01-11-2012, 06:00 PM
BLUETOOTH SECURITY
BLUETOOTH.doc (Size: 135.5 KB / Downloads: 32)
INTRODUCTION
From the beginning of the computer era, cables are being used to connect computers to each other and to special devices. For safe traveling of information security measures have been developed to secure the cable connections.
Now, as the time has change, cables are not of that much use, thus the Bluetooth is develop to provide cable-free environment. Bluetooth is a new technology named after the 10th century Danish king Harald Bluetooth.
It is accepted as proposed standard for local wireless communication and is becoming more and more popular day by day. Now it is extended to support both the applications of voice/data access and personal ad hoc networks.
This report gives information about the security measures of Bluetooth, where we examine the Bluetooth security architecture in detail, how they should be different from the old security measures of the cable-connected world and are they sufficient enough, so that Bluetooth can be used for everyday communications. I have examined the Bluetooth security in two parts according to the framework proposed, including the build-in link-level Bluetooth security as the main part, and the service level Bluetooth security architecture as the practice part, respectively. And what possible uses it has.
BENEFITS
The most basic benefit from Bluetooth is of simple cable replacement between two devices. For many situations were the physical elimination of inconvenient cables that take space and limit device placement. In industrial and commercial applications, the presence of wires creates problems and task interference issues. The wide range of device types and standard interface make by Bluetooth. Which allows selection of devices optimized each for their particular functions. The multi-point capabilities of Bluetooth communications allows one interface to support communications a set of wired and wireless devices are Bluetooth connectable, including office appliances, e.g. desktop PCs, printers, projectors, laptops, and PDAs; communication appliances, e.g. speakers, handsets, pagers, and mobile phones; home appliances, e.g. DVD players, digital cameras, cooking ovens, washing machines, refrigerators, and thermostats. Bluetooth is suitable for a wide range of applications, e.g. wireless office and meeting room, smart home and vehicle, intelligent parking, electrical paying and banking. printers, scanners, scales, PDAs, other PCs, etc.
SECURITY FRAMEWORK
The Bluetooth technology provides security at both the application layer and the link layer. In this there are two kinds of features that make attacks more difficult. A hop selection mechanism of up to 1600 hops/sec is used to avoid the interference from external or other piconets. An automatic output power adaptation scheme is also included in the standard for the low power consumption of light-weight mobile devices, which can reduce the radio spread range for data transmission exactly according to requirements based on the detected intensity.
BASIC DEFINITIONS
A total of three different information security objectives are to be reached one or all. Confidentiality means that the data can only be used by authorized users and/or parties. Integrity means that the data cannot be modified during transfer and stored by adversaries. Availability means that the data is always available for authorized use.
Bluetooth gives three main techniques to achieve security features:
1. Encryption: The process of transforming data into a form that it cannot be understood without a key. Both data and control information can be encrypted.
2. Authentication: means the ensuring of the identity of another user, so that he knows to whom is communicating with. In which to verify ‘who’ is at the other end of the link. Authentication is performed for both devices and users.
SECURITY LEVELS
Bluetooth allows different security levels to be used for devices and various services. To secure devices two security levels can be defined. An authorized device has unrestricted access to all or some specific services. Basically this means that the device has been previously authenticated is marked as “trusted”. An unauthorized device has restricted access to services. Usually the device has been previously authenticated but has not been marked as “trusted”. An unknown device is also an untrusted device.
Three levels of service security are used to be defined so that the requirements for authorization, authentication, and encryption can be set independently, including services that require authorization and authentication, services that require authentication only, and services open to all devices.
AUTHENTICATION SCHEME
The Bluetooth authentication scheme uses a challenge-response strategy in which a 2-move protocol is used to check whether the other party knows the secret key. The protocol uses similar keys, so a successful authentication is based on the fact that both participants share the same key.
CONCLUSIONS
We have now examined Bluetooth in general, some of the Bluetooth security mechanisms. As was seen, the Bluetooth's security seemed to be adequate only for small ad hoc networks, such as a network of the participants in a meeting. Connecting a Personal Digital Assistant (PDA) to a mobile phone using Bluetooth may also be secure enough, but is Bluetooth secure enough for larger networks, money transfers and transferring other sensitive information.
In the light of this study, it seems that the security of Bluetooth is still not suitable for any serious, security sensitive work; the more sophisticated security methods may be implemented. Since the Bluetooth security scheme is reasonably useful to the applications with less security requirements. Based on the original design goal of cable replacement, Bluetooth is more suitable to short-range and small-size wireless personal area networks than for connecting with outside public networks, comparing.