Loading in 2 Seconds...
Loading in 2 Seconds...
“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The introduction of new technology and functionality can provides its users with increased possibilities, it also provide criminals with powerful weapon. This is true for a recently proposed standard for local wireless communication ---- Bluetooth.
presented by: Shuping Cao
Three vulnerabilities in the Bluetooth 1.0 version:
Several keys are used to ensure secure transmission of data:
Used to protect the exchange of link key, so establishing this key is the basis of link key generation.
Computed as a function of a shared PIN, the BD_ADDR and the random number which is chosen by this device.
Derived at the installation of bluetooth device.
Generated by both devices who want more secure communication
The information transmitted during link key generation is encrypted by initialization key.
The secure generation of link key rely on the the initialization Key, and initialization key is a function of PIN code, so once attackers got weak PINS by guessing and stealing, the secure communication can’t be ensured.
IF attacker knows the link key used by two devices, so he can pose one side to initiate contacts with the other side using the new link key.
Consequence: Two devices will not see all the messages they send to each other, only those that attacker choose to send, so the attacker can impersonate the two devices to each other.
Victim device can disclose its identity by responding inquiries from attacker’s devices, then victim’s movements can be known.
Every device has a unique I.D. called BD_ADDR
For each point-to-point, a channel with unique identifier(CAC) is used. CAC is a function of the master’s unique BD_ADDR. Each message sent has this CAC.
CAC location Attack:
The attackers intercept the network traffic in his proximity, extracting the CAC from message, using this to identify the master device of the piconet, so master device’s whereabouts.
DataB_ACipher Use Specification and Related Attacks
Cipher Use Specification:
Attacks(On the use of cipher):
Encryption E.q. cipherB-A = dataA-BXOR dataB-A is used when B transmit dataB-A to A. ,If an attacker eavesdrops on encrypted data -- cipherB-A-- and knows one of plaintext, the other will be derived easily.
Eavesdropping PIN and keys
Attacks against Cipher
CAC location attack
Application layer security
Choose sufficiently long PINs( 64 bit)
Using large set of keys
Do not use plaintexts to encrypt plaintexts
Using different and random pseudonyms for each sessionCounter-Measures
Only a limited hoping frequencies bands(79) , so a simple device with 79 listeners can be easily built to scan all bands, then attacker can eavesdropping a conversion in a piconet.
First, attacker can determine the master device’s I.D. and its clock through some methods, from this he can obtain the hopping sequence, then he intercept the traffic on these various bands and obtain large of information.
A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and cellular phone, and may grow to eight connected devices. All Bluetooth devices are peer units and have identical implementations. However, when establishing a piconet, one unit will act as a master and the other(s) as slave(s) for the duration of the piconet connection. All devices have the same physical channel defined by the master device parameters (clock and BD_ADDR).