Bluetooth signals can be easily intercepted, as can any other type of wireless signals. Therefore, the Bluetooth specification calls for the built-in security to discourage eavesdropping and attempts to falsify the origin of messages, which is called â€œspoofingâ€. This section provides an overview of the security mechanisms included in the Bluetooth specifications to illustrate their limitations and provide a foundation for some of the security recommendations.
In this example, Bluetooth security is provided between the mobile phone and the laptop computer. IEEE 802.11 security protects the wireless local area network link which is between the laptop computer and the IEEE 802.11 AP. The communications on the wired network are not protected by the Bluetooth security.
1. Three Basic Security Services
The three basic security services specified in the Bluetooth standard are authentication, confidentiality and authorization.
ÂPrevents spoofing and unwanted access to critical data and functions. It is the process of verifying the identity of the communication devices. User authentication is not provided natively by Bluetooth.
The Bluetooth device authentication procedure is in the front of a challenge-response scheme. The device attempting to prove its identity in an authentication process is the claimant and the device validating the identity of the claimant is the verifier.
The challenge-response protocol validates devices by verifying the knowledge of a secret key, which is the Bluetooth link key.
Steps in Authentication Process
Step 1: The verifier transmits a 128-bit random challenge (AU_RAND) to the claimant, which is obtained from the random number generator derived from a pseudo-random process within the Bluetooth device.
Step 2: The claimant uses the E1 algorithm to compute an authentication response using its unique 48-bit Bluetooth device address (BD_ADDR), the link key, and AU_RAND as inputs. The verifier does the same computation.
Step 3: The claimant returns the most significant 32 bits of the E1 output as the computed response, SRES to the verifier.
Step 4: The verifier uses a comparator to compare the SRES from the claimant and its own computed value from the E1 algorithm.
Step 5: If both the values are the equal, the authentication is considered successful. If not, the authentication has failed.
The 5 steps accomplishes one-way authentication. The Bluetooth standards allow both one-way and mutual authentication to be performed. For mutual authentication, the steps are repeated with the verifier and claimant switching roles.
Preventing information compromise caused by ensuring that only authorised devices can access and view data.
To provide confidentiality to the userâ€™s data, encryption technique is used by the Bluetooth technology. Bluetooth has three Encryption Modes.
The modes are as follows:
Encryption Mode 1: No encryption is performed on any traffic.
Encryption Mode 2: Individually addressed traffic is encrypted using encryption keys based on individual link keys. Broadcast traffic is not encrypted.
Encryption Mode 3: All traffic is encrypted using an encryption key based on the master link key.
The encryption key is produced using an internal key generator (KG). The KG produces stream cipher keys based on 128-bit link key, 128 bit EN_RAND and 96-bit ACO value which is the least significant bits from the E1 algorithm of authentication process. A key stream output is exclusive-OR-ed with the payload bits and sent to the receiving device. This stream key is produced using a cryptographic algorithm based on linear feedback shift registers (LFSR). The clock provides the slot number. The encryption function E0 output is exclusive-OR-ed with the sender data and transmitted. The received data is exclusive-OR-ed with the keystream and original data is retrieved.
Trust levels, Service levels, and Authorizations
The Bluetooth levels of trust are
Trusted device: fixed relationship with another device and has full access to all services.
Untrusted device: does not have an established relationship and hence restricted access to services.
The security services defined for Bluetooth devices are
Service level 1: requires authorization and authentication. Automatic access is granted to trusted device; untrusted devices need manual authorization.
Service level 2: requires authentication only; authorization is not necessary. Access to an application is granted only after an authentication procedure.
Service level 3: open to all devices, with no authentication required. Access is granted automatically.
2. Security Modes
The various versions of Bluetooth specifications define four security modes. Each Bluetooth device must operate in one of the four modes.
Security Mode 1: a non secure mode. Authentication and encryption are bypassed leaving the device and connections susceptible to attackers. This mode is only supported in v2.0 + EDR devices.
Security mode 2: a service level-enforced security mode. The security procedures are initiated after LMP link establishment but before L2CAP channel establishment. The authentication and encryption mechanisms in this mode are implemented at the LMP layer. All Bluetooth devices support this security mode 2.
Security Mode 3: link level-enforces security mode. The Bluetooth device initiates the security procedures before the physical link is fully established. This mode mandates authentication and encryption for all connections to and from the devics. This mode is supported only in v2.0 + EDR devices.
Security Mode 4: a service level-enforced security mode like the security mode 2. But the security procedures are initiated after link setup. Authentication and encryption algorithms are identical to the algorithms in Bluetooth v2.0 + EDR and earlier versions. This is mandatory for v2.1 + EDR devices.
Appendix Dâ€”Online Resources
Bluetooth Special Interest Group, Bluetooth 2.0 and 2.1 specifications, http://www.bluetooth.com/Bluetooth/Technology/Building/Specifications/
Bluetooth Special Interest Group, â€œBluetooth Security White Paperâ€, May 2002, http://www.bluetooth.com/NR/rdonlyres/E870794C-2788-49BF-96D3- C9578E0AE21D/0/security_whitepaper_v1.pdf
Bluetooth Special Interest Group, â€œSimple Pairing Whitepaperâ€, August 2006, http://bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6- F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf
Defense Information Systems Agency (DISA), â€œDoD Bluetooth Headset Security Requirements Matrixâ€, Version 2.0, 07 April 2008, http://iase.disa.mil/stigs/checklist/dod_bluetooth_headset_security_requirements_matrix_v2-
Defense Information Systems Agency (DISA), â€œDoD Bluetooth Smart Card Reader Security Requirements Matrixâ€, Version 2.0, 01 June 2007, http://iase.disa.mil/stigs/checklist/DoD-Bluetooth- Smart-Card-Reader-Security-Requirements-Matrix.pdf
Y. Lu, W. Meier, and S. Vaudenay, â€œThe Conditional Correlation Attack: A Practical Attack on Bluetooth
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more