VPCOE,Baramati. BLUETOOTH SECURITY

Abstract

Bluetooth is a way of connecting machines to each other without cables or any other physical medium. It uses radio waves to transfer information, so it is very easily affected by attacks. In this let me first give some background information about Bluetooth system and security issues in ad hoc networks, a security framework is introduced for the description of the Bluetooth security layout.

Then both link-level and service-level security schemes are discussed in detail on the basis of the framework and then it concentrates on specific security measures in Bluetooth, mainly authentication, encryption, key management and ad hoc aspects. Corresponding countermeasures are also proposed in order to improve the Bluetooth security.

CHAPTER-1

INTRODUCTION

Bluetooth is a wireless communications specification named after the 10th century Danish King Harald Blatland, or “Bluetooth”. King Harald united the separate kingdoms of Denmark and Norway. The Bluetooth specification is intended to “unite” separate personal computing devices such as laptops, PDAs, palmtops, cell phones and peripherals, like printers for example. In short, Bluetooth is wireless technology intended for short-range radio links to replace cables. Its primary features are voice and data capabilities, robustness, low complexity, low power and low cost.

1.1 THE BLUETOOTH SPECIFICATION

L. M. Ericsson of Sweden invented Bluetooth in 1994. The Bluetooth Special Interest

Group (SIG) was founded by Ericsson, IBM, Intel, Nokia and Toshiba in February

1998, to develop an open specification for short-range wireless communications. The group now consists of over 1900 companies.

Bluetooth is built around the notion of a Personal-Area Network or PAN. It operates in the 2.4GHz radio frequency band, offers 721Kb data rates, and has a range of

approximately 10 meters. Application of Bluetooth technology has also been extended to offer wireless access to LANs, PSTN, the mobile phone network and the internet.

Since it operates in the 2.4GHz ISM band, the Bluetooth standard is targeted for worldwide approvals so that, anywhere in the world, any Bluetooth enabled device can connect to other Bluetooth devices in its proximity, regardless of manufacturer. According to the specification, Bluetooth devices communicate wirelessly in short- range, ad hoc networks called piconets. Each device can simultaneously communicate with up to seven other devices in the piconet. Also, each device can be a participant in several piconets. These piconets are established automatically as devices enter and leave the radio network.

As a specification, Bluetooth has some new and unique capabilities, but borrows heavily from prior standards, including Motorola's Piano, IrDA, IEEE 802.11, and Digital Enhanced Cordless Telecommunications (DECT). The Bluetooth SIG adopted Motorola's Piano to provide for "Personal-Area Networks," (e.g. piconets) to extend the original Bluetooth concept beyond simple cable replacement. Bluetooth voice transmission features are derived from the DECT specification. IrDA specifications give Bluetooth its object exchange capabilities. The IEEE 802.11 specification provided Bluetooth with the 2.4GHz ISM band, frequency-hopping spread spectrum (FHSS), authentication, privacy, power management, and wireless LAN potential.

This report gives information about the security measures of Bluetooth, where we examine the Bluetooth security architecture in detail, how they should be different from the old security measures of the cable-connected world and are they sufficient enough, so that Bluetooth can be used for everyday communications. I have examined the Bluetooth security in two parts according to the framework proposed, including the build-in link-level Bluetooth security as the main part, and the service level Bluetooth security architecture as the practice part, respectively. And what possible uses it has.

1.2 APPLICATIONS

The Bluetooth works for the wide range of applications. These range from straightforward cable replacement to sophisticated networking applications.

Examples:

Wireless headsets for cell phones for hands-free, wire-free phone calls.

Wireless PC Mouse connection to the PC using Bluetooth.

Wireless printing between a PC or handheld and a Bluetooth enabled printer.

Wireless barcode scanner input for retail and warehousing.

Automated synchronization of Personal Digital Assistant (PDAs) and PCs using Bluetooth.

Ad hoc networking and file sharing between PCs, PDAs & laptops in a meeting.

Automated cell phone dialing from a laptop’s contact database with logging of the activity on the laptop.

Internet access for Bluetooth used devices via the Bluetooth enabled device on the Internet.

Synchronize contact information between a cell phone, PDA, notebook, and desktop wirelessly.

With automatic synchronization enabled, everyone can see changes to the shared material on his or her own computer.

1.3 BENEFITS

The most basic benefit from Bluetooth is of simple cable replacement between two devices. For many situations were the physical elimination of inconvenient cables that take space and limit device placement. In industrial and commercial applications, the presence of wires creates problems and task interference issues. The wide range of device types and standard interface make by Bluetooth. Which allows selection of devices optimized each for their particular functions. The multi-point capabilities of Bluetooth communications allows one interface to support communications a set of wired and wireless devices are Bluetooth connectable, including office appliances, e.g. desktop PCs, printers, projectors, laptops, and PDAs; communication appliances, e.g. speakers, handsets, pagers, and mobile phones; home appliances, e.g. DVD players, digital cameras, cooking ovens, washing machines, refrigerators, and thermostats. Bluetooth is suitable for a wide range of applications, e.g. wireless office and meeting room, smart home and vehicle, intelligent parking, electrical paying and banking. printers, scanners, scales, PDAs, other PCs, etc.

Bluetooth wireless networking, in general, provides a simple and fast path to ad hoc networks with minimal equipment and overhead.

1.4 CHALLENGES

Widespread adoption of Bluetooth still faces significant hurdles. First and foremost, there remain interoperability issues between products from different vendors. The Bluetooth specification has had a number of “holes” which left too much latitude between vendors’ implementations. While the specification continues to be worked on by the Bluetooth SIG and the IEEE 802.15 task group, interoperability between products is still somewhat spotty. Testing is advised.

Secondly, as a wireless technology, there are concerns around security. Information could be intercepted by other devices. While the basic security and encryption capabilities of the specification are fundamentally sound, vendor implementations can vary.

There is potential for interference in HIGHLY congested areas.

Finally, there is significant competition from IEEE 802.11b wireless LAN technology which has seen tremendous market acceptance and price drops in the past two years. This technology has many of the same capabilities as Bluetooth, much greater speed and range and costs in line with early Bluetooth radios.

1.5 PROSPECTS

Cable replacement and Wireless Personal-Area Networks (PANs) represent the major opportunities for Bluetooth technology in the near future. For Bluetooth technology to achieve ubiquitous adoption, interoperability, security and interference issues must be addressed, vendors must bring more, and a wider array of products to market and chip pricing must become significantly less expensive.

To be fair, as with many emerging technologies, Bluetooth specifications and products will mature and eventually these issues will be resolved. Then Bluetooth adoption will grow exponentially.

CHAPTER-2

BLUETOOTH PROTOCOL OVERVIEW

Figure 2.1 illustrates the Bluetooth protocol stack, which can be divided into four layers according to their purpose, in the following way:

1. Bluetooth Core Protocols, including Baseband, LMP, L2CAP, and SDP, comprise exclusively Bluetooth-specific protocols developed by the Bluetooth SIG that are required by most of the Bluetooth devices.

2. Cable Replacement Protocol, i.e. RFCOMM protocol, is based on the ETSI TS 07.10 that emulate serial line control and data signals over Bluetooth Baseband to provide transport capabilities for upper level services.

3. Telephony Control Protocols, including TCS Binary and AT-commands, are used to define the call control signalling, mobility management procedures, and multiple usage models for the Bluetooth devices to establish the speech and data calls and provide FAX and modem services.

4. Adopted Protocols, including PPP, UDP/TCP/IP, WAP, WAE, etc. Due to the open nature of the Bluetooth specification, additional protocols (e.g., HTTP, FTP, etc.) can be accommodated in an interoperable fashion.

5. Host Controller Interface (HCI), i.e. the boundary between hardware and software, provides a uniform command interface to access capabilities of hardware, e.g. Baseband controller, link manager, control and event registers.

Figure 2.1 Bluetooth protocol stack.

The layers of Cable Replacement, Telephony Control, and Adopted Protocols form the application-oriented protocols that enable applications to run over the Bluetooth core protocols. Not all applications make use of all the protocols shown in Figure 2.1 Instead, applications run over one or more vertical slices of this protocol stack. In other words, applications may run over different protocol stacks. Nevertheless, each one of these different protocol stacks uses a common Bluetooth data link and physical layer, i.e. Bluetooth core protocols, including:

· Baseband. Based on the physical radio link, the Baseband can form the piconets between Bluetooth units and decide the roles of master and slave in the piconet. The Baseband provides physical links of both Synchronous Connection- Oriented (SCO) and Asynchronous Connectionless (ACL) to support the transmission of data and/or audio with corresponding packets. Other functions include error correction, link management and control, audio transmission, etc.

· Link Manager Protocol (LMP). The Bluetooth protocol LMP is responsible for link set-up between Bluetooth devices. This includes security aspects and the control and negotiation of Baseband packet sizes. Furthermore, it controls the power modes and duty cycles of the Bluetooth radio device, and the connection states of a Bluetooth unit in a piconet.

· Logical Link Control and Adaptation Protocol (L2CAP). The protocol of L2CAP provides connection-oriented and connectionless data services to the upper layer protocols over the Baseband, with protocol multiplexing capability, segmentation and reassembly operation, and group abstractions, which permits higher level protocols and applications to transmit and receive L2CAP data packets. L2CAP is defined only for ACL links.

· Service Discovery Protocol (SDP). Using SDP to discover services is a crucial part of the Bluetooth framework and provides the basis for all the usage models. SDP query device information, services information, and the characteristics of the services, according to which a suitable connection between two or more Bluetooth devices can be established.

CHAPTER-3

SECURITY FRAMEWORK

The Bluetooth technology provides security at both the application layer and the link layer. In this there are two kinds of features that make attacks more difficult. A hop selection mechanism of up to 1600 hops/sec is used to avoid the interference from external or other piconets. An automatic output power adaptation scheme is also included in the standard for the low power consumption of light-weight mobile devices, which can reduce the radio spread range for data transmission exactly according to requirements based on the detected intensity.

3.1 Basic Definitions

A total of three different information security objectives are to be reached one or all. Confidentiality means that the data can only be used by authorized users and/or parties. Integrity means that the data cannot be modified during transfer and stored by adversaries. Availability means that the data is always available for authorized use.

Bluetooth gives three main techniques to achieve security features:

· Encryption: The process of transforming data into a form that it cannot be understood without a key. Both data and control information can be encrypted.

· Authentication: means the ensuring of the identity of another user, so that he knows to whom is communicating with. In which to verify ‘who’ is at the other end of the link. Authentication is performed for both devices and users.

· Authorization: The process of deciding, if a device is allowed to have access to a service. Authorization always includes authentication.

This is the process of deciding if device X is allowed to have access to service Y. This is where the concept of“trusted” exist. Bluetooth uses link level security where each connection is given a unique secret authentication key and encryption key that is derived from the first one. More of these later in the paper.

Communication between different Bluetooth (BT) devices use fast frequency-hopping spread spectrum (FHSS) technique, which uses 79 different radio channels. Bluetooth uses the same frequency than other household machines, example microwave oven, which can cause interference. FHSS prevents this interference to cause too much harm, since it changes transmission frequency 1600 times per second and if there is an interference at some frequency, only that one transmission is damaged. FHSS also add security on data transmission between devices since it makes it harder to eavesdrop.

On the other hand the low transmission power prevents the transmission to propagate far and makes it harder to cut between the transmission.

The information on a BT packet can be protected by encryption. Only the packet payload is encrypted, never the access code and the packet header. The encryption is done with a stream cipher E0, which is synchronised for each payload.

3.2 Security Levels

Bluetooth has several different security levels that can be defined for devices and services. All the devices get a status when they connect the first time to another device.

3.2.1 Device Trust Level

The devices can have two trust levels; trusted and untrusted. The trusted level requires a fixed and trusted relationship and it has unrestricted access to all services. The device has to be previously authenticated. The untrusted device doesn’t have fixed relationship and its access to services is limited. An untrusted device can also have a fixed relationship, but it’s not considered as trusted. A new device is labelled as unknown device and it is always untrusted.

3.2.1.1 Security Modes In Device Trust Level

Each Bluetooth device can work on one of the three security modes. Depending on whether a device uses a semi link key or a master key, there are several encryption modes available. If a unit key or a combination key is used, broadcast traffic is not encrypted. Individually addressed traffic can be either encrypted or not. If a master key is used, there are three possible modes.Bluetooth has three different security modes build in it and they are as follows:

Security Mode 1

A device will not initiate any security. A non-secure mode.

A device will not initiate any security procedures. In this nonsecure mode, the security functionality (authentication and encryption) is completely bypassed. In effect, the Bluetooth device in Mode 1 is in a promiscuous mode that allows other Bluetooth devices to connect to it. This mode is provided for applications for which security is not required, such as exchanging business cards.