security l.
Skip this Video
Loading SlideShow in 5 Seconds..
security PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 19

security - PowerPoint PPT Presentation

  • Uploaded on

security. Bluetooth. Lauri Mikkola “ I don’t have to be careful, I’ve got a gun.” -Homer Simpson. About Bluetooth. Developed by a group called Bluetooth Special Interest Group (SIG), formed in may 1998 Founding members were Ericsson, Nokia, Intel, IBM and Toshiba

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'security' - irving

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript



Lauri Mikkola

“I don’t have to be careful, I’ve got a gun.”

-Homer Simpson

about bluetooth
About Bluetooth
  • Developed by a group called Bluetooth Special Interest Group (SIG), formed in may 1998
  • Founding members were Ericsson, Nokia, Intel, IBM and Toshiba
  • Bluetooth connects different wireless devises, like laptops, mobile phones, PDAs, refrigerators etc.
  • Bluetooth is intended to distances about 10 meters (piconet)
bluetooth details
Bluetooth details
  • Utilizes the 2.45Ghz ISM-band
  • Uses fast frequency-hopping spread spectrum (FHSS) technique between 79 frequencies 1600/s
  • Can give bit rates up to 1 Mbps
  • Piconet consist of max 8 nodes
  • Low cost ( ~5€ ) and small size
bluetooth components
Bluetooth components
  • Radio unit
    • TDD and FHSS
  • Baseband unit
    • Voice to data conversion, packet segmentation, master/slave communication, identification of parties, control authorization
  • Link Management Protocol (LMP)
    • Set up connections and implement security features like key exchanges and encryption
  • Logical Link Control and Adaptation Protocol (L2CAP)
    • Multiplexing, packer segmentation/reassemly, QoS
  • Service Discovery Protocol (SDP)
    • Queries a Bluetooth devise and checks what services it supports
bluetooth security features
Bluetooth security features
  • The Bluetooth specification include security features at the link level
  • Supports authorization, authentication and encryption
  • Based on a secret link key that is shared by a pair of devices
  • Link key generated by a pairing procedure when two devices communicate for the first time
security modes of bluetooth 1
Security modes of Bluetooth(1)
  • Security mode 1
    • No security, for testing only. Allows other Bluetooth devices initiate connections with it, PUSH messages
  • Security mode 2
    • A device does not initiate security procedures before establishment of the link between the devices at the L2CAP level.
    • Trusted and untrusted devices
    • Security polices can flexible impose different trust levels: authentication, authorisation and encyrption
security modes of bluetooth 2
Security modes of Bluetooth (2)
  • Security mode 3
    • Security at the Baseband level
    • Security manager imposes security policies
    • LMP makes encryption and key exchanges
key management 1
Key Management (1)
  • Link keys
    • All keys are 128bit random numbers and are either temporary or semi-permanent
    • Unit key KA , unique long-term private key of a device
    • Combination key KAB derived from units A and B. Generated for each pair of devices
    • Master key Kmaster ,used when master device wants to transmit to several devices at once
    • Initialization key Kinit ,used in the initialization process.
key management 2
Key Management (2)
  • Encryption key
    • Derived from the current link key. Each time encryption is needed the encryption key will be automatically changed
    • Separated from authentication key
  • PIN Code
    • Fixed or selected by the user
    • Usually 4 digits, can be 8 to 128 bits
    • Shared secret
establishment of link key 1 pairing
Establishment of Link Key (1)(Pairing)
  • Link key of devices A and B = unit key KA of device A
authentication and encryption
Authentication and Encryption
  • Authentication by issuing a challenge to another device
  • The other device replies to challenge with a message based on the challenge, the Device address and the shared link key.
  • The device that issued the challenge verifies the response and authenticates if the response is equals to it’s own calculations.
  • Encryption is based on the 4 LFSR algorithm
bluetooth security weaknesses 1
Bluetooth security weaknesses (1)
  • Unlike in 802.11b WLAN, the security algorithms of Bluetooth are considered strong. However there are some attack possibilities
  • PIN weakness
    • Initial authentication is based on a PIN that can be anywhere between 8-128 bits.
    • If poorly chosen can be easy to guess
  • Impersonation
    • A hacker can scan the MIN and ESN and pretend to be someone else
    • Stealing the Unit Key
    • Only the device is authenticated, not the user
  • Replay attacks
    • A hacker can record Bluetooth transmissions in all 79 frequencies and then in some way figure out frequency hopping sequence and then replay the whole transmission.
bluetooth security weaknesses 2
Bluetooth security weaknesses (2)
  • Man in the middle
    • Bluetooth authentication is not based on public key certificates. It is possible to play man in the middle
  • Location attack
    • A Bluetooth device has (globally) a unique identification number, therefore it is possible to identify and locate users position
  • Denial-of-Service attack
    • Jamming the whole ISM band, takes lot of energy
    • Put so many Bluetooth devices that the band is consumed
    • Try to connect, authentication fails, but a legal client will not get through either
how to avoid being attacked
How to avoid being attacked
  • Paring is the most critical moment of a attack
  • Paring should be performed in a most secure place
  • Long PIN numbers are strongly encouraged
  • Avoid using unit keys. Use combination keys
  • To check default settings of device
    • Chose to respond only to inquiries of known devices
    • Do not save PIN permanently in memory
for the paranoid

Cloaktec Shied (fabric)

Blocks 10Mhz to 20Ghz signal

Nylon Shell


Only $34

mCloak r5TM for Bluetooth

For the paranoid