Xiuzhen Cheng cheng@gwu.edu

About This Presentation

Title:

Xiuzhen Cheng cheng@gwu.edu

Description:

Bluetooth Consortium was founded in Spring 1998. By Ericsson, Intel, IBM, Nokia, Toshiba; Now more than 2000 organizations joint the SIG ... – PowerPoint PPT presentation

Number of Views:160

Avg rating:3.0/5.0

Slides: 72

Provided by: xiuzhe

Learn more at: https://www2.seas.gwu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Xiuzhen Cheng cheng@gwu.edu

1
Xiuzhen Cheng
cheng_at_gwu.edu
Csci388 Wireless and Mobile Security
Bluetooth and Security
2
Introduction

Named after Harold Bluetooth, King of Denmark
(0952-0995 A.D.)
Bluetooth Consortium was founded in Spring 1998
By Ericsson, Intel, IBM, Nokia, Toshiba Now more
than 2000 organizations joint the SIG
Goal developing a single-chip, low-cost,
radio-based wireless network technology
Bluetooth is an open standard for short-range
digital radio to interconnect a variety of
devices
Cell phones, PDA, notebook computers, modems,
cordless phones, pagers, laptop computers,
printers, cameras, etc.

3
IEEE 802.15

In 1999, IEEE established a working group for
wireless personal area networks (WPAN)
Contains multiple subgroups
IEEE 802.15.1
Standardizes the lower layers of the Bluetooth
(together with the Bluetooth consortium)
Bluetooth also specifies higher layers
IEEE 802.15.2
Focuses on the coexistence of WPAN and WLAN
Proposes the adaptive frequency hopping (used
since version 1.2) that requires a WPAN device
check for the occupied channels and exclude them
from their hopping list
IEEE 802.15.3
For high-rate at low-power low cost
IEEE 802.15.4
Low-rate low-power consumption WPAN enabling
multi-year battery life
Zigbee consortium tries to standardize the higher
layers of 802.15.4

4
Bluetooth is a PAN Technology

Offers fast and reliable transmission for both
voice and data
Can support either one asynchronous data channel
with up to three simultaneous synchronous speech
channels or one channel that transfers
asynchronous data and synchronous speech
simultaneously
Support both packet-switching and
circuit-switching

5
Personal Area Network (PAN)
6
Bluetooth is a standard that will

Eliminate wires and cables between both
stationary and mobile devices
Facilitate both data and voice communications
Offer the possibility of ad hoc networks and
deliver synchronicity between personal devices

7
Characteristics of Bluetooth Technology
79 frequencies, each channel is used for 625
microseconds
2M is expected for Bluetooth 2
8
Bluetooth Topology

Bluetooth-enabled devices can automatically
locate each other
Topology is established on a temporary and random
basis
Up to eight Bluetooth devices may be networked
together in a master-slave relationship to form a
piconet
One is master, which controls and setup the
network
All devices operate on the same channel and
follow the same frequency hopping sequence
Two or more piconet interconnected to form a
scatternet
Only one master for each piconet
A device cant be masters for two piconets
The slave of one piconet can be the master of
another piconet

9
A Typical Bluetooth Network
10
Piconet

Master sends its globally unique 48-bit id and
clock
Hopping pattern is determined by the 48-bit
device ID
Phase is determined by the masters clock
Why at most 7 slaves?
Active member address is 3-bit
Parked and standby nodes
Parked devices can not actively participate in
the piconet but are known to the network and can
be reactivated within some milliseconds
8-bit for parked nodes
No id for standby nodes
Standby nodes do not participate in the piconet

11
ScatterNet

FH-CDMA to separate piconets within a scatternet
More piconets within a scatternet degrades
performance
Possible collision because hopping patterns are
not coordinated
A device participating in more than one piconet
At any instant of time, a device can participate
only in one piconet
If the device participates as a slave, it just
synchronize with the masters hop sequence
The master for a piconet can join another piconet
as a slave in this case, all communication
within in the former piconet will be suspended
When leaving a piconet, a slave notifies the
master about its absence for certain amount of
time
Communication between different piconets takes
place by devices jumping back and forth between
these nets

12
Frequency Selection

FH is used for interference mitigation and media
access TDD is used for separation of the
transmission directions
In 3-slot or 5-slot packets, why frequency does
not change? Why some frequencies are skipped?

fk
fk1
fk2
fk3
fk4
fk5
fk6
M
S
M
S
M
S
M
fk
fk3
fk4
fk5
fk6
M (3-slot packet)
S
M
S
M
fk
fk1
fk6
M
S (5-slot packet)
M
13
Physical Links

Synchronous connection-oriented link (SCO)
Reserve two consecutive slots at fixed intervals
Asynchronous connectionless Link (ACL)
Polling scheme master polls each slave
Error recovery
ACK a packet in the slot following the packet
Negative ACK or timeout signals a retransmission

14
Power Management
15
Benefits

Cable Replacement
Replace the cables for peripheral devices, USB
1.1 and 2.0, printers, etc
Ease of file sharing
Panel discussion, conference, etc.
Wireless synchronization
Synchronize personal information contained in the
address books and date books between different
devices such as PDAs, cell phones, etc.
Bridging of networks
Cell phone connects to the network through
dial-up connection while connecting to a laptop
with Bluetooth.

16
Security of Bluetooth

Security in Bluetooth is provided on the radio
paths only
Link authentication and encryption may be
provided
True end-to-end security relies on higher layer
security solutions on top of Bluetooth
Bluetooth provides three security services
Authentication identity verification of
communicating devices
Confidentiality against information compromise
Authorization access right of
resources/services
Fast FH together with link radio link power
control provide protection from eavesdropping and
malicious access
Fast FH makes it harder to lock the frequency
Power control forces the adversary to be in
relatively close proximity

17
Security Modes
A security manager controls access to services
and to devices
Needs a secret key
Exchange Business Cards
Security mode 2 does not provide any security
until a channel has been established
18
Security Mode 3
19
Key Generation from PIN
PIN 1-16 bytes. PINs are fixed and may be
permanently stored. Many users use
the four digit 0000
Bluetooth Key Generation From PIN
20
Bluetooth Initialization Procedure (Pairing)

Creation of an initialization key
Creation of a link key
Authentication

21
Creation of an Initialization Key
PIN and its length
22
Creation of the Link Key
23
Authentication

Challenge-Response Based
Claimant intends to prove its identity, to be
verified
Verifier validating the identity of another
device
Use challenge-response to verify whether the
claimant knows the secret (link key) or not
If fail, the claimant must wait for an interval
to try a new attempt. The waiting time is
increased exponentially to defend the
try-and-error authentication attack
Mutual authentication is supported
The E1 authentication algorithm is based on
SAFER

48-bit device address
Challenge (128-bit)
Response (32-bit)
24
Confidentiality
Authenticated Cipher Offset
25
Confidentiality

ACO (Authenticated Cipher Offset) is 96-bit,
generated during the authentication procedure
ACO and the link key are never transmitted
Encryption key Kc is generated from the current
link key
Kc is 8-bit to 128-bit, negotiable between the
master and the slave
Master suggests a key size
Set the minimum acceptable key size parameter
to prevent a malicious user from driving the key
size down to the minimum of 8 bits
The keystream is different for different packet
since slot number is different

26
Three Encryption Modes for Confidentiality

Encryption Mode 1 -- No encryption is performed
on any traffic
Encryption Mode 2 -- Broadcast traffic goes
unprotected while unicast traffic is protected by
the unique key
Encryption Mode 3 -- All traffic is encrypted

27
Trust Levels, Service Levels

Two trust levels trusted and untrusted
Trusted devices have full access right
Untrusted devices have restricted service access

28
Bluetooth Security Architecture Summary

Step 1 User input (initialization or pairing)
Two devices need a common pin (1-16 bytes)
Step 2 Authentication key (128-bit link key)
generation
Possibly permanent, generated based on the PIN,
device address, random numbers, etc.
Step 3 Encryption key (128 bits, store
temporarily)
Step 4 key stream generation for xor-ing the
payload

29
Security Summary

The security of the whole system relies on the
PIN, which may be too short
Users intend to use 4-digit short PINs, or even a
null PIN
Utilized new cryptographic primitives, which have
not gone through enough security analysis.
The E0 algorithm is designed specifically for
Bluetooth
E0 has gone many security analysis. When used in
Bluetooth mode, the security of E0 is decreased
from 128-bit to 84-bit when used outside of a
Bluetooth system, its effective security is only
39-bit
Short range was a countermeasure to force the
attackers to be in close proximity now range
extenders can be easily built
Attackers grow since information is more
attractive
People use Bluetooth not only for personal
information, but also for corporate information

30
Hacker Tools

Bluesnarfing
Adam Laurie, Serious flaws in Bluetooth security
lead to disclosure of personal data
http//www.thebunker.net/security/bluetooth.htm
Bluejacking
http//www.bluejackq.com/
Redfang
http//www.securiteam.com/tools/5JP0I1FAAE.html

31
Key Problems Summary
32
Key Problems Summary
33
IN-Class Project

Given all cryptographic primitives (E0, E1, E21,
E22) used in Bluetooth Pairing/Bonding and
authentication process, can you design a
procedure to crack the Bluetooth PIN? Focus on
short PIN now.
Hint assume you have recorded all messages
exchanged during the initialization procedure
You have 30 minutes for this project no
implementation, just figure out HOW!

34
Most important security weaknesses

Problems with E0
PIN
Problems with E1
Location privacy
Denial of service attacks

35
Problems with E0

Many publications on this already!
Output (KC) combination of 4 LFSRs (Linear
Feedback Shift Register)
Key (KC) 128 bits
Best attack guess some registers
-gt 266 (memory and complexity)

36
PIN

Some devices use a fixed PIN (default0000)
Security keys security PIN !!!!
Possible to check guesses of PIN (SRES) -gt brute
force attack
Weak PINs (1234, 5555, )

37
Problems with E1

E1 SAFER
Some security weaknesses (although not applicable
to Bluetooth)
slow

38
Location privacy

Devices can be in discoverable mode
Every device has fixed hardware address
Addresses are sent in clear
-gt possible to track devices (and users)

39
Denial of service attacks

Radio jamming attacks
Buffer overflow attacks
Blocking of other devices
Battery exhaustion (e.g., sleep deprivation
torture attack)

40
Other weaknesses

No integrity checks
No prevention of replay attacks
Man in the middle attacks
Sometimes default no security

41
Recommendations

Never use unit keys!!!!
Use long and sufficiently random PINs
Always make sure security is turned on

42
Interesting solutions

Replace E0 and E1 with AES
Use MACs to protect integrity
Pseudonyms
Identity based cryptography
Elliptic curves
Use MANA protocols instead of PIN
Use network layer security services (IPSEC) to
provide end-to-end security

43
Conclusion

Bluetooth has quite a lot of security weaknesses!
Need for secure lightweight protocols
More research needed!!

44
And More....

Zigbee, 802.15.4, and Bluethooth

45
What is ZigBee?

Technological Standard Created for Control and
Sensor Networks
Based on the IEEE 802.15.4 Standard
Created by the ZigBee Alliance

46
The ZigBee Name

Named for erratic, zig-zagging patterns of bees
between flowers
Symbolizes communication between nodes in a mesh
network
Network components analogous to queen bee,
drones, worker bees

47
IEEE 802.15.4 ZigBee In Context
Application
Customer

the software
Network, Security Application layers
Brand management
IEEE 802.15.4
the hardware
Physical Media Access Control layers

API
Security 32- / 64- / 128-bit encryption
ZigBee Alliance
Network Star / Mesh / Cluster-Tree
MAC
IEEE 802.15.4
PHY 868MHz / 915MHz / 2.4GHz
Stack
Silicon
App
Source http//www.zigbee.org/resources/documents/
IWAS_presentation_Mar04_Designing_with_802154_and_
zigbee.ppt
48
The 802 Wireless Space
Source http//www.zigbee.org/en/resources/
49
ZigBee and Other Wireless Technologies
Source http//www.zigbee.org/en/about/faq.asp
50
ZigBee Aims Low

Low data rate
Low power consumption
Small packet devices

51
ZigBee Frequencies

Operates in Unlicensed Bands
ISM 2.4 GHz Global Band at 250kbps
868 MHz European Band at 20kbps
915 MHz North American Band at 40kbps

52
What Does ZigBee Do?

Designed for wireless controls and sensors
Operates in Personal Area Networks (PANs) and
device-to-device networks
Connectivity between small packet devices
Control of lights, switches, thermostats,
appliances, etc.

53
Lights and Switches
Source ZigBee Specification Document
54
How ZigBee Works

Topology
Star
Cluster Tree
Mesh
Network coordinator, routers, end devices

55
How ZigBee Works

States of operation
Active
Sleep
Devices
Full Function Devices (FFDs)
Reduced Function Devices (RFDs)
Modes of operation
Beacon
Non-beacon

56
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
57
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
58
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
59
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
60
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
61
Research in ZigBee

Introduction
Research
Research Papers

62
Introduction

The IEEE 802.15.4 standard was completed in May
2003.
The ZigBee specifications were ratified on 14
December 2004.
The ZigBee Alliance announced public availability
of Specification 1.0 on 13 June 2005.
Much research is still going on with ZigBee.

63
Academic Research