Mobile Security   Wolfgang Schneider [email_address] Fraunhofer-Institute SIT Dolivostr. 15 Darmstadt Germany
Wireless Communication Overview
GSM <ul><li>GSM Properties </li></ul><ul><ul><li>cellular radio network  </li></ul></ul><ul><ul><li>digital transmission u...
GSM <ul><li>GSM Security Requirements  </li></ul><ul><li>Network provider‘s view </li></ul><ul><li>correct  Billing : auth...
GSM <ul><li>Overview of GSM Security Services </li></ul><ul><li>Smartcard-based authentication of the user </li></ul><ul><...
GSM-Architecture Network and provider subsystem Radio subsystem
GSM-Architecture  Handover und Roaming Handover Roaming MSC MSC HLR VLR  AC HLR VLR  AC
GSM Security
GPRS: General Packet Radio Service <ul><li>Properties </li></ul><ul><ul><li>Packet mode service (end-to-end) </li></ul></u...
GPRS Security Mechanisms <ul><li>Security in GPRS  eng very similar to GSM  </li></ul><ul><ul><li>Authentification through...
UMTS <ul><li>UMTS properties   </li></ul><ul><ul><li>packet oriented, all-IP, 2-10 Mb/s throughput,  </li></ul></ul><ul><u...
UMTS Cell Structure
UMTS Service Concept  <ul><li>UMTS Service Concept </li></ul><ul><ul><li>Virtual Home Environment (VHE): services freely c...
UMTS Security  <ul><li>Adaptation of  GSM security </li></ul><ul><ul><ul><li>Confidentiality of the user identity </li></u...
UMTS Security  <ul><li>UMTS Extensions </li></ul><ul><ul><li>extended  UMTS Authentification  and key agreement home netwo...
UMTS Problems <ul><li>Problems </li></ul><ul><ul><li>Interoperability between 2G, 2.5G und 3G  mobile  networks  </li></ul...
Wireless Network Infrastructures  <ul><li>Wireless local area networks (WLAN) and wireless personal area networks (PAN) </...
WLAN Standards/ IEEE 802.11  <ul><li>IEEE Standard 802.11a, 11b, 11g, 1x  (development since 1997) </li></ul><ul><ul><li>I...
WLAN Standards/ IEEE 802.11  <ul><li>Infrastructure mode </li></ul>Ad-Hoc mode Peer-to-Peer Network
IEEE 802.11 Security  <ul><li>WEP  Wired Equivalent Privacy </li></ul><ul><li>Encryption with RC4 stream cipher  with 40 o...
IEEE 802.11 Security <ul><li>Wi-Fi Protected Access (WPA, IEEE 802.11i) </li></ul><ul><li>Major improvement over WEP </li>...
IEEE 802.11 Security  <ul><li>What else can be done? </li></ul><ul><ul><li>Separation of the insecure WLAN from the secure...
PANs Standards/ Bluetooth <ul><li>Bluetooth short overview </li></ul><ul><ul><li>Created 1998 by Ericsson,Intel,IBM,Nokia,...
PANs Standards/ Bluetooth  <ul><li>Bluetooth short overview (cont..) </li></ul><ul><ul><li>Point-to-point  and  point-to-m...
PANs Standards/ Bluetooth <ul><li>Bluetooth network infrastructures </li></ul>Example of a piconet Examples for master/sla...
PANs Standards/ Bluetooth <ul><li>Bluetooth services </li></ul><ul><li>Two modes </li></ul><ul><ul><li>Synchronous Connect...
Security Architecture of Bluetooth <ul><li>Central component of the Bluetooth security architecture is the  Security Manag...
Security Architecture of Bluetooth <ul><li>Security services comprise : </li></ul><ul><ul><li>mutual  authentification  of...
Security Architecture of Bluetooth <ul><li>Access can be granted  on the basis of the trustworthyness of the device, or wh...
Security Architecture of Bluetooth <ul><li>Bluetooth security on link level is based on  128 bit link key and on the symme...
Upcoming SlideShare
Loading in …5
×

PPT - CEENet HOME Page - Central and Eastern European Networking ...

788 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
788
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Zu klären: Qualität der Verfahren, des Schlüsselmanagements? zu klären: Privacy damit ausreichend?
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • EDGE: Spitzendatenraten - EDGE soll bestimmte Spitzendatenraten für alle typischen Konfigurationen der GSM – Funkschnittstelle und in inhouse – Konfigurationen unterstützen. Diese Spitzendatenraten haben die folgenden Werte: - EGPRS: Enhanced GPRS - 384 kBit/s (48 kBit/s je Kanal), Geschwindigkeit: 3 km/h – 100 km/h - 144 kBit/s (18 kBit/s je Kanal), Geschwindigkeit: 250 km/h - ECSD T: Enhanced Circuit Switched Data (wofür T? Traffic?) - 32 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 32 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h - ECSD NT: Enhanced Circuit Switched Data(wofür NT? Non Traffic?) - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 10 km/h - 28,8 kBit/s je Kanal, Geschwindigkeit: bis 100 km/h
  • Initiierung bzw. Bearbeitung der Eingabe einer ESCE (External Security Control Entity), wie z.B. einem Benutzer, der sein PIN eingibt. Starten des Pairing zweier Geräte, die sich noch nicht kennen. Hierbei wird in der Regel eine PIN-Eingabe durch den Benutzer erforderlich. Eine derartige Eingabe wird ebenfalls vom Sicherheitsmanager angefordert. Modi Modus 1: Ist der unsichere Modus, der keine Sicherheitsfunktion vorsieht. Die Sicherheitsdienste der Datenübertragungsebene werden vom Gerät vollständig ignoriert. Es werden vom Gerät selber keine Sicherheitsdienste initiiert. Jedoch reagiert ein Gerät auf eine Authentisierungsanforderung eines anderen Gerätes seinerseits mit einer Authentisierung Aufgrund der fehlenden Sicherheitsdienste sollte der unsichere Modus nur für sicherheitsunkritische Anwendungen eingesetzt werden (z.B. zum elektronischen Austausch von Visitenkarten)
  • Alle Sicherheitsmaßnahmen auf der Verbindungsebene basieren auf 128 Bit Verbindungsschlüsseln (link key) Ein Verbindungsschlüssel wird zwischen zwei oder mehreren Partner vereinbart. Er ist die Basis zur Durchführung der Geräteauthentifikation und Aus ihm werden die geheimen Kommunikationsschlüssel abgeleitet, die eine Länge zwischen 8 Bit und 128 Bit besitzen können. Durch die Trennung zwischen Authentifikations- und Verschlüsselungsschlüssel ist es möglich, für die Datenverschlüsselung auch bei Bedarf kürze Schlüssel zu verwenden (z.B. um gesetzliche Beschränkungen einhalten zu können) ohne die Authentifikationsprozedur zu schwächen. Die Länge der Kommunikationsschlüssel wird bei der Geräteherstellung festgelegt und kann nicht vom Benutzer eines Gerätes oder von höheren Software-Schichten verändert werden Temporäre Schlüssel Verbindungsschlüssel können temporäre Schlüssel sein, die nicht für eine weitere Sitzung verwendet werden, oder sie können semi-permanent sein, d.h. sie werden in nicht-flüchtigen Speicher gespeichert und können nach dem Terminieren einer Sitzung für weitere Sitzungen mit denjenigen Geräten, die ebenfalls diesen Schlüssel kennen, verwendet werden Unter einer Sitzung wird eine Zeitspanne, in der das Gerät Mitglied eines Piconetzes ist verstanden
  • PPT - CEENet HOME Page - Central and Eastern European Networking ...

    1. 1. Mobile Security Wolfgang Schneider [email_address] Fraunhofer-Institute SIT Dolivostr. 15 Darmstadt Germany
    2. 2. Wireless Communication Overview
    3. 3. GSM <ul><li>GSM Properties </li></ul><ul><ul><li>cellular radio network </li></ul></ul><ul><ul><li>digital transmission up to 9600 bit/s </li></ul></ul><ul><ul><li>roaming (mobilität among different network providers, international) </li></ul></ul><ul><ul><li>Good transmission quality (error recognition and correction) </li></ul></ul><ul><ul><li>scalable (große Teilnehmerzahlen möglich) </li></ul></ul><ul><ul><li>worldwide 900 million subscribers </li></ul></ul><ul><ul><li>Europe : over 300 million subscribers </li></ul></ul><ul><ul><li>security mechanisms provided (authentication, authorisation, encryption) </li></ul></ul><ul><ul><li>good usage of resources (frequency- and time-multiplex) </li></ul></ul><ul><ul><li>integration with ISDN and analogue telephone network </li></ul></ul><ul><ul><li>standard (ETSI, European Telecommunications Standards Institute) </li></ul></ul>
    4. 4. GSM <ul><li>GSM Security Requirements </li></ul><ul><li>Network provider‘s view </li></ul><ul><li>correct Billing : authenticity of the user </li></ul><ul><li>no misuse of the service, correct billing of content-usage </li></ul><ul><li>efficiency: no more bandwidth needed for security, no long delays (user acceptance), cost-efficient </li></ul><ul><li>User‘s view </li></ul><ul><li>confidentiality of communication (voice and data) </li></ul><ul><li>privacy, no profiles of the movements of the users </li></ul><ul><li>connection with authentic base station </li></ul><ul><li>correct billing </li></ul><ul><li>Content provider‘s view </li></ul><ul><li>correct billing </li></ul>
    5. 5. GSM <ul><li>Overview of GSM Security Services </li></ul><ul><li>Smartcard-based authentication of the user </li></ul><ul><li>Identification of the through worldwide unique name IMSI </li></ul><ul><li>Algorithm A3 for authentication is not public, </li></ul><ul><li>Confidentiality on the radio link: </li></ul><ul><li>Algorithms: up to 7 A5 variants </li></ul><ul><li>unique, permanent subscriber key Ki and </li></ul><ul><ul><li>dynamicly generated communication keys Kc </li></ul></ul><ul><li>Anonymity: </li></ul><ul><li>use of temporary identities </li></ul>
    6. 6. GSM-Architecture Network and provider subsystem Radio subsystem
    7. 7. GSM-Architecture Handover und Roaming Handover Roaming MSC MSC HLR VLR AC HLR VLR AC
    8. 8. GSM Security
    9. 9. GPRS: General Packet Radio Service <ul><li>Properties </li></ul><ul><ul><li>Packet mode service (end-to-end) </li></ul></ul><ul><ul><li>Data rates up to 171,2 kbit/s (theoretical), effectively up to 115 Kbit/s </li></ul></ul><ul><ul><li>Effektive und flexible Verwaltung der Luftschnittstelle </li></ul></ul><ul><ul><li>Adaptive channel coding </li></ul></ul><ul><ul><li>Standardised interworking with IP- and X.25 networks </li></ul></ul><ul><ul><li>dynamic resource sharin with the „classic“ GSM voice services </li></ul></ul><ul><ul><li>advantage: billing per volume, not per connection time </li></ul></ul>
    10. 10. GPRS Security Mechanisms <ul><li>Security in GPRS eng very similar to GSM </li></ul><ul><ul><li>Authentification through SGSN with Challenge-Response </li></ul></ul><ul><ul><li>Use of temporary identities (managed through SGSN) </li></ul></ul><ul><ul><li>Encryption algorithm A5/3 (GEA3) </li></ul></ul><ul><ul><li>But: no end-to-end encryption </li></ul></ul><ul><ul><li>Key generation and managment as in GSM </li></ul></ul><ul><ul><li>No authentication and confidentiality of signalling messages within the signalling network </li></ul></ul>
    11. 11. UMTS <ul><li>UMTS properties </li></ul><ul><ul><li>packet oriented, all-IP, 2-10 Mb/s throughput, </li></ul></ul><ul><ul><li>Rich Telephony (voice with video, sound), </li></ul></ul><ul><ul><li>audio-, video-streaming (movies etc.), </li></ul></ul><ul><ul><li>better QoS, more user control, </li></ul></ul><ul><ul><li>video-conferencing as killer application?? </li></ul></ul><ul><ul><li>worldwide roaming </li></ul></ul><ul><ul><li>It is basically a merge of mobile telephony, wireless and paging technologies into a common system </li></ul></ul><ul><ul><li>Support of different carrier systems </li></ul></ul><ul><ul><ul><li>Real time / not real time </li></ul></ul></ul><ul><ul><ul><li>Line switching / packet switching </li></ul></ul></ul><ul><ul><li>roaming between UMTS and GSM as well as satellite networks </li></ul></ul><ul><ul><li>asymmetric data rates for up-link/down-link </li></ul></ul>
    12. 12. UMTS Cell Structure
    13. 13. UMTS Service Concept <ul><li>UMTS Service Concept </li></ul><ul><ul><li>Virtual Home Environment (VHE): services freely configurable through user </li></ul></ul><ul><ul><li>service quality and according cost can be chosen </li></ul></ul><ul><ul><li>dynamic Anpassung an die Verbindung </li></ul></ul><ul><li>UPT: Universal Personal Telecommunication Service </li></ul><ul><ul><li>One subscriber number for multiple devices (call management) </li></ul></ul><ul><ul><li>virtual mobility of the terrestric network </li></ul></ul>
    14. 14. UMTS Security <ul><li>Adaptation of GSM security </li></ul><ul><ul><ul><li>Confidentiality of the user identity </li></ul></ul></ul><ul><ul><ul><li>Authentication of the user towards the network </li></ul></ul></ul><ul><ul><ul><li>Encrypted communication over the radio link, </li></ul></ul></ul><ul><ul><ul><li>SIM card as personal security module with authentication of the user towards the SIM card USIM (UMTS Subscriber Identity Module) </li></ul></ul></ul>
    15. 15. UMTS Security <ul><li>UMTS Extensions </li></ul><ul><ul><li>extended UMTS Authentification and key agreement home network authenticated towards the user, sequence numbers: prevents replay of authentication data, keyed MAC </li></ul></ul><ul><ul><li>Integrity of control data : control data during connection establishment are secured with MAC </li></ul></ul><ul><ul><li>USIM controlled use of keys the USIM provides new authentication if the encrypted data exceed a certain volume </li></ul></ul><ul><ul><li>Periodic key renewal </li></ul></ul><ul><ul><li>Integrity and confidentiality of communication data: 128-bit communication key, MACs for integrity </li></ul></ul>
    16. 16. UMTS Problems <ul><li>Problems </li></ul><ul><ul><li>Interoperability between 2G, 2.5G und 3G mobile networks </li></ul></ul><ul><ul><li>different security features: what does it mean in case of roaming between old and new networks? </li></ul></ul>
    17. 17. Wireless Network Infrastructures <ul><li>Wireless local area networks (WLAN) and wireless personal area networks (PAN) </li></ul><ul><li>advantages </li></ul><ul><ul><li>flexibility </li></ul></ul><ul><ul><li>Ad-hoc networks easy to establish </li></ul></ul><ul><ul><li>No cables </li></ul></ul><ul><ul><li>robustness </li></ul></ul><ul><li>disadvantages </li></ul><ul><ul><li>Comparatively low data rates (11 Mbit/s or 54 Mbit/s) </li></ul></ul><ul><ul><li>Higher vulnerability on the transmission link in comparison to cabled local area networks </li></ul></ul><ul><ul><li>no international standards for frequency bands </li></ul></ul><ul><ul><li>security </li></ul></ul>
    18. 18. WLAN Standards/ IEEE 802.11 <ul><li>IEEE Standard 802.11a, 11b, 11g, 1x (development since 1997) </li></ul><ul><ul><li>Intended for </li></ul></ul><ul><ul><ul><li>cost effective and simple use of mobile devices </li></ul></ul></ul><ul><ul><ul><li>e.g. campus networks with wireless infrastructure </li></ul></ul></ul><ul><ul><ul><li>Ad-hoc networks without infrastructure </li></ul></ul></ul><ul><ul><ul><li>Hot spots, e.g. airports, hotels, restaurants </li></ul></ul></ul><ul><li>two modes: infrastructure und ad-hoc </li></ul><ul><ul><li>Infrastructure mode: </li></ul></ul><ul><ul><ul><li>User communicate wireless with Access Points (AP), </li></ul></ul></ul><ul><ul><ul><li>AP is the bridge between the radio and the wired network </li></ul></ul></ul><ul><ul><li>Ad-hoc mode: </li></ul></ul><ul><ul><ul><li>Direct point-to-point communication between users </li></ul></ul></ul>
    19. 19. WLAN Standards/ IEEE 802.11 <ul><li>Infrastructure mode </li></ul>Ad-Hoc mode Peer-to-Peer Network
    20. 20. IEEE 802.11 Security <ul><li>WEP Wired Equivalent Privacy </li></ul><ul><li>Encryption with RC4 stream cipher with 40 or 104 bit key with a 24 bit initialisation vector </li></ul><ul><li>Relies on a single static shared key </li></ul><ul><li>No key management protocol </li></ul><ul><li>Cryptanalysis showed that the way how RC4 is used in WEP makes it vulnerable to eavesdropping attacks </li></ul><ul><li>Automatic tools which recover the RC4 key through eavesdropping are available in the internet </li></ul><ul><li>In 2005 a group from the US FBI demonstrated that they were able to break a WEP-protected WLAN within 3 minutes using publicly available tools </li></ul>
    21. 21. IEEE 802.11 Security <ul><li>Wi-Fi Protected Access (WPA, IEEE 802.11i) </li></ul><ul><li>Major improvement over WEP </li></ul><ul><li>Designed to use with an authentication server, but can be configured in a pre-shared key mode (PSK) for home and small office environments </li></ul><ul><li>Uses RC4 stream cipher with 128 bit keys </li></ul><ul><li>Dynamic key change with Temporal Key Integrity Protocol (TKIP) </li></ul><ul><li>Improved payload integrity through use of a message integrity code (MIC) instead of a CRC </li></ul><ul><li>Includes frame counter to prevent replay attacks </li></ul>
    22. 22. IEEE 802.11 Security <ul><li>What else can be done? </li></ul><ul><ul><li>Separation of the insecure WLAN from the secure company intranet </li></ul></ul><ul><ul><li>Additional security on higher levels: IPSec or SSL or SSH </li></ul></ul><ul><ul><li>Additional authentication server </li></ul></ul><ul><ul><li>Closed shop (only registered MAC addresses) </li></ul></ul><ul><ul><li>Supression of the network name </li></ul></ul><ul><li>Next step is the use of AES instead of RC4 </li></ul>
    23. 23. PANs Standards/ Bluetooth <ul><li>Bluetooth short overview </li></ul><ul><ul><li>Created 1998 by Ericsson,Intel,IBM,Nokia,Toshiba </li></ul></ul><ul><ul><li>Intended for wireless ad-hoc pico networks ( < 10m) </li></ul></ul><ul><ul><li>goal: cheap one-chip solution for short distance wireless communication </li></ul></ul><ul><ul><li>Areas of use </li></ul></ul><ul><ul><ul><li>Connectiion of peripheric devices </li></ul></ul></ul><ul><ul><ul><li>Support of ad-hoc networks </li></ul></ul></ul><ul><ul><li>Frequency band 2,4 GHz </li></ul></ul>
    24. 24. PANs Standards/ Bluetooth <ul><li>Bluetooth short overview (cont..) </li></ul><ul><ul><li>Point-to-point and point-to-multipoint transmission possible </li></ul></ul><ul><ul><li>range 10 cm to 10 m with 1 mW, up to 100m with 100mW </li></ul></ul><ul><ul><li>synchronous voice channels </li></ul></ul><ul><ul><li>1 asynchronous data channel </li></ul></ul><ul><ul><li>1 channel data or voice support data rates of: </li></ul></ul><ul><ul><ul><li>433,9 kbit/s asynchronous-symmetric </li></ul></ul></ul><ul><ul><ul><li>723,2 kbit/s / 57,6 kbit/s asynchronous-asymmetric </li></ul></ul></ul><ul><ul><ul><li>64 kbit/s synchronous, voice </li></ul></ul></ul>
    25. 25. PANs Standards/ Bluetooth <ul><li>Bluetooth network infrastructures </li></ul>Example of a piconet Examples for master/slaves networking
    26. 26. PANs Standards/ Bluetooth <ul><li>Bluetooth services </li></ul><ul><li>Two modes </li></ul><ul><ul><li>Synchronous Connection-oriented Link, SCO </li></ul></ul><ul><ul><ul><li>Needed for voice </li></ul></ul></ul><ul><ul><ul><li>Master reserves time slots </li></ul></ul></ul><ul><ul><li>Asynchronous Connectionless Link, ACL </li></ul></ul><ul><ul><ul><li>Needed for packet oriented data transfer </li></ul></ul></ul><ul><ul><ul><li>Master uses polling </li></ul></ul></ul>
    27. 27. Security Architecture of Bluetooth <ul><li>Central component of the Bluetooth security architecture is the Security Manager with the following tasks: </li></ul><ul><ul><li>Administration of security attributes of services and devices </li></ul></ul><ul><ul><li>Access control from and to devices </li></ul></ul><ul><ul><li>authentication </li></ul></ul><ul><ul><li>Encryption/decryption support </li></ul></ul><ul><ul><li>Moderation of the connection establishment between two devices which don‘t know each other </li></ul></ul>
    28. 28. Security Architecture of Bluetooth <ul><li>Security services comprise : </li></ul><ul><ul><li>mutual authentification of devices, which are identified through a Bluetooth address </li></ul></ul><ul><ul><li>Encryption of transfered data </li></ul></ul><ul><ul><li>authorisation of the use of services </li></ul></ul><ul><li>Subjects in Bluetooth are solely devices, i.e. authorisation is always done on the basis of the device identities and attributes </li></ul><ul><li>Objects are the services </li></ul>
    29. 29. Security Architecture of Bluetooth <ul><li>Access can be granted on the basis of the trustworthyness of the device, or whether a succesful authentication has been done before </li></ul><ul><li>Identification means is the device address (BD_ADDR) </li></ul><ul><ul><li>BD_ADDR is a 48 bit long unique address which is assigned by IEEE </li></ul></ul><ul><li>device authorisation is based on device attributes </li></ul>
    30. 30. Security Architecture of Bluetooth <ul><li>Bluetooth security on link level is based on 128 bit link key and on the symmetric E0 algorithm </li></ul><ul><ul><li>A link key is being established between two or more communication partners for one session </li></ul></ul><ul><ul><li>Link key and E0 algorithm are used for the device authentication </li></ul></ul><ul><ul><li>Encryption keys are derived from the link key and can have a length between 8 bit and 128 bit . </li></ul></ul><ul><ul><li>The length of the encryption keys is device-dependent and cannot be changed by the user </li></ul></ul>

    ×