1) The document discusses security threats and mechanisms in wireless networks and Bluetooth technology. It describes authentication, authorization, and different security modes in Bluetooth. 2) It explains pairing and encryption processes between Bluetooth devices and how different trust levels impact service access. Security is implemented through symmetric keys and challenge-response. 3) The document compares FHSS and DSSS/CDMA signaling techniques, noting advantages of FHSS like reduced interference, better voice quality, inherent security, and resistance to jamming.

1. Prof. Neeraj Bhargava
Pramod Singh Rathore
Department of Computer Science
School of Engineering & System Sciences,
MDS University Ajmer, Rajasthan, India
1

2. Disclosure Threat: leaking of information
from a system to an unwanted party.
Confidentiality violation.
Integrity Threat: unauthorized changes of
information during transmission.
Denial of Service Threat: resources blocked
by malicious attacker. Availability
violation.

3.  Authentication: process of determining
the identity of another user.
 Authorization: process of deciding if
device A has the access rights to device B.
Notion of “trusted”
 Symmetric Key Security: generally, A
trusts B if B can prove that it has the
same shared key that A does.

4.  There is no centralized, trusted third
party for a wireless network
 User Authentication becomes harder
 Authentication must go across a
network without being cracked
 Device uniqueness: low battery denial
of service attacks!

5.  Ad Hoc Networks of Multiple Types of
Devices: PDAs, Laptops, Mobile Phones
 Piconets: Small Clusters (Max Size 8) of
Devices Forming an Ad Hoc Network.
Masters Determine the Frequency. Piconet
Example: Transfer of Files Between
Participants at a Meeting.
 Scatternets: Larger Networks Formed of
up to 10 Piconets.

7. June 1999
Tom Siep, Texas InstrumentsSlide 13
doc.: IEEE 802.15-99/014r8
Submission
Bluetooth and IEEE Structure
Bluetooth
Physical Layer
(PHY)
Medium Access Layer
(MAC)
Logical Link Control
(LLC)
Physical
Data Link
Network
Transport
Session
Presentation
Application7
6
5
4
3
2
1
ISO OSI
Layers
IEEE 802
Standards
Hardware
Software
Transport Control Protocol (TCP)
Internet Protocol (IP)
X.400 and X.500 EMAIL

8.  Link Manager’s involvement with security
depends on Bluetooth security mode: only the
strictest setting requires that data link
implement security.
 Security for pairing, authentication and
encryption is implemented by both software
and hardware at this layer.
 We will later look at the specifics.

9.  RFCOMM: enforces the security policy for
dial-up networking and other services
relying on a serial port. Supports emulation
of multiple serial ports between two
devices. Session Layer.
 L2CAPP: Logical Link and Adaption Protocol.
Manages the creation and termination of
virtual connections called channels with
other devices. Negotiates and dictates
security parameters for channel
establishment. Network/Transport Layer

10. A service and a device data store
 Answers access requests by protocol implementations (e.g.
L2CAPP) or higher layers: R2COMM, applications.
 Enforces authentication and encryption if they are needed
before connecting to application
 Initiates setting up “trusted” pairings and gets PIN codes
from users, saves addresses of other devices.

11.  Mode 1: No security other than against “casual
eavesdroppers”
 Mode 2: Service Level Security: established
after creating the channel, above datalink layer.
 Mode 3: Datalink Level Security: security
initiated before establishing channel, by the Link
Manager, as well as by the Service Level.
Security Mode determines what stage of
connection does security

12. 1.) Inquiry: A device in a new environment will
automatically initiate an inquiry to discover
what access points are within its range. This
will result in the following events:
i.) All nearby access points respond with their
addresses.
ii.) The device picks one out the responding
devices.
2.) Paging: a baseband procedure invoked by a
device which results in synchronization of the
device with the access point, in terms of its
clock offset and phase in the frequency hop,
among other required initializations. (see spec
for details—master/slave issues here).

13. 3.) Link establishment: The LMP will now establish
a link with the access point. If Security Mode 3,
then Pairing (6) begins at this layer.
4.) Service Discovery: The LMP will use the
SDP(Service Discovery Protocol) to discover what
services are available.
5.) L2CAP channel created: With information
obtained from SDP, a L2CAP channel is created.
This may be directly used by the application or by
another protocol (e.g. RFCOMM)
6.) Pairing begins here if in Security Mode 2.

14. Security Manager of access point is consulted:
--checks security mode and service security
policy, if security is required, the access
point transmits a security request for
“pairing”
--pairing is only successful if the user knows
the pin of the access point
--the PIN is not transmitted over the wireless
channel but another key generated from it is
used, so that the PIN is not compromised.
--Encryption will be invoked if secure mode is
used.

15. Trust level of the device determines which
services that device has access to.
Trusted Device: The device has been previously
authenticated, a link key is stored and the device is
marked as "trusted" in the Device Database.
Untrusted Device: The device has been previously
authenticated, a link key is stored but the device is
not marked as "trusted" in the Device Database
Unknown Device: No security information is
available for this device, e.g. untrusted

16.  Only security at this level is by the nature of the
connection: data-hopping and short-distance
 Bluetooth devices transmit over the unlicensed
2.45GHz radio band, the same band used by
microwave ovens and cordless phones.(FHSS)
 All Bluetooth devices employ “data-hopping”,
which entails skipping around the radio band up to
1600 times per second, at 1MHz intervals (79
different frequencies)
 Most connections are less than 10 meters, so there
is a limit as to eavesdropping possibilities

17.  Service Access depends on device:
1. Trusted devices have unrestricted access to
all services, fixed relationship to other
devices
2. Untrusted devices generally have no
permanent relationship and services that it
has access to are limited.
 Unfortunately, all services on a device are
given the same security policy, other than
application layer add-ons.

18.  Services can have one of 3
security levels:
Level 3: Requires Authentication and
Authorization. PIN number must be
entered.
Level 2: Authentication only, fixed PIN ok.
Level 1: Open to all devices, the default
level. Security for legacy applications, for
example.

19.  Security is implemented by symmetric keys in
a challenge-response system.
 Security implementations in Bluetooth units
are all the same, and are publicly available:
http://www.bluetooth.com/pdf/Bluetooth_11_S
pecifications_Book.pdf
 Critical ingredients:PIN, BD_ADDR,
RAND(), Link and Encryption Keys

20.  PIN: up to 128 bit number, can be fixed
(entered in only one device), or can be
entered in both devices. If fixed, much lower
security.
 BD_ADDR: Bluetooth device address, unique
48 bit sequence. (IEEE). Devices must know
the address of devices it wants to
communicate with. Addresses are publicly
available via Bluetooth inquiries.

21. Conversion of Signal

22. FHSS DSSS / CDMA
Multiple frequencies are used Single frequency is used
Hard to find the user’s
frequency at any instant of time
User frequency, once allotted is
always the same
Frequency reuse is allowed Frequency reuse is not allowed
Sender need not wait Sender has to wait if the
spectrum is busy
Power strength of the signal is
high
Power strength of the signal is
low
Stronger and penetrates
through the obstacles
It is weaker compared to FHSS
It is never affected by
interference
It can be affected by
interference
It is cheaper It is expensive
This is the commonly used
technique
This technique is not frequently
used

23.  Reduced Crosstalk Interference
 Better Voice Quality/Data and less Noise
 Inherent Security
 Longer Operation Distances
 Hard to Intercept
 Harder to Jammed

24. Spread Spectrum promises several benefits such
as higher capacity and ability to resist multipath
propagation.
Spread Spectrum signal are difficult to intercept
for an unauthorized person, they are easily
hidden.
For an unauthorized person it is difficult to even
detect their presence in many cases.

25. 25

26. 26