This document discusses security in Bluetooth, CDMA, and UMTS wireless technologies. It describes security threats like disclosure and integrity threats in Bluetooth. It outlines Bluetooth security levels, modes, and techniques like authentication, authorization, and encryption. It also discusses known vulnerabilities like spoofing and denial of service attacks against Bluetooth. The document then covers 3G security features in UMTS like mutual authentication and data integrity. Finally, it provides an overview of CDMA technology and security through encryption and authentication.

1. SECURITY IN
BLUETOOTH, CDMA AND
UMTS
MOTILAL NEHRU NATIONAL INSTITUTE OF TECHNOLOGY
ALLAHABAD

2. BLUETOOTH
 System for short range wireless communication
 Wireless data transfer via ACL link
 Data rates up to 3 Mb/s
 2.4 GHz ISM band (Industrial Scientific Medicine)
 Typical communication range is 10-100 meters
 Bluetooth SIG (Special Interest Group) developed the
technology

3. SECURITY THREATS
 Disclosure Threat
 Integrity Threat
 Denial of Service (DoS)

4. ATTACKS
 Snarf Attack
 Backdoor Attack
 BlueBug Attack
 BlueJack Attack
 Denial of Service Attack
 BluePrinting Attack

5. SECURITY LEVELS AND MODES
Security Levels:
 Silent
 Private
 Public
Security Modes:
 Non Secure
 Service Level Enforced Security
 Link Level Enforced Security

6. AUTHENTICATION,
AUTHORIZATION , ENCRYPTION
 Authentication is the process of proving the identity of
one piconet member to another
 Authorization determines whether the user is authorized
to have access to the services provided
 Encryption is the process of encoding the information so
that no eavesdropper can read it

7. SECURITY OPERATIONS

8. AUTHENTICATION

9. AUTHORIZATION

10. ENCRYPTION
 Encryption Mode 1
 Encryption Mode 2
 Encryption Mode 3

11. ENCRYPTION PROCEDURE

12. KNOWN VULNERABILITIES
 Spoofing through Keys
 Spoofing through a Bluetooth Address
 PIN Length

13. COUNTERMEASURES
 Know your Environment
 Be Invisible
 Abstinence is best
 Use only long PIN codes (16 case sensitive
alphanumerical characters)
 Requiring Authentication for every L2CAP request
 Using additional security at software level and an
additional password to physically protect the Bluetooth
devices

14. COUNTERMEASURES CONTD…
 Requiring re authentication always prior to access of a
sensitive information / service
 To prevent Man-in-the-middle attack, approach is to
make it difficult for an attacker to lock onto the
frequency used for communication. Making the
frequency hopping intervals and patterns reasonably
unpredictable might help to prevent an attacker from
locking onto the devices signal.

15. PROPOSED SOLUTION FOR DOS
ATTACK
 When the pairing message is sent by one device
 When the attacker is sending the message with the
address, which is already connected to Bluetooth device
 When the pairing message sent by more than one device
 When the attacker is changing the Bluetooth address of
itself with another Bluetooth address

16. UMTS security

17. UMTS system architecture (R99) is
based on GSM/GPRS

18. POSSIBLE ATTACKS ON UMTS
 Denial of service
 Identity catching
 Impersonation of the network
 Impersonation of the user

19. 3G SECURITY FEATURES
 „ Mutual Authentication
The mobile user and the serving network authenticate
each other
 „ Data Integrity
Signaling messages between the mobile station and RNC
protected by integrity code
 Network to Network Security
Secure communication between serving networks. IPsec
suggested
 Secure IMSI (International Mobile Subscriber
Identity) Usage
The user is assigned a temporary IMSI by the serving
network

20. 3G SECURITY FEATURES
CONTD…
 „ User – Mobile Station Authentication
The user and the mobile station share a secret key, PIN
 „ Secure Services
Protect against misuse of services provided by the home
network and the serving network
 „ Secure Applications
Provide security for applications resident on mobile
station

21. AUTHENTICATION AND KEY
AGREEMENT
 „ AuC and USIM share
 permanent secret key K
 Message authentication functions f1, f1*, f2
 key generating functions f3, f4, f5
 „ AuC has a random number generator
 „ AuC has scheme to generate fresh sequence numbers
 „ USIM has scheme to verify freshness of received

22. AUTHENTICATION AND KEY
AGREEMENT home
128 bit secret key K is shared between the
network and the mobile user
Home Network Mobile station

23. Complete Message flow for
successful AKA

24. Encryption

25. Integrity Check

26. NETWORK DOMAIN SECURITY
 IPSec
 IP traffic between networks can be protected with
IPSEC between security gateways
 Encapsulating Security Payload (ESP) is used for
protection of packets
 ESP is always used in tunnel mode
 Advance Encryption Standard (AES)

27. CDMA

28. CODE DIVISION MULTIPLE ACCESS
(CDMA)
 Channel access method used by various radio
communication technology
 Employs spread spectrum technology and a special
coding scheme
 Attacks are very difficult and rare

29. DIFFERENCE BETWEEN CDMA,
TDMA AND FDMA

30. TYPES OF CDMA
 Frequency Hopping Spread Spectrum CDMA
 Direct Sequence Spread Spectrum CDMA

31. SECURITY
 By design, CDMA technology makes eavesdropping very
difficult
 42-bit PN (Pseudo Random Noise) sequence
 64-bit authentication key (A-Key)
 Electronic Serial Number (ESN) of the mobile

32. AUTHENTICATION

33. AUTHENTICATION MODEL

34. ENCRYPTION

35. Thank You!!!!!