Bluetooth Encryption - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Bluetooth Encryption

Description:

Bluetooth Encryption. Shawn Roberts. 31 March 2004. What is Bluetooth ? ... Named after 10th Century Danish King Harald Bluetooth ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 18
Provided by: me662
Learn more at: https://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: Bluetooth Encryption


1
Bluetooth Encryption
  • Shawn Roberts
  • 31 March 2004

2
What is Bluetooth ?
  • Created by Ericsson Mobile Communications
  • Named after 10th Century Danish King Harald
    Bluetooth
  • Standardized within the 802.15 Personal Area
    Network (PAN) working group
  • 1988 Bluetooth SIG founded
  • Founding members include Ericsson, Nokia, IBM,
    Toshiba, Intel
  • Today over 2,000 participating companies

3
Bluetooth Physical Layer
  • 2.4 to 2.4835 GHz (ISM band)
  • Frequency hopping spread spectrum with time
    division duplex
  • 1,600 hops/sec over 79 frequencies in
    quasi-random fashion
  • Each 625 microsecond slot uses a different
    frequency
  • Hop carriers equally spaced at 1 MHz intervals

4
Bluetooth Physical Characteristics
  • Data Rate 1 Mbps
  • Throughput 720 kbps (approx)
  • Three classes of power management
  • Class 1 100 milliwatt (mW) 100 meters
  • Class 2 2.5 milliwatt (mW) 10 meters
  • Class 3 1 milliwatt (mW) 1/10 to 10 meters
  • 48 bit addresses

5
Bluetooth Networks
  • Small adhoc Network consisting of up to 8
    Bluetooth devices
  • One master and seven slaves
  • Device can only be the master of one piconet at
    the time
  • Device can switch between multiple piconets
  • Scatternet-Consists of multiple piconets

6
Authentication Parameters
Parameter Length Secrecy Characteristic
Device Address 48 bit Public
Random Challenge 128 bit Public, unpredictable
Authentication 32 bit Public
Link Key 128 bit Secret
7
Bluetooth Keys
  • Link keys
  • All keys are 128bit random numbers and are either
    temporary or semi-permanent
  • 4 Types
  • Unit key KA -unique long-term private key of a
    device
  • Combination key KAB -derived from units A and B.
    Generated for each pair of devices
  • Master key Kmaster -used when master device wants
    to transmit to several devices at once
  • Initialization key Kinit -used in the
    initialization process.

8
Bluetooth Keys(2)
  • Encryption key
  • Derived from the current link key. Automatically
    changed each time encryption is needed.
  • Separate from the authentication key
  • PIN Code
  • Fixed or selected by the user
  • Usually 4 digits, can be 8 to 128 bits
  • Shared secret

9
Bluetooth Key Generation
10
Bluetooth Authentication
11
Levels of Trust
  • Trusted-If device B is trusted by device A it is
    allowed unrestricted access to A
  • Untrusted-If B is untrusted by A it has
    authenticated to A but access to A is limited
  • Unknown-If B is Unknown it has not been
    authenticated and is unknown

12
Encryption Modes
  • Mode 1 No encryption on any traffic
  • Mode 2 Broadcast traffic (unencrypted)
  • Individual Traffic encrypted with individual
    link keys
  • Mode 3 All traffic encrypted according to
    master link key

13
Bluetooth Encryption Process
14
Bluetooth Insecurities
  • PIN weakness
  • Initial authentication is based on a PIN that can
    be anywhere between 8-128 bits.
  • If poorly chosen can be easy to guess
  • Reflection Attack
  • A hacker can capture the MIN and ESN and pretend
    to be someone else
  • Stealing the Unit Key
  • Highlights weakness of only authenticating the
    device and not the user
  • Replay attacks
  • A hacker can record Bluetooth transmissions in
    all 79 frequencies and then in some way figure
    out frequency hopping sequence and then replay
    the whole transmission.

15
Bluetooth Insecurities(2)
  • Man in the middle
  • Bluetooth authentication does not use public key
    certificates to authenticate users.
  • Denial-of-Service attack
  • Not very feasible would require the jamming of
    the whole ISM band

16
Securing your Bluetooth Device
  • Pairing
  • Weakest link and the most vulnerable to attack
  • Should be performed in a secure area
  • Use long Personal Identification Numbers
  • Avoid using unit keys.
  • Use combination keys instead
  • Check the default settings of the device
  • Respond only to inquiries of known devices
  • Do not save PIN permanently in memory

17
Sources
  • Bluetooth Stack Architecture Microsoft Windows CE 
    .NET 4.2 http//msdn.microsoft.com/library/default
    .asp?url/library/en-us/wcebluet/html/ceconBluetoo
    thStackArchitecture.asp
  • Gehrmann, Christian. Bluetooth Security White
    Paper". Version 1.0 19 April 2002.
    http//www.bluetooth.com/upload/24Security_paper.P
    DF
  • Xydis, Ph.D. Thomas G. and Simon Blake-Wilson.
    Security Comparison Bluetooth Communications
    vs. 802.11, 10 November 2001, revised 15 May
    2002. http/www.bluetooth.com/upload/14Bluetooth_W
    ifi_Security.pdf
  • United States Dept. of Commerce. National
    Institute of Standards and Technology. Technology
    Administration. Special Publication
    800-48Wireless Network Security802.11,Bluetooth
    and Handheld Devices. By Tom Karygiannis
    http//csrc.nist.gov/publications/nistpubs/800-48/
    NIST_SP_800-48.pdf
  • Bluetooth Encryption Engine
  • http//www.stanford.edu/jayasena/ee272/proj_desc.
    htm

18
Bluetooth Protocol Stack
Write a Comment
User Comments (0)
About PowerShow.com