Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DC4420 Bluetooth Security

47 views

Published on

Bluetooth has been around now for 20 years; over that time the number of security features in the specification has greatly increased, but many of those security features are optional and may or may not be implemented by device vendors. This talk gives a brief overview of the evolution of Bluetooth security features, then going into detail on how the security characteristics of a Bluetooth connection are determined, depending on which features are implemented by the vendors of the devices involved. We conclude by covering the questions that vendors need to answer, to determine whether the security of their device is adequate for its intended purpose.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DC4420 Bluetooth Security

  1. 1. Bluetooth Security: Where are we now and how did we get here? Craig Heath @heathcr 29 Oct 2019 DC4420
  2. 2. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security: Topics 29 Oct 2019 2  (very) brief history of Bluetooth  (very) high-level architecture overview  Security features by version  How device security capabilities interact  What vendors should tell you, but don’t  What security-sensitive users should do
  3. 3. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Core Specification History 29 Oct 2019 3 Year Version Main Features Pages 1999 1.0 Basic Rate (BR) 1082 2001 1.1 interoperability fixes 1084 2003 1.2 frequency hopping 1200 2004 2.0 Enhanced Data Rate (EDR) 1230 2007 2.1 Secure Simple Pairing (SSP) 1420 2009 3.0 High Speed (HS / AMP) 1712 2010 4.0 Low Energy (LE) 2302 2013 4.1 LTE-friendly, IoT enhancements 2684 2014 4.2 Low power IPv6 support 2772 2017 5.0 Improved range/speed, connectionless beacons 2822 2019 5.1 Indoor positioning, power optimisation 2985
  4. 4. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Architecture Overview 29 Oct 2019 4 HCI HostAudio L2CAP BNEP RFCOMM SDP OBEX PAN Applications TCSAVCTP GATT SMP OPP Other BR/EDR profiles … A2DP, AVCRP LE profiles … Baseband Radio Link Controller Link Manager (LMP) Controller ATT Generic Access Profile Generic protocols Application profiles SPP Application Presentation Session Transport Network Data Link Physical Software/Hardware Component View Network Layer View (approximate)
  5. 5. © Franklin Heath Ltd c b CC BY 4.0 Security Features of Bluetooth Versions 29 Oct 2019 5 Version Security Enhancements <= 2.0 BR/EDR Security Modes 1, 2 and 3 2.1 Secure Simple Pairing (SSP) + Security Mode 4 3.0 no significant changes 4.0 LE Security Modes 1 and 2 4.1 BR/EDR “Secure Connections” 4.2 LE Secure Connections, LE Privacy 5.0 no significant changes 5.1 no significant changes
  6. 6. © Franklin Heath Ltd c b CC BY 4.0 How Security Modes and Levels are Determined 29 Oct 2019 6 1. A pairing “association model” is chosen based on the capabilities of the 2 devices  Out-of-Band authentication tokens  I/O capabilities (e.g. keyboard input) 2. Either or both of the devices may request Secure Connections and/or Man-in-the-Middle protection 3. The key establishment protocol is negotiated 4. A persistent shared secret link key is then established for the pair of devices
  7. 7. © Franklin Heath Ltd c b CC BY 4.0 Pairing Association Models 29 Oct 2019 7  legacy PIN  Just Works  Passkey Entry  Numeric Comparison  Out-of-Band
  8. 8. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security Algorithms 29 Oct 2019 8 BR/EDR Versions LE Versions 1.0 2.1 4.1 4.0 4.2 (legacy) Secure Simple Pairing Secure Connections LE Legacy Pairing LE Secure Connections Key Exchange E21/E22 (SAFER+) ECDH P-192, HMAC-SHA-256 ECDH P-256, HMAC-SHA-256 AES-128 ECDH P-256, AES-CMAC Authentication E1 (SAFER+) HMAC-SHA-256 AES-CCM Encryption E0 (Massey-Rueppel) AES-CCM
  9. 9. © Franklin Heath Ltd c b CC BY 4.0 Security Modes After Pairing 29 Oct 2019 9 BR/EDR Versions BR/EDR Security Modes LE Versions LE Security Modes legacy (PIN) All Mode 2 or 3 None - Just Works 2.1+ Mode 4 Levels 0, 1 or 2 4.0+ Mode 1 Level 1 or 2, or Mode 2 Level 1 Passkey Entry 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Out of Band 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Numeric Comparison 2.1+ Mode 4 all levels* 4.2+ Mode 1 or Mode 2 all levels* * BR/EDR Mode 4 Level 4 and LE Mode 1 Level 4 are only available if both devices support Secure Connections
  10. 10. © Franklin Heath Ltd c b CC BY 4.0 BR/EDR Security Mode 4 Levels 29 Oct 2019 10 Mode 4 Security Level Man-in-the- Middle Protection User Interaction During Pairing Data Confidentiality 0 No No No 1 No Minimal No 2 No Minimal Standard 3 Yes Yes Standard 4 Yes Yes Strong
  11. 11. © Franklin Heath Ltd c b CC BY 4.0 LE Security Modes and Levels 29 Oct 2019 11 Bluetooth LE Security Mode and Level Authenticated Pairing Data Integrity Data Confidentiality Mode 1 Level 1 No No No Mode 2 Level 1 No Yes No Mode 1 Level 2 No Yes Standard Mode 2 Level 2 Yes Yes No Mode 1 Level 3 Yes Yes Standard Mode 1 Level 4 Yes Yes Strong
  12. 12. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Secure Simple Pairing Association Models 29 Oct 2019 12 Table 1A Initiator: OOB flag Yes No Responder: OOBflag Yes OOB OOB No OOB Table 1B Table 1B Initiator: MITM flag Yes No Responder: MITMflag Yes Table 1C Table 1C No Table 1C Just Works Table 1C Initiator IO Capability KeyboardOnly DisplayYesNo DisplayOnly NoInputNoOutput ResponderIOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo Passkey Entry Numeric Compar­- ison Just Works Just Works DisplayOnly Passkey Entry Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works
  13. 13. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth LE Pairing Association Models 29 Oct 2019 13 Table 2A Initiator: OOB flag On Off SC flag SC flag On Off On Off Responder:OOBflag On SCflag On OOB OOB OOB Table 2B Off OOB OOB Table 2B Table 2B Off SCflag On OOB Table 2B Table 2B Table 2B Off Table 2B Table 2B Table 2B Table 2B Table 2B Initiator: MITM flag On Off Responder: MITMflag On Table 2C Table 2C Off Table 2C Just Works Table 2C Initiator: IO Capability KeyboardOnly KeyboardDisplay DisplayYesNo DisplayOnly NoInputNoOutput SC flag SC flag On Off On Off Responder:IOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works KeyboardDisplay SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Passkey Entry Passkey Entry Just Works Off Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Just Works Just Works Just Works Off Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works DisplayOnly Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works Just Works Just Works Just Works
  14. 14. © Franklin Heath Ltd c b CC BY 4.0 What does “Qualification” Mean? 29 Oct 2019 14  What Bluetooth SIG conformance testing is called  Conformance test suites  Implementation eXtra Information for Testing (IXIT)  Implementation Conformance Statement (ICS)  Public listing  Older specification versions are deprecated, and as of this year are starting to be completely withdrawn
  15. 15. © Franklin Heath Ltd c b CC BY 4.0 Questions Bluetooth Device Vendors Should Answer 29 Oct 2019 15  Is it qualified against a Bluetooth Core Specification version of 4.2 or better?  Does it include the optional Secure Connections feature?  (If LE or dual-mode) Does it include the optional LE Privacy feature?  Does it have the “Secure Connections Only” mode? How selected?  If not, what minimum security attributes are implemented for each Bluetooth service offered?  What minimum effective encryption key length is enforced?  Is there a maximum effective encryption key length enforced?  Does it request Man-in-the-Middle protection during pairing?
  16. 16. © Franklin Heath Ltd c b CC BY 4.0 What Else Can Security-Sensitive Device Admins Do? 29 Oct 2019 16  Devices *and accessories* must be maintained with regular security patches.  When connecting two devices (or a device and an accessory), at least one of the pair must have Secure Connections Only mode turned on.  Tethering of devices using the Bluetooth PAN profile should be discouraged.  Users of Bluetooth BR/EDR accessories should be made aware that they may be exposing trackable device identification.  If it *really* matters: Vendor claims should be validated by independent testing to verify that appropriate security modes, levels and key lengths are being used in practice.
  17. 17. © Franklin Heath Ltd c b CC BY 4.0 Thank You! 29 Oct 2019 craig@franklinheath.co.uk @heathcr @franklinheath 17

×