05-08-2014, 01:12 PM
Bluetooth Security
[attachment=66603]
Introduction
Bluetooth technology was developed to replace cumbersome wires in portable and
personal electronic devices with radio frequency wireless communication. It has since
found its way into numerous mobile applications as well as home and automobile use.
However, as with all wireless technologies, security is of the utmost importance. The
protection of a consumer’s valuable information and the contents of their
communications have remained at the forefront of Bluetooth development.
Unfortunately, security vulnerabilities have remained an increasing problem as attackers
have developed more sophisticated ways of violating Bluetooth security, and the problem
only promises to become worse as Bluetooth devices permeate everyday life.
I will present a brief overview of the Bluetooth standard, followed by an outline of
Bluetooth’s security implementation. I will also examine some of the attacks currently
threatening the Bluetooth community and the countermeasures being enacted to protect
Bluetooth users
Bluetooth Authentication
Like most wireless communication protocols, Bluetooth provides a way to authenticate
connecting devices. This is accomplished through a system of shared secret keys. In
Bluetooth, these are called link keys. Link keys are 128-bit secret keys that only the two
devices know. This key is generated during the “pairing” portion of the communication
setup between the two devices. Two connected Bluetooth devices are said to share a
common link key. However, to complicate matters, Bluetooth allows for two types of
keys: combination keys and unit keys.
Link Keys
Combination keys are the safer method of authenticating a device because these keys are
only used between a pair of devices. This means that each connection using combination
keys in a Bluetooth network has a distinct link key.
On the other hand, unit keys are simpler to maintain, but offer less security. Unit keys
are link keys that are used by a device for each connection it makes. However, in order
to add some small sense of security, only one device in a pair is allowed to use a unit key.
The other device must use a combination key. Unit keys are typically used by devices
which are unable to maintain large amounts of unique key pairs. Because unit keys are
shared by all devices connected to the unit key device, it is possible for other devices in
the network to eavesdrop on traffic intended for the unit key device. This could allow an
attacker to gain privileged information or impersonate a device. This also means that unit
keys offer no protection from other pair devices. In fact, the Bluetooth SIG has released
an official recommendation that unit keys be used as little as possible.
Sometimes, the device classified as the “master” device wants to transmit data to more
than one recipient. To do this, something called a master key is created which
temporarily replaces the link key. The master key informs the receivers that the data
being transmitted to them is being sent to multiple devices as well as stating who the
information is from.
The generation of these keys will be discussed later.
Key Generation
The Bluetooth protocol provides three different key generation algorithms. One
algorithm is used for authentication (discussed later), one is used to produce keys, and
one is used for encryption. Both Kinit and the link keys (either unit or combination keys)
mentioned earlier are produced using variations of the same algorithm, known as E2.
This algorithm is more complicated than is necessary for analysis in this overview of
Bluetooth, so a short summary is sufficient. The basic concept of E2 is pictured in Figure
2.
Both modes produce 128-bit keys as was mentioned in an earlier section, so the more
interesting portion is the different input each mode uses. To produce unit and
combination keys, the algorithm uses the random number challenge and the Bluetooth
device address to create the key. This makes sense since link keys pair to at least one
device (unit key) and more often to a unique pair of devices (combination).
Ad Hoc Security Concerns
Bluetooth devices communicating in the wild form various sizes of ad hoc networks.
Since it is possible for varying numbers of devices to be entering and leaving the piconets
and scatternets created by the devices, Bluetooth poses some difficult safety requirements
to maintain good security in these ad hoc networks.
The first aspect of the ad hoc network that is important to Bluetooth uses is availability.
Users should have access to other users even if some devices are experiencing difficulties
on the network. Unfortunately, this is difficult to guarantee in Bluetooth because devices
are dependent on other devices for the transmission of data. This means that an attacker
who is capable of interrupting a few devices in a piconet can severely degrade the
performance of all devices. It is also difficult to maintain perfect availability because of
Conclusion
Bluetooth has shown promise as a wireless ad hoc networking protocol, and will only
continue to spread as more and more consumers cut the wires from their everyday lives.
On the other side of the coin, Bluetooth has also shown the difficulties and pitfalls that
exist when implementing a network such as this.
Clearly, Bluetooth is not a perfect standard in any way, but it is a step in the right
direction. It will be interesting to see what changes and improvements come about in
future implementations of Bluetooth.
For now, Bluetooth offers convenience and access to a broader base of information, but
one must remember that there are people out there with malicious intent, and they can
violate Bluetooth security. As long as everyone is aware of this and does their best to
maintain some security, then Bluetooth can act as a sufficient step towards a world of
secure ad hoc networks.