique 48-bit id and clock • Hopping pattern is determined by the 48-bit device ID • Phase is determined by the master’s clock • Why at most 7 slaves? • (because a three-bit MAC adress is used). • Parked and standby nodes • Parked devices can not actively participate in the piconet but are known to the network and can be reactivated within some milliseconds • 8-bit for parked nodes • No id for standby nodes • Standby nodes do not participate in the piconet

  13. Security Protocol • There are five phases of Simple Pairing: · Phase 1: Public key exchange · Phase 2: Authentication Stage 1 · Phase 3: Authentication Stage 2 · Phase 4: Link key calculation · Phase 5: LMP Authentication and Encryption • Phases 1, 3, 4 and 5 are the same for all protocols whereas phase 2 (Authentication Stage 1) is different depending on • the protocol used. Distributed through these five phases are 13 steps.

  14. Bluetooth Frequency • Has been set aside by the ISM( industrial ,sientific and medical ) for exclusive use of Bluetooth wireless products • Communicates on the 2.45 GHz frequency

  15. Frequency Selection • FH is used for interference mitigation and media access; • TDD (Test-Driven Development) is used for separation of the transmission directions In 3-slot or 5-slot packets

  16. FH-CDMA (Frequency Hopping - Code Division Multiple Access) • Frequency hopping (FH) is one of two basic modulation techniques used in spread spectrum signal transmission. • It is the repeated switching of frequencies during radio transmission, often to minimize the effectiveness of the unauthorized interception or jamming of telecommunications. • It also is known as frequency- hopping code division multiple access (FH-CDMA). • Bluetooth uses a technique called spread-spectrum frequency hopping.

  17. Avoiding Interference : Hopping • In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range • Transmitters change frequency 1600 times a second

  18. Cont. • Each channel is divided into time slots 625 microseconds long • Packets can be up to five time slots wide • Data in a packet can be up to 2,745 bits in length

  19. Cont. • FH-CDMA to separate piconets within a scatternet • More piconets within a scatter net degrades performance • Possible collision because hopping patterns are not coordinated • At any instant of time, a device can participate only in one piconet • If the device participates as a slave, it just synchronize with the master’s hop sequence

  20. Cont. • The master for a piconet can join another piconet as a slave; in this case, all communication within in the former piconet will be suspended . • When leaving a piconet, a slave notifies the master about its absence for certain amount of time. • Communication between different piconets takes place by devices jumping back and forth between these nets

  21. Simplified Bluetooth stack

  22. Bluetooth Profile Structure

  23. How Does It Work? • Bluetooth is a standard for tiny, radio frequency chips that can be plugged into your devices • These chips were designed to take all of the information that your wires normally send, and transmit it at a special frequency to something called a receiver Bluetooth chip. • The information is then transmitted to your device

  24. BluetoothChip RF Baseband Controller Link Manager Bluetooth Chip

  25. SPECIFICATIONS • Bluetooth specifications are divided into two: • Core SpecificationsThis bluetooth specification contains the Bluetooth Radio Specification as well as the Baseband, Link Manager, L2CAP, Service Discovery, RFCOMM and other specifications.

  26. SPECIFICATIONS • Application Specifications • These specifications include the following • Profiles Cordless Telephony • Serial Port • Headset • Intercom • Dialup Networking • Fax • File Transfer • Service Discovery Application • Generic Access

  27. RADIO POWER CLASSES • The Bluetooth specification allows for three different types of radio powers: • Class 1 = 100mW • Class2 = 2.5mW • Class 3 = 1mW • These power classes allow Bluetooth devices to connect at different ranges • High power radius have longer ranges. The maximum range for a Class 1, 100mW is about 100 meters. There is also a minimum range for a Bluetooth connection. The minimum range is around 10cm.

  28. Power Management Benefits • Cable Replacement • Replace the cables for peripheral devices • Ease of file sharing • Panel discussion, conference, etc. • Wireless synchronization • Synchronize personal information contained in the address books and date books between different devices such as PDAs, cell phones, etc. • Bridging of networks • Cell phone connects to the network through dial-up connection while connecting to a laptop with Bluetooth.

  29. Bluetooth Devices Bluetooth will soon be enabled in everything from: • Telephones • Headsets • Computers • Cameras • PDAs • Cars • Etc …

  30. Bluetooth Products 1 • Bluetooth-enabled PC Card

  31. Bluetooth Products 2 • Bluetooth-enabled PDA

  32. Bluetooth Products 3 • Bluetooth-enabled Cell Phone

  33. Bluetooth Products 4 • Bluetooth-enabled Head Set

  34. Usage Models • Cordless computer • Ultimate headset • Three-in-one phone • Interactive conference (file transfer) • Direct network access • Instant postcard

  35. Wireless Technologies • There are two technologies that have been developed as wireless cable replacements: Infrared (IRDA) and radio (Bluetooth).

  36. Why Not Infrared? • Intended for point to point links • Limited to line of sight • have a narrow angle (30 degree cone), • Low penetration power • Distance covered is low(1 meter approx) • have a throughput of 9600 bps to 4 Mbps • IrDA has proven to be a popular technology with compliant ports currently available in an array of devices including: embedded devices, phones, modems, computers (PCs) and laptops, PDAs, printers, and other computer peripherals

  37. Compare Infrared, Bluetooth

  38. Cont…..

  39. Our Focus • Bluetooth security

  40. Security of Bluetooth • Security in Bluetooth is provided on the radio paths only • Link authentication and encryption may be provided • True end-to-end security relies on higher layer security solutions on top of Bluetooth • Bluetooth provides three security services • Authentication – identity verification of communicating devices • Confidentiality – against information compromise • Authorization – access right of resources/services • Fast FH together with link radio link power control provide protection from eavesdropping and malicious access • Fast FH makes it harder to lock the frequency • Power control forces the adversary to be in relatively close proximity

  41. Security Modes (Authentication ) • Exchange Business Cards • Needs a secret key • A security manager controls access to services and to devices • Security mode 2 does not provide any security until a channel has been established • Key Generation from PIN • PIN: 1-16 bytes. PINs are fixed and may be permanently stored. Many users use the four digit 0000

  42. Bluetooth Key Generation From PIN • Bluetooth Initialization Procedure (Pairing) • Creation of an initialization key (ki) • Creation of a link key Authentication (ka)

  43. Creation of an Initialization Key • PIN and its length (ki)

  44. Creation of a link key Authentication • Challenge-Response Based • Claimant: intends to prove its identity, to be verified • Verifier: validating the identity of another device • Use challenge-response to verify whether the claimant knows the secret (link key) or not . If fail, the claimant must wait for an interval to try a new attempt. • The waiting time is increased exponentially to defend the “try-and-error” authentication attack • Mutual authentication is supported • Challenge (128-bit) • Response (32-bit) • 48-bit device address

  45. Confidentiality • ACO (Authenticated Cipher Offset) is 96-bit, generated during the authentication procedure • ACO and the link key are never transmitted • Encryption key Kc is generated from the current link key • Kc is 8-bit to 128-bit, negotiable between the master and the slave Master suggests a key size Set the “minimum acceptable” key size parameter to prevent a malicious user from driving the key size down to the minimum of 8 bits • The key stream is different for different packet since slot number is different

  46. Three Encryption Modes for Confidentiality • Encryption Mode 1: -- No encryption is performed on any traffic • Encryption Mode 2: -- Broadcast traffic goes unprotected • while uni cast traffic is protected by the unique key • Encryption Mode 3: -- All traffic is encrypted

More Related