More Related Content
Similar to 11.bluetooth security
More from Pramod Rathore
11.bluetooth security
- 1. Prof. Neeraj Bhargava PramodSingh Rathore Department of Computer Science School of Engineering & System Sciences, MDS University Ajmer, Rajasthan, India 1
- 2. Disclosure Threat: leakingof information from a system to an unwanted party. Confidentiality violation. Integrity Threat: unauthorized changes of information during transmission. Denial of Service Threat: resources blocked by malicious attacker. Availability violation.
- 3. Authentication: processof determining the identity of another user. Authorization: process of deciding if device A has the access rights to device B. Notion of “trusted” Symmetric Key Security: generally, A trusts B if B can prove that it has the same shared key that A does.
- 4. There isno centralized, trusted third party for a wireless network User Authentication becomes harder Authentication must go across a network without being cracked Device uniqueness: low battery denial of service attacks!
- 5. Ad HocNetworks of Multiple Types of Devices: PDAs, Laptops, Mobile Phones Piconets: Small Clusters (Max Size 8) of Devices Forming an Ad Hoc Network. Masters Determine the Frequency. Piconet Example: Transfer of Files Between Participants at a Meeting. Scatternets: Larger Networks Formed of up to 10 Piconets.
- 7. June 1999 Tom Siep,Texas InstrumentsSlide 13 doc.: IEEE 802.15-99/014r8 Submission Bluetooth and IEEE Structure Bluetooth Physical Layer (PHY) Medium Access Layer (MAC) Logical Link Control (LLC) Physical Data Link Network Transport Session Presentation Application7 6 5 4 3 2 1 ISO OSI Layers IEEE 802 Standards Hardware Software Transport Control Protocol (TCP) Internet Protocol (IP) X.400 and X.500 EMAIL
- 8. Link Manager’sinvolvement with security depends on Bluetooth security mode: only the strictest setting requires that data link implement security. Security for pairing, authentication and encryption is implemented by both software and hardware at this layer. We will later look at the specifics.
- 9. RFCOMM: enforcesthe security policy for dial-up networking and other services relying on a serial port. Supports emulation of multiple serial ports between two devices. Session Layer. L2CAPP: Logical Link and Adaption Protocol. Manages the creation and termination of virtual connections called channels with other devices. Negotiates and dictates security parameters for channel establishment. Network/Transport Layer
- 10. A service anda device data store Answers access requests by protocol implementations (e.g. L2CAPP) or higher layers: R2COMM, applications. Enforces authentication and encryption if they are needed before connecting to application Initiates setting up “trusted” pairings and gets PIN codes from users, saves addresses of other devices.
- 11. Mode 1:No security other than against “casual eavesdroppers” Mode 2: Service Level Security: established after creating the channel, above datalink layer. Mode 3: Datalink Level Security: security initiated before establishing channel, by the Link Manager, as well as by the Service Level. Security Mode determines what stage of connection does security
- 12. 1.) Inquiry: Adevice in a new environment will automatically initiate an inquiry to discover what access points are within its range. This will result in the following events: i.) All nearby access points respond with their addresses. ii.) The device picks one out the responding devices. 2.) Paging: a baseband procedure invoked by a device which results in synchronization of the device with the access point, in terms of its clock offset and phase in the frequency hop, among other required initializations. (see spec for details—master/slave issues here).
- 13. 3.) Link establishment:The LMP will now establish a link with the access point. If Security Mode 3, then Pairing (6) begins at this layer. 4.) Service Discovery: The LMP will use the SDP(Service Discovery Protocol) to discover what services are available. 5.) L2CAP channel created: With information obtained from SDP, a L2CAP channel is created. This may be directly used by the application or by another protocol (e.g. RFCOMM) 6.) Pairing begins here if in Security Mode 2.
- 14. Security Manager ofaccess point is consulted: --checks security mode and service security policy, if security is required, the access point transmits a security request for “pairing” --pairing is only successful if the user knows the pin of the access point --the PIN is not transmitted over the wireless channel but another key generated from it is used, so that the PIN is not compromised. --Encryption will be invoked if secure mode is used.
- 15. Trust level ofthe device determines which services that device has access to. Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as "trusted" in the Device Database. Untrusted Device: The device has been previously authenticated, a link key is stored but the device is not marked as "trusted" in the Device Database Unknown Device: No security information is available for this device, e.g. untrusted
- 16. Only securityat this level is by the nature of the connection: data-hopping and short-distance Bluetooth devices transmit over the unlicensed 2.45GHz radio band, the same band used by microwave ovens and cordless phones.(FHSS) All Bluetooth devices employ “data-hopping”, which entails skipping around the radio band up to 1600 times per second, at 1MHz intervals (79 different frequencies) Most connections are less than 10 meters, so there is a limit as to eavesdropping possibilities
- 17. Service Accessdepends on device: 1. Trusted devices have unrestricted access to all services, fixed relationship to other devices 2. Untrusted devices generally have no permanent relationship and services that it has access to are limited. Unfortunately, all services on a device are given the same security policy, other than application layer add-ons.
- 18. Services canhave one of 3 security levels: Level 3: Requires Authentication and Authorization. PIN number must be entered. Level 2: Authentication only, fixed PIN ok. Level 1: Open to all devices, the default level. Security for legacy applications, for example.
- 19. Security isimplemented by symmetric keys in a challenge-response system. Security implementations in Bluetooth units are all the same, and are publicly available: http://www.bluetooth.com/pdf/Bluetooth_11_S pecifications_Book.pdf Critical ingredients:PIN, BD_ADDR, RAND(), Link and Encryption Keys
- 20. PIN: upto 128 bit number, can be fixed (entered in only one device), or can be entered in both devices. If fixed, much lower security. BD_ADDR: Bluetooth device address, unique 48 bit sequence. (IEEE). Devices must know the address of devices it wants to communicate with. Addresses are publicly available via Bluetooth inquiries.
- 21.
- 22. FHSS DSSS /CDMA Multiple frequencies are used Single frequency is used Hard to find the user’s frequency at any instant of time User frequency, once allotted is always the same Frequency reuse is allowed Frequency reuse is not allowed Sender need not wait Sender has to wait if the spectrum is busy Power strength of the signal is high Power strength of the signal is low Stronger and penetrates through the obstacles It is weaker compared to FHSS It is never affected by interference It can be affected by interference It is cheaper It is expensive This is the commonly used technique This technique is not frequently used
- 23. Reduced CrosstalkInterference Better Voice Quality/Data and less Noise Inherent Security Longer Operation Distances Hard to Intercept Harder to Jammed
- 24. Spread Spectrum promisesseveral benefits such as higher capacity and ability to resist multipath propagation. Spread Spectrum signal are difficult to intercept for an unauthorized person, they are easily hidden. For an unauthorized person it is difficult to even detect their presence in many cases.
- 25.
- 26.