Bluetooth Security <ul><li>By </li></ul><ul><li>Mohammed A. Ahmed </li></ul><ul><li>Amjad M. Musleh </li></ul><ul><li>Asma...
Project Description <ul><li>Study Bluetooth security aspects </li></ul><ul><li>Blue-attacks mechanism analysis </li></ul><...
Agenda <ul><li>Introduction </li></ul><ul><li>Security Mechanism </li></ul><ul><li>Bluesnarfing Attack </li></ul><ul><li>B...
Introduction <ul><li>What is Bluetooth? </li></ul><ul><li>- Short area wireless technology </li></ul><ul><li>- Developed b...
Introduction <ul><li>Bluetooth Stack </li></ul>-Bluetooth host (software) -Bluetooth controller (hardware) -HCI (host cont...
Introduction <ul><li>Bluetooth attacks examples </li></ul><ul><ul><li>Blue-snarf attack     get personal information </li...
Security Mechanism <ul><li>Looking for Blue-attacks causes </li></ul><ul><ul><li>Searching on security mechanism </li></ul...
Security Mechanism <ul><li>Bluetooth security:  service-dependent </li></ul><ul><ul><li>What service    What security lev...
Security Mechanism <ul><li>Analysis of link level security   </li></ul>
 
Security Mechanism <ul><li>Results </li></ul><ul><ul><li>Weakness in link level : PIN </li></ul></ul><ul><ul><ul><li>Solut...
Bluesnarfing Attack <ul><li>Why Bluesnarfing attack happens ? </li></ul><ul><li>-  vendors implementation of OBEX protocol...
Bluesnarfing Attack <ul><li>What is OBEX protocol ? </li></ul><ul><li>- Exchange objects between devices </li></ul><ul><li...
Bluesnarfing Attack <ul><li>Normal OBEX session  </li></ul>
Bluesnarfing Attack <ul><li>How Bluesnarfing </li></ul><ul><li>Attack Happens  : </li></ul>
Bluetooth Programming Environment <ul><li>Why Java ? </li></ul><ul><ul><li>Platform independent </li></ul></ul><ul><ul><li...
Bluetooth Programming Environment <ul><li>What is J2ME ? </li></ul><ul><ul><li>Configuration  </li></ul></ul><ul><ul><li>-...
Bluetooth Programming Environment <ul><li>J2ME toolkit ( compile & emulate) </li></ul>
Bluetooth Programming Environment <ul><li>Working in a Real Environment </li></ul><ul><li>To discover and communicate with...
J2ME into J2SE <ul><li>To support J2ME features: </li></ul><ul><ul><li>javax.microedition.io </li></ul></ul><ul><li>To sup...
J2ME into J2SE <ul><li>Ready Solution (GCF) </li></ul><ul><ul><li>GCF ( Generic Connection Framework) </li></ul></ul><ul><...
Bluetooth Application Programming <ul><li>Short-term goal </li></ul><ul><ul><li>Bluetooth programming & attack preparation...
Bluetooth Application Programming <ul><li>General scenario </li></ul>
Bluetooth Application Programming <ul><li>Bluetooth Controller </li></ul><ul><ul><li>Job </li></ul></ul><ul><ul><ul><li>De...
Bluetooth Application Programming: Bluetooth Controller
Bluetooth Application Programming <ul><li>Connection Controller </li></ul><ul><ul><li>Connect to what service (service inq...
Bluetooth Application Programming <ul><li>Attack executor </li></ul><ul><ul><li>Message Advertiser </li></ul></ul><ul><ul>...
Bluetooth Application Programming: Message Advertiser
Bluetooth Application Programming: Infinite SMS sender
Difficulties Faced <ul><li>Lack of resources </li></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Non-Vulnerability </li>...
Conclusion <ul><li>General wireless programming sense </li></ul><ul><li>Theoretical Experience   </li></ul><ul><ul><li>Blu...
MORE INFORMATION <ul><li>http://student.kfupm.edu.sa/s208675 </li></ul>
THANK YOU Q & A
Upcoming SlideShare
Loading in...5
×

Bluetooth security

3,463

Published on

A Presentation

Published in: Education, Technology
1 Comment
0 Likes
Statistics
Notes
  • disadvantages of bloothooth security
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
3,463
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
191
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Bluetooth security

  1. 1. Bluetooth Security <ul><li>By </li></ul><ul><li>Mohammed A. Ahmed </li></ul><ul><li>Amjad M. Musleh </li></ul><ul><li>Asmat K. Marouf </li></ul><ul><li>Advisors </li></ul><ul><li>Dr. Ashraf S. H. Mahmoud </li></ul><ul><li>Dr. Marwan H. Abu-Amara </li></ul>
  2. 2. Project Description <ul><li>Study Bluetooth security aspects </li></ul><ul><li>Blue-attacks mechanism analysis </li></ul><ul><li>Implementation of Java Bluetooth Applications </li></ul>
  3. 3. Agenda <ul><li>Introduction </li></ul><ul><li>Security Mechanism </li></ul><ul><li>Bluesnarfing Attack </li></ul><ul><li>Bluetooth Programming Environment </li></ul><ul><li>J2ME into J2SE </li></ul><ul><li>Bluetooth Application Programming </li></ul><ul><li>Difficulties Faced </li></ul><ul><li>Conclusion </li></ul>
  4. 4. Introduction <ul><li>What is Bluetooth? </li></ul><ul><li>- Short area wireless technology </li></ul><ul><li>- Developed by SIG (Special Interest Group) </li></ul><ul><li>Properties </li></ul><ul><li>- 2.4 GHz ISM (industrial,scientific,medical) band </li></ul><ul><li>- Spread frequency hopping </li></ul><ul><li>- Point to Multipoint </li></ul>
  5. 5. Introduction <ul><li>Bluetooth Stack </li></ul>-Bluetooth host (software) -Bluetooth controller (hardware) -HCI (host controller interface)
  6. 6. Introduction <ul><li>Bluetooth attacks examples </li></ul><ul><ul><li>Blue-snarf attack  get personal information </li></ul></ul><ul><ul><li>Blue-jack attack  send unwanted messages </li></ul></ul><ul><ul><li>Blue-bug attack  full access (AT command) </li></ul></ul>
  7. 7. Security Mechanism <ul><li>Looking for Blue-attacks causes </li></ul><ul><ul><li>Searching on security mechanism </li></ul></ul><ul><ul><ul><li>Holes in security architecture or Bluetooth spec. </li></ul></ul></ul><ul><ul><li>Searching on security implementation </li></ul></ul><ul><ul><ul><li>Holes in vendor’s implementation </li></ul></ul></ul>
  8. 8. Security Mechanism <ul><li>Bluetooth security: service-dependent </li></ul><ul><ul><li>What service  What security level required </li></ul></ul><ul><li>Bluetooth link level security </li></ul><ul><ul><li>Not always enforced </li></ul></ul><ul><ul><li>Device Authentication </li></ul></ul><ul><ul><li>Link Encryption ( pairing ) </li></ul></ul><ul><li>Bluetooth higher-level security </li></ul><ul><ul><li>Up to vendors implementation </li></ul></ul>
  9. 9. Security Mechanism <ul><li>Analysis of link level security </li></ul>
  10. 11. Security Mechanism <ul><li>Results </li></ul><ul><ul><li>Weakness in link level : PIN </li></ul></ul><ul><ul><ul><li>Solution: Long & random PIN </li></ul></ul></ul><ul><ul><li>Key exchange </li></ul></ul><ul><ul><ul><li>Solution: Do it in private !! </li></ul></ul></ul><ul><ul><li>BUT </li></ul></ul><ul><ul><ul><li>Other wireless protocols ~ same problem </li></ul></ul></ul><ul><ul><ul><li>Even if I got the PIN, </li></ul></ul></ul><ul><ul><ul><li>ATTACKS SHOULD NOT HAPPEN!! </li></ul></ul></ul>
  11. 12. Bluesnarfing Attack <ul><li>Why Bluesnarfing attack happens ? </li></ul><ul><li>- vendors implementation of OBEX protocol </li></ul><ul><li>Three profiles use the OBEX protocol: </li></ul><ul><li>- Synchronization Profile (secure) </li></ul><ul><li>- File Transfer Profile (secure) </li></ul><ul><li>- Object Push (insecure) </li></ul>
  12. 13. Bluesnarfing Attack <ul><li>What is OBEX protocol ? </li></ul><ul><li>- Exchange objects between devices </li></ul><ul><li>The main four operations used in OBEX: </li></ul><ul><ul><li>Connect Operation </li></ul></ul><ul><ul><li>Put Operation </li></ul></ul><ul><ul><li>Get Operation </li></ul></ul><ul><ul><li>Disconnect Operation </li></ul></ul><ul><li>OBEX protocol Layers </li></ul>
  13. 14. Bluesnarfing Attack <ul><li>Normal OBEX session </li></ul>
  14. 15. Bluesnarfing Attack <ul><li>How Bluesnarfing </li></ul><ul><li>Attack Happens : </li></ul>
  15. 16. Bluetooth Programming Environment <ul><li>Why Java ? </li></ul><ul><ul><li>Platform independent </li></ul></ul><ul><ul><li>Multiple vendors (choices!) </li></ul></ul><ul><ul><li>Widespread industry acceptance </li></ul></ul><ul><li>Java Platforms: </li></ul><ul><ul><li>J2SE  for desktop applications </li></ul></ul><ul><ul><li>J2ME  for resource-constrained computing devices </li></ul></ul>
  16. 17. Bluetooth Programming Environment <ul><li>What is J2ME ? </li></ul><ul><ul><li>Configuration </li></ul></ul><ul><ul><li>-core classes </li></ul></ul><ul><ul><li>Profile </li></ul></ul><ul><ul><li>- example :MIDP (Mobile Information Device Profile) </li></ul></ul><ul><ul><li>Optional Packages </li></ul></ul><ul><ul><li>- To include additional technologies </li></ul></ul><ul><ul><li>- Example Bluetooth Package: </li></ul></ul><ul><ul><li>1. Javax.bluetooth 2. Javax.obex </li></ul></ul>J2ME Configuration Host Operating System Profile Optional Packages
  17. 18. Bluetooth Programming Environment <ul><li>J2ME toolkit ( compile & emulate) </li></ul>
  18. 19. Bluetooth Programming Environment <ul><li>Working in a Real Environment </li></ul><ul><li>To discover and communicate with other devices </li></ul><ul><li>To run our Bluetooth applications in a real environment: </li></ul><ul><ul><li>Using a Bluetooth mobile device </li></ul></ul><ul><ul><li>Using our desktop with a Bluetooth adapter </li></ul></ul><ul><li>For the first approach: </li></ul><ul><ul><li>NOKIA 6810 mobile phone </li></ul></ul><ul><ul><ul><li>It did not work (Java Bluetooth API is missing )! </li></ul></ul></ul>
  19. 20. J2ME into J2SE <ul><li>To support J2ME features: </li></ul><ul><ul><li>javax.microedition.io </li></ul></ul><ul><li>To support Bluetooth: </li></ul><ul><ul><li>javax.bluetooth </li></ul></ul><ul><li>Is it enough? </li></ul><ul><ul><li>Other classes are missed </li></ul></ul>
  20. 21. J2ME into J2SE <ul><li>Ready Solution (GCF) </li></ul><ul><ul><li>GCF ( Generic Connection Framework) </li></ul></ul><ul><ul><li>Define ALL packages to migrate J2ME to J2SE </li></ul></ul><ul><ul><li>Different implementations </li></ul></ul><ul><ul><ul><li>Example: aveLink Bluetooth for java </li></ul></ul></ul>
  21. 22. Bluetooth Application Programming <ul><li>Short-term goal </li></ul><ul><ul><li>Bluetooth programming & attack preparation </li></ul></ul><ul><li>Long-term goal </li></ul><ul><ul><li>Bluetooth attacks implementation </li></ul></ul><ul><li>Application components </li></ul><ul><ul><li>Bluetooth Controller </li></ul></ul><ul><ul><li>Connection Controller </li></ul></ul><ul><ul><li>Attack Executor </li></ul></ul>
  22. 23. Bluetooth Application Programming <ul><li>General scenario </li></ul>
  23. 24. Bluetooth Application Programming <ul><li>Bluetooth Controller </li></ul><ul><ul><li>Job </li></ul></ul><ul><ul><ul><li>Device discovery </li></ul></ul></ul><ul><ul><ul><li>Service discovery </li></ul></ul></ul><ul><ul><li>Implementation </li></ul></ul><ul><ul><ul><li>javax.bluetooth built-in methods </li></ul></ul></ul>
  24. 25. Bluetooth Application Programming: Bluetooth Controller
  25. 26. Bluetooth Application Programming <ul><li>Connection Controller </li></ul><ul><ul><li>Connect to what service (service inquiry) </li></ul></ul><ul><ul><li>URL of the service (service record as response) </li></ul></ul><ul><ul><li>Establish appropriate connection </li></ul></ul><ul><li>Connection to service: 2-parties operation </li></ul><ul><ul><li>Server mobile may respond differently </li></ul></ul>
  26. 27. Bluetooth Application Programming <ul><li>Attack executor </li></ul><ul><ul><li>Message Advertiser </li></ul></ul><ul><ul><ul><li>Advertise messages to mobiles in range </li></ul></ul></ul><ul><ul><ul><li>Use OBEX </li></ul></ul></ul><ul><ul><li>Infinite SMS sender </li></ul></ul><ul><ul><ul><li>Send SMS from one victim to another </li></ul></ul></ul><ul><ul><ul><li>Use AT commands over serial port profile </li></ul></ul></ul>
  27. 28. Bluetooth Application Programming: Message Advertiser
  28. 29. Bluetooth Application Programming: Infinite SMS sender
  29. 30. Difficulties Faced <ul><li>Lack of resources </li></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Non-Vulnerability </li></ul></ul><ul><li>Pre-work: environment adaptation </li></ul><ul><ul><li>Software & hardware requirements </li></ul></ul><ul><li>Illegality of hacking  limited guidance </li></ul>
  30. 31. Conclusion <ul><li>General wireless programming sense </li></ul><ul><li>Theoretical Experience </li></ul><ul><ul><li>Bluetooth in general </li></ul></ul><ul><ul><li>Bluetooth security issues </li></ul></ul><ul><li>Practical experience </li></ul><ul><ul><li>Different java platforms programming </li></ul></ul><ul><ul><li>Bluetooth programming in particular </li></ul></ul><ul><li>Finally </li></ul><ul><ul><li>Knowledge-based hacking = </li></ul></ul><ul><ul><li>Knowledge + Time + effort + KEEP TRYING </li></ul></ul>
  31. 32. MORE INFORMATION <ul><li>http://student.kfupm.edu.sa/s208675 </li></ul>
  32. 33. THANK YOU Q & A
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×