14-02-2013, 09:47 AM
BLUETOOTH SECURITY THREATS AND SOLUTIONS: A SURVEY
[attachment=50791]
ABSTRACT
Bluetooth technology has become an integral part of this modern society. The availability of mobile
phones, game controllers, Personal Digital Assistant (PDA) and personal computers has made Bluetooth
a popular technology for short range wireless communication. However, as the Bluetooth technology
becomes widespread, vulnerabilities in its security protocols are increasing which can be potentially
dangerous to the privacy of a user’s personal information. The security issues of Bluetooth have been an
active area of research for the last few years. This paper presents the vulnerabilities in the security
protocols of this technology along with some past security threats and possible countermeasures as
reported in the literatures which have been surveyed and summarized in this paper. It also presents some
tips that end-users can implement immediately to become more cautious about their private information.
Finally, the paper concludes with some recommendations for future security enhancements that can be
implemented in the Bluetooth standard.
INTRODUCTION
Bluetooth technology has been considered as a cheap, reliable, and power efficient replacement
of cables for connecting electronic devices. This technology was officially approved in the
summer of 1999 [1]. Since then it has widely been used in various electronic devices. Bluetooth
Special Interest Group (SIG) was formed to nurture and promote this technology. The SIG has
over 14,000 members including some leading companies in the fields of telecommunications,
computing, automotive, music, industrial automation, and network industries [2]. Bluetooth is a
combination of hardware and software technology. The hardware is riding on a radio chip. On
the other hand, the main control and security protocols have been implemented in the software.
By using both hardware and software Bluetooth has become a smart technology for efficient
and flexible wireless communication system. Bluetooth radio chip supports communication
among a group of electronic devices.
RELATED WORK
Many security experts in the field of wireless technologies have conducted research on
different aspects within the security architecture of Bluetooth and have provided amazing
results with new tweaks that enhances the security of the device within a network. Some
commendable research work is mentioned in [6]. [7] and [8].
In [6], the authors have presented a light weight protocol to provide location privacy in wireless
body area network. The basic idea of their protocol is on the use of temporary pseudonyms
instead the use of hardware addresses to communicate in the wireless body area networks. This
allows protecting the source and the destination of mobile devices in the WBANs. Their
protocol is efficient and also energy saving.
In [7], the authors proposed the design of a device pairing simulator called “PSim”, they have
felt the need to create this tool because most wireless systems are prone to security risks, such
as eavesdropping and require different techniques as compared to traditional security
mechanisms to test their security protocols. This tool can be used to perform test on different
types of device pairing methods as well as generate new protocols for increased security
measures.
In [8], the authors have compared different techniques used for device pairing in wireless
networks and have presented a comparative result of their findings on the security protocols
used.
SECURITY ARCHITECTURE
Security issues have played a major role in the invention of Bluetooth technology. The
Bluetooth SIG has put much effort into making Bluetooth a secured technology. Several
security measures have been implemented at different protocol levels, but the basic Bluetooth
security configuration depends on the user’s Bluetooth device, who decides about the
discoverability and connection options. In general, Bluetooth discoverability and connection
options are divided into three 'modes' of operation [14].
BLUETOOTH NETWORK VULNERABILITIES
Since there are now billions of Bluetooth devices in use, malicious security violations are
common events now and it is expected to increase in the near future. On the contrary, the
increased usage of Bluetooth devices makes security concerns even more alarming. Hence,
Bluetooth security architecture needs a constant upgrading to prevent new unknown threats.
Like any other wireless communication system Bluetooth transmission can be deliberately
jammed or intercepted. False or modified information could be passed to the devices by the
cyber criminals. Security threats in Bluetooth can be divided into three major categories [15] as
follows:
• Disclosure threat: The information can leak fromthe target system to an eavesdropper
that is notauthorized to access the information.
• Integrity threat: The information can be deliberately altered to mislead the recipient.
• Denial of Service (DoS) threat: The users can be blocked to get access to a service by
making it either unavailable or severely limiting its availability to an authorized user.
MAC Spoofing Attack
Among all passive attacks, the most frequently reported attacks are classified as MAC spoofing
and PIN cracking attacks. Malicious attackers can perform MAC spoofing during the link key
generation while Piconets are being formed. Assuming the attack is made prior to successful
pairing and before encryption is established attackers can easily intercept data intended for
other devices. Attackers, with specialized hardware, can easily use spoofing to terminate
legitimate connections or capture and/or manipulate data while in transit. Bluetooth SIG did not
provide a good solution to prevent this type of attack. They only advised the users to do the
pairing process in private settings. They also suggested that a long, random, and variable PIN
numbers should be used.
PIN Cracking attack
Using a Bluetooth frequency sniffer (or protocol analyzer) and acquisition of a FHS packet,
attackers can attempt to acquire IN_RAND, LK_RAND and the initialization key during the
entire pairing and authentication processes. The attacker would have to list all of the possible
permutations of the PIN. Using the acquired IN_RAND and BD_ADDR they would need to try
possible permutations as input in the E22 algorithm. Eventually they would be able to find the
correct initialization key. The next step is to hypothesize and test possibilities of the shared
session link key using all of the previous data. Assuming the right information is collected, the
proper equipment is used, and enough time is allowed, PIN cracking becomes a fairly simple
task. The proposed solutions for these types of attacks involve different pairing and
authentication schemes that involves using a combination of public/private keys.
Man-in-the-Middle/Impersonation Attack
Man-in-the-Middle and impersonation attacks actually involve the modification of data
between devices communicating in a Piconet. A Man-in-the-Middle attack involves relaying of
authentication message unknowingly between two devices in order to authenticate without
knowing the shared secret keys. By forwarding the message of two devices trying to pair, an
attacker will relay two unique link keys. By acting between two devices an attacker can trick
two devices into believing they are paired when in fact they have paired with the attacker. The
suggested solutions to this kind of attack involve incorporating more Piconet specific
information into the pairing process. For example, timestamps and nested mutual authentication
can be used to determine the legitimacy of a device’s challenge before responses are sent in
return.
Conclusion
This paper presented an overview of some of the major attacks that Bluetooth has faced over
the years along with some possible solutions. Some safety tips for the users have also been
provided to instantly create awareness among them to be more cautious about their personal
information. Although a vast majority of devices now communicate using this technology, the
risks are far greater if the security threats are overlooked by our peers in this industry.
Bluetooth security specialists need to provide automatic updates to its security protocols and
user privacy protection methods for every new security breach so that protection of the device
user’s personal information becomes the primary objective. Due to limitations in time and
resources, only a comprehensive literature survey has been presented in this paper. Emerging
devices all have Bluetooth as a mandatory feature and its potential applications are increasing,
so its future vulnerabilities needs to be explored through further research in this field. The
bottom line is, we need technology to survive and technology needs us to evolve ensuring our
safety first.
[attachment=50791]
ABSTRACT
Bluetooth technology has become an integral part of this modern society. The availability of mobile
phones, game controllers, Personal Digital Assistant (PDA) and personal computers has made Bluetooth
a popular technology for short range wireless communication. However, as the Bluetooth technology
becomes widespread, vulnerabilities in its security protocols are increasing which can be potentially
dangerous to the privacy of a user’s personal information. The security issues of Bluetooth have been an
active area of research for the last few years. This paper presents the vulnerabilities in the security
protocols of this technology along with some past security threats and possible countermeasures as
reported in the literatures which have been surveyed and summarized in this paper. It also presents some
tips that end-users can implement immediately to become more cautious about their private information.
Finally, the paper concludes with some recommendations for future security enhancements that can be
implemented in the Bluetooth standard.
INTRODUCTION
Bluetooth technology has been considered as a cheap, reliable, and power efficient replacement
of cables for connecting electronic devices. This technology was officially approved in the
summer of 1999 [1]. Since then it has widely been used in various electronic devices. Bluetooth
Special Interest Group (SIG) was formed to nurture and promote this technology. The SIG has
over 14,000 members including some leading companies in the fields of telecommunications,
computing, automotive, music, industrial automation, and network industries [2]. Bluetooth is a
combination of hardware and software technology. The hardware is riding on a radio chip. On
the other hand, the main control and security protocols have been implemented in the software.
By using both hardware and software Bluetooth has become a smart technology for efficient
and flexible wireless communication system. Bluetooth radio chip supports communication
among a group of electronic devices.
RELATED WORK
Many security experts in the field of wireless technologies have conducted research on
different aspects within the security architecture of Bluetooth and have provided amazing
results with new tweaks that enhances the security of the device within a network. Some
commendable research work is mentioned in [6]. [7] and [8].
In [6], the authors have presented a light weight protocol to provide location privacy in wireless
body area network. The basic idea of their protocol is on the use of temporary pseudonyms
instead the use of hardware addresses to communicate in the wireless body area networks. This
allows protecting the source and the destination of mobile devices in the WBANs. Their
protocol is efficient and also energy saving.
In [7], the authors proposed the design of a device pairing simulator called “PSim”, they have
felt the need to create this tool because most wireless systems are prone to security risks, such
as eavesdropping and require different techniques as compared to traditional security
mechanisms to test their security protocols. This tool can be used to perform test on different
types of device pairing methods as well as generate new protocols for increased security
measures.
In [8], the authors have compared different techniques used for device pairing in wireless
networks and have presented a comparative result of their findings on the security protocols
used.
SECURITY ARCHITECTURE
Security issues have played a major role in the invention of Bluetooth technology. The
Bluetooth SIG has put much effort into making Bluetooth a secured technology. Several
security measures have been implemented at different protocol levels, but the basic Bluetooth
security configuration depends on the user’s Bluetooth device, who decides about the
discoverability and connection options. In general, Bluetooth discoverability and connection
options are divided into three 'modes' of operation [14].
BLUETOOTH NETWORK VULNERABILITIES
Since there are now billions of Bluetooth devices in use, malicious security violations are
common events now and it is expected to increase in the near future. On the contrary, the
increased usage of Bluetooth devices makes security concerns even more alarming. Hence,
Bluetooth security architecture needs a constant upgrading to prevent new unknown threats.
Like any other wireless communication system Bluetooth transmission can be deliberately
jammed or intercepted. False or modified information could be passed to the devices by the
cyber criminals. Security threats in Bluetooth can be divided into three major categories [15] as
follows:
• Disclosure threat: The information can leak fromthe target system to an eavesdropper
that is notauthorized to access the information.
• Integrity threat: The information can be deliberately altered to mislead the recipient.
• Denial of Service (DoS) threat: The users can be blocked to get access to a service by
making it either unavailable or severely limiting its availability to an authorized user.
MAC Spoofing Attack
Among all passive attacks, the most frequently reported attacks are classified as MAC spoofing
and PIN cracking attacks. Malicious attackers can perform MAC spoofing during the link key
generation while Piconets are being formed. Assuming the attack is made prior to successful
pairing and before encryption is established attackers can easily intercept data intended for
other devices. Attackers, with specialized hardware, can easily use spoofing to terminate
legitimate connections or capture and/or manipulate data while in transit. Bluetooth SIG did not
provide a good solution to prevent this type of attack. They only advised the users to do the
pairing process in private settings. They also suggested that a long, random, and variable PIN
numbers should be used.
PIN Cracking attack
Using a Bluetooth frequency sniffer (or protocol analyzer) and acquisition of a FHS packet,
attackers can attempt to acquire IN_RAND, LK_RAND and the initialization key during the
entire pairing and authentication processes. The attacker would have to list all of the possible
permutations of the PIN. Using the acquired IN_RAND and BD_ADDR they would need to try
possible permutations as input in the E22 algorithm. Eventually they would be able to find the
correct initialization key. The next step is to hypothesize and test possibilities of the shared
session link key using all of the previous data. Assuming the right information is collected, the
proper equipment is used, and enough time is allowed, PIN cracking becomes a fairly simple
task. The proposed solutions for these types of attacks involve different pairing and
authentication schemes that involves using a combination of public/private keys.
Man-in-the-Middle/Impersonation Attack
Man-in-the-Middle and impersonation attacks actually involve the modification of data
between devices communicating in a Piconet. A Man-in-the-Middle attack involves relaying of
authentication message unknowingly between two devices in order to authenticate without
knowing the shared secret keys. By forwarding the message of two devices trying to pair, an
attacker will relay two unique link keys. By acting between two devices an attacker can trick
two devices into believing they are paired when in fact they have paired with the attacker. The
suggested solutions to this kind of attack involve incorporating more Piconet specific
information into the pairing process. For example, timestamps and nested mutual authentication
can be used to determine the legitimacy of a device’s challenge before responses are sent in
return.
Conclusion
This paper presented an overview of some of the major attacks that Bluetooth has faced over
the years along with some possible solutions. Some safety tips for the users have also been
provided to instantly create awareness among them to be more cautious about their personal
information. Although a vast majority of devices now communicate using this technology, the
risks are far greater if the security threats are overlooked by our peers in this industry.
Bluetooth security specialists need to provide automatic updates to its security protocols and
user privacy protection methods for every new security breach so that protection of the device
user’s personal information becomes the primary objective. Due to limitations in time and
resources, only a comprehensive literature survey has been presented in this paper. Emerging
devices all have Bluetooth as a mandatory feature and its potential applications are increasing,
so its future vulnerabilities needs to be explored through further research in this field. The
bottom line is, we need technology to survive and technology needs us to evolve ensuring our
safety first.