A first Demonstrator for a CAHN infrastructure Bluetooth in CAHN.
-
date post
20-Dec-2015 -
Category
Documents
-
view
226 -
download
2
Transcript of A first Demonstrator for a CAHN infrastructure Bluetooth in CAHN.
Reminder on Bluetooth Security
Bluetooth provides three Security Modes: No Security Authentication Authentication and Encryption
Authentication is based on a PIN Encryption is based on encryption keys,
which are derived from the link key, which in turn is based on the PIN
The Bootstrapping Problem
How can a PIN between two entities be defined, when the entities do neither know each other nor see each other? A Service Provider can sell PINs (Pre Paid
Solution, Authorization, not Authentication) A third Entity can provide PINs on demand for
registered users (all users have to have a subscription with this third party, which provides a higher level authentication)
Our suggestion: CAHN
How CAHN can help to get a PIN
The Scenario
Service Connection Request
Service Connection Response, including the PIN
Secure Connection
Bluetooth Goodies
InquiriesHelps to find other devices in vicinity
Service DiscoveryHelps to find services on a given device in vicinity
ProfilesServices are well defined by Profiles
Example: PAN Profile, Network Access Point
Service Name: Network Access PointService RecHandle: 0x804ccf0Service Class ID List: "Network access point" (0x1116)Protocol Descriptor List: "L2CAP" (0x0100) PSM: 15 "BNEP" (0x000f) Version: 0x0100 SEQ16: 800 806Profile Descriptor List: "PAN access point" (0x1116) Version: 0x0100
New Profile: CAHN
Is it possible to create a new Profile for CAHN The goal of the Profile would be to find out which
devices are able to “speak” CAHN MSISDN as Attribute
The Scenario with Service Discovery
Bluetooth Access Point
12:34:56:78:9a:bc
Service Browse Request
Service Browse Response
MSISDN
The Scenario with Service Discovery
Bluetooth Access PointBluetooth Access Point
12:34:56:78:9a:bc
Connection RequestLink Key Request
MSISDN
Link Key Negative ResponsePIN Request
PIN Negative ResponseConnection Negative Response
The Scenario with Service Discovery
Bluetooth Access Point
12:34:56:78:9a:bc
MSISDN
Service Connection Request
Service Connection Request
Service Connection Request
Processes Request (AC)Generates a PIN
Sends back a Response
The Scenario with Service Discovery
Bluetooth Access Point
12:34:56:78:9a:bc
MSISDN
PIN
Service Connection Response (incl. PIN)
Service Connection Response (incl. PIN)
Service Connection Response (incl. PIN) Connection Request
Link Key RequestLink Key Negative Response
PIN RequestPIN Positive Response
Connection Positive Response
Implementation – Flow ChartDaemon
initialization
Listen forincoming
connections
Device alreadyregistered?
Generate PIN
Device in range?
Update PINDB
SendResponse
Search forBLT Service
SendConnection
RequestConnection Request
Wait forresponse
Error Response?
Update PINDB
Set upBluetooth
Device
Establish theconnection
Error ResponseError Reponse
Connection Response
Set upBluetooth
Device
N
Y
Y
N
N
Y
WLANBLTCellular
USSD SMS
CAHN Communication Module (CCM)
Het. VPN File Transfer
GUI
Key Management
CAHN Protocol via Cellular
CAHN Communication Module (CCM) Responsible to treat Requests and
Responses and to handle the Bluetooth Connector or the Cellular Adapter
Daemon waiting for Requests Provides a socket interface to the Cellular
Adapter (local, multiplexed UNIX socket)
Cellular Adapter
Translates packets from the CCM to Cellular packets and vice versa
Communicates with the local CCM via a socket interface
Communicates with the Cellular with help of the gsmlib and a serial connection to a cell phone
Bluetooth Connector
Is invoked by the CCM Responsible for
Access Control PIN Generation Service Configuration PIN Database (MySQL) (Billing Records)
Consists of three messages CAHN Bluetooth Service Request
CAHN Bluetooth Service Response
Error Message
CAHN Protocol
PDU_ID P_LEN SRC_MSISDN DST_MSISDN SRC_BA DST_BA Bluetooth Service ID
HDR CAHN HDR BLT HDR SVC DATA
PDU_ID P_LEN SRC_MSISDN DST_MSISDN SRC_BA DST_BA Bluetooth Service ID
HDR CAHN HDR BLT HDR SVC DATA
PIN
PDU_ID P_LEN SRC_MSISDN DST_MSISDN SRC_BA DST_BA Error Code
HDR CAHN HDR BLT HDR SVC DATA(Optional)
Open Issues Bluetooth related
Can this really be a Profile? Creation of a UUID Attributes Standardization through Bluetooth SIG
Cellular related Transport Mechanism (USSD, GPRS or SMS?) Architecture Realization (Java?)
General GUI Definition of Interfaces between the different modules Further Protocol Definition Access Control PIN Generation by the Operator