“Security Weakness in Bluetooth”M.Jakobsson, S.WetzelLNCS 2020, 2001 The introduction of new technology and functionality can provides its users with increased possibilities, it also provide criminals with powerful weapon. This is true for a recently proposed standard for local wireless communication ---- Bluetooth. presented by: Shuping Cao
Outline • A brief overview of three vulnerabilities in Bluetooth1.0B • Introduction of Some bluetooth specifications and relevant attacks • Counter-measures to these attacks • Conclusion
An overview of vulnerabilities Three vulnerabilities in the Bluetooth 1.0 version: • The first vulnerability opens up the system so that attackers can determine the key exchanged by two victim devices, this make eavesdropping and impersonation possible. • The second vulnerability makes location attacks possible. Geographic location of victim devices can be known to the attacker. • The third vulnerability concerns the cipher and the use of cipher, while attacks on the use of cipher is serious.
Key Management Specification and Related Attacks(1) Several keys are used to ensure secure transmission of data: • Initialization key: Used to protect the exchange of link key, so establishing this key is the basis of link key generation. Computed as a function of a shared PIN, the BD_ADDR and the random number which is chosen by this device. • Unit Key: Derived at the installation of bluetooth device. • Link Key: Generated by both devices who want more secure communication The information transmitted during link key generation is encrypted by initialization key.
Key Management Specification and Related Attacks(2) • Eavesdropping and Stealing Keys The secure generation of link key rely on the the initialization Key, and initialization key is a function of PIN code, so once attackers got weak PINS by guessing and stealing, the secure communication can’t be ensured. • Middle-person Attack IF attacker knows the link key used by two devices, so he can pose one side to initiate contacts with the other side using the new link key. Consequence: Two devices will not see all the messages they send to each other, only those that attacker choose to send, so the attacker can impersonate the two devices to each other.
Specifications relevant to locations attacks • Device Mode: discoverable and non-discoverable Attack: Victim device can disclose its identity by responding inquiries from attacker’s devices, then victim’s movements can be known. • Addressing: Every device has a unique I.D. called BD_ADDR For each point-to-point, a channel with unique identifier(CAC) is used. CAC is a function of the master’s unique BD_ADDR. Each message sent has this CAC. CAC location Attack: The attackers intercept the network traffic in his proximity, extracting the CAC from message, using this to identify the master device of the piconet, so master device’s whereabouts.
A B KC KC CipherA_B DataA_B DataA_B CipherB_A DataB_A Cipher Use Specification and Related Attacks Cipher Use Specification: Attacks(On the use of cipher): Encryption E.q. cipherB-A = dataA-BXOR dataB-A is used when B transmit dataB-A to A. ,If an attacker eavesdrops on encrypted data -- cipherB-A-- and knows one of plaintext, the other will be derived easily.
Attacks: Middle-person attack Eavesdropping PIN and keys Attacks against Cipher CAC location attack Defending Measures Application layer security Choose sufficiently long PINs( 64 bit) Using large set of keys Do not use plaintexts to encrypt plaintexts Using different and random pseudonyms for each session Counter-Measures
Conclusion • Three types of attacks (eavesdropping and impersonation, location attacks, attacks against the cipher) are addressed because of the vulnerabilities in the current version of bluetooth specification. • Hope the future versions of the standard can be modified to defend against these attacks.
Questions? • What keys have the bluetooth standard specified to ensure the secure transmission? How they can be generated? • What is a effective way to defend middle-person attack?
Other Attacks • Hopping Along Only a limited hoping frequencies bands(79) , so a simple device with 79 listeners can be easily built to scan all bands, then attacker can eavesdropping a conversion in a piconet. • A combined attack First, attacker can determine the master device’s I.D. and its clock through some methods, from this he can obtain the hopping sequence, then he intercept the traffic on these various bands and obtain large of information. A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and cellular phone, and may grow to eight connected devices. All Bluetooth devices are peer units and have identical implementations. However, when establishing a piconet, one unit will act as a master and the other(s) as slave(s) for the duration of the piconet connection. All devices have the same physical channel defined by the master device parameters (clock and BD_ADDR).