security weakness in bluetooth m jakobsson s wetzel lncs 2020 2001 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 PowerPoint Presentation
Download Presentation
“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001

Loading in 2 Seconds...

play fullscreen
1 / 11

“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '“ Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001' - cheryl


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security weakness in bluetooth m jakobsson s wetzel lncs 2020 2001

“Security Weakness in Bluetooth”M.Jakobsson, S.WetzelLNCS 2020, 2001

The introduction of new technology and functionality can provides its users with increased possibilities, it also provide criminals with powerful weapon. This is true for a recently proposed standard for local wireless communication ---- Bluetooth.

presented by: Shuping Cao

outline
Outline
  • A brief overview of three vulnerabilities in Bluetooth1.0B
  • Introduction of Some bluetooth specifications and relevant attacks
  • Counter-measures to these attacks
  • Conclusion
an overview of vulnerabilities
An overview of vulnerabilities

Three vulnerabilities in the Bluetooth 1.0 version:

  • The first vulnerability opens up the system so that attackers can determine the key exchanged by two victim devices, this make eavesdropping and impersonation possible.
  • The second vulnerability makes location attacks possible. Geographic location of victim devices can be known to the attacker.
  • The third vulnerability concerns the cipher and the use of cipher, while attacks on the use of cipher is serious.
key management specification and related attacks 1
Key Management Specification and Related Attacks(1)

Several keys are used to ensure secure transmission of data:

  • Initialization key:

Used to protect the exchange of link key, so establishing this key is the basis of link key generation.

Computed as a function of a shared PIN, the BD_ADDR and the random number which is chosen by this device.

  • Unit Key:

Derived at the installation of bluetooth device.

  • Link Key:

Generated by both devices who want more secure communication

The information transmitted during link key generation is encrypted by initialization key.

key management specification and related attacks 2
Key Management Specification and Related Attacks(2)
  • Eavesdropping and Stealing Keys

The secure generation of link key rely on the the initialization Key, and initialization key is a function of PIN code, so once attackers got weak PINS by guessing and stealing, the secure communication can’t be ensured.

  • Middle-person Attack

IF attacker knows the link key used by two devices, so he can pose one side to initiate contacts with the other side using the new link key.

Consequence: Two devices will not see all the messages they send to each other, only those that attacker choose to send, so the attacker can impersonate the two devices to each other.

specifications relevant to locations attacks
Specifications relevant to locations attacks
  • Device Mode: discoverable and non-discoverable

Attack:

Victim device can disclose its identity by responding inquiries from attacker’s devices, then victim’s movements can be known.

  • Addressing:

Every device has a unique I.D. called BD_ADDR

For each point-to-point, a channel with unique identifier(CAC) is used. CAC is a function of the master’s unique BD_ADDR. Each message sent has this CAC.

CAC location Attack:

The attackers intercept the network traffic in his proximity, extracting the CAC from message, using this to identify the master device of the piconet, so master device’s whereabouts.

cipher use specification and related attacks

A

B

KC

KC

CipherA_B

DataA_B

DataA_B

CipherB_A

DataB_A

Cipher Use Specification and Related Attacks

Cipher Use Specification:

Attacks(On the use of cipher):

Encryption E.q. cipherB-A = dataA-BXOR dataB-A is used when B transmit dataB-A to A. ,If an attacker eavesdrops on encrypted data -- cipherB-A-- and knows one of plaintext, the other will be derived easily.

counter measures
Attacks:

Middle-person attack

Eavesdropping PIN and keys

Attacks against Cipher

CAC location attack

Defending Measures

Application layer security

Choose sufficiently long PINs( 64 bit)

Using large set of keys

Do not use plaintexts to encrypt plaintexts

Using different and random pseudonyms for each session

Counter-Measures
conclusion
Conclusion
  • Three types of attacks (eavesdropping and impersonation, location attacks, attacks against the cipher) are addressed because of the vulnerabilities in the current version of bluetooth specification.
  • Hope the future versions of the standard can be modified to defend against these attacks.
questions
Questions?
  • What keys have the bluetooth standard specified to ensure the secure transmission? How they can be generated?
  • What is a effective way to defend middle-person attack?
other attacks
Other Attacks
  • Hopping Along

Only a limited hoping frequencies bands(79) , so a simple device with 79 listeners can be easily built to scan all bands, then attacker can eavesdropping a conversion in a piconet.

  • A combined attack

First, attacker can determine the master device’s I.D. and its clock through some methods, from this he can obtain the hopping sequence, then he intercept the traffic on these various bands and obtain large of information.

A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and cellular phone, and may grow to eight connected devices. All Bluetooth devices are peer units and have identical implementations. However, when establishing a piconet, one unit will act as a master and the other(s) as slave(s) for the duration of the piconet connection. All devices have the same physical channel defined by the master device parameters (clock and BD_ADDR).