University of Virginia 1 Gregory LammGerlando Falauto Jorge EstradaJag Gadiyaram November 29, 2000...
-
Upload
giles-sanders -
Category
Documents
-
view
212 -
download
0
Transcript of University of Virginia 1 Gregory LammGerlando Falauto Jorge EstradaJag Gadiyaram November 29, 2000...
University of Virginia
1
Gregory Lamm Gerlando FalautoJorge Estrada Jag Gadiyaram
November 29, 2000
Identifying and Assessing Security Issues related to
Bluetooth Wireless Networks
University of Virginia
2A Christmas Carol
Charles Dickens had it right-for every major issue (or story) in the world, there is usually a Past, a Present and a Future that are clearly identifiable.
Group 11 would like to tell you a story.
University of Virginia
3
The Ghost of BluetoothPast
• 10th Century Danish King (unified warring Viking Tribes): Harald Bluetooth
• No Wireless Networks prior to 20th Century
• New Wireless Transmission Schemes for the 21st Century– 802.11b– Home Radio Frequency– Bluetooth (version 1.0)
University of Virginia
4Past Bluetooth Attacks
1. Third Party Eavesdropping & Impersonating
2. Stealing Addresses from a Bluetooth Device Tracking the device through the network Impersonate a device
A BC
University of Virginia
5
• Ad hoc Networks• Bluetooth Chip: $50• Range: 10 meters (30 feet)• Throughput: 720,000 bps• Peer to Peer• Piconet (8/250)• Scatternet (10 Piconets)
The Ghost of Bluetooth Present
University of Virginia
8Bluetooth Development
Local AreaNetwork(LAN)
Wireless Phone
Network
• Small Network• Large Throughput• IR or Radio Communication• Relays not used• Fixed with limited mobility • Small Distances
• Large Network• Small Throughput• Radio Communication• Relays used• Mobility• Large Distances
University of Virginia
9Bluetooth Overview
Local AreaNetwork
(LAN)
Wireless Phone
Network
Encryption
Authentication
Communication
• Challenge-Response Scheme• SAFER+• None/One-way/Mutual• Needed for encryption
• Optional• Symmetric Stream Cipher• Negotiable Key Size (8-128 bits)• Clock dependent
• Radio Frequency Hopping (1600 Hps)• 2.4GHz Frequency Range• RF Interface• 720 Kbps – 4 Mbps
University of Virginia
10Bluetooth Communication
• Link Manager Protocol (LMP) – Configure, authenticate and
handle the connections – Power management scheme
• Radio Frequency Communications (RF C)– Controls Frequency Hopping
for Bluetooth
• Logical Link Control (LLC)– Link Management
– Security Management– QoS Management
– Transmission Scheduling
University of Virginia
11Bluetooth Authentication
Link key generationKLINK
PINRandom #
SRES’SRES ACO’ACO
Encryption key generation
SRES’
BD_ADDRB
CHECKSRES = SRES’
E1
(SAFER+)BD_ADDRB
KLINK
AU_RAND
E1
(SAFER+)BD_ADDRB
KLINK
AU_RAND
A (Verifier) B (Claimant)
AU_RAND
University of Virginia
12Bluetooth Encryption
E0
BD_ADDRA
clockA
KC’
Kcipher
Kcipher
Kcipher
dataA-B
dataB-A
E0
BD_ADDRA
clockA
K’C’
K’cipher
K’cipher
K’cipher
dataA-B
dataB-A
data
A B
=
Is everything OK?Yes, BUT...
Is everything OK?Yes, BUT...
University of Virginia
13
The Ghost of Bluetooth Future
• Encryption– Plain Text Attack
• Authentication– Unit Key Stealing
• Communication– Impersonation
Security Weaknesses