Overview of Bluetooth
Transcript of Overview of Bluetooth
-
7/29/2019 Overview of Bluetooth
1/37
Page 1 of37
Table of Contents
1. Appendix ......................................................................................................................... 4
2.
Introduction..................................................................................................................... 5
3. Overview of Bluetooth Technology ............................................................................ 63.1. Bluetooth Stack Architecture .......................................................................... 63.2. Advantages and Disadvantages of Bluetooth Technology .............................. 9
3.2.1. Advantages ............................................................................................... 93.2.2. Disadvantages .......................................................................................... 9
3.3. Piconet ........................................................................................................... 103.4. Scatternet ....................................................................................................... 113.5. Types of Bluetooth ........................................................................................ 11
4. Bluetooth Security Feature ......................................................................................... 124.1. Basic Security Feature ................................................................................... 124.2. Service Level of Bluetooth Technology........................................................ 134.3. Key Management .......................................................................................... 14
5. Key Generation and Security Mode .......................................................................... 155.1. Security Modes .............................................................................................. 155.2. Types of Key in Bluetooth ............................................................................ 175.3. Generation of the initialization key, Kinit ...................................................... 185.4. Generation of Unit Key, K
A.......................................................................... 19
5.5. Generation of Combination Key, KAB........................................................... 195.6. Generation of Master Key, Kmaster................................................................. 205.7. Generation of Encryption Key, KC................................................................ 215.8. Algorithm that used to generate Keys ........................................................... 215.9. Pairing Process .............................................................................................. 23
6. Authentication and Confidentiality............................................................................ 24
-
7/29/2019 Overview of Bluetooth
2/37
Page 2 of37
6.1. Authentication ............................................................................................... 246.2. Confidentiality ............................................................................................... 26
7. Bluetooth Vulnerabilities & Threats.......................................................................... 287.1. Vulnerabilities ............................................................................................... 28
7.1.1. Vulnerabilities before Bluetooth v1.2 .................................................... 287.1.2. Vulnerabilities before Bluetooth v2.1 .................................................... 287.1.3. Vulnerabilities in Bluetooth v2.1 and v3.0 ............................................ 297.1.4. Vulnerabilities in Bluetooth before v4.0 ................................................ 29
7.2. Threats ........................................................................................................... 308. Bluetooth Countermeasures ........................................................................................ 329. Conclusion .................................................................................................................... 3510. Reference ................................................................................................................... 36
-
7/29/2019 Overview of Bluetooth
3/37
Page 3 of37
List of Figures
Figure 3.1: Overview of Bluetooth Stack Architecture (msdn, 2006) .......................................... 6
Figure 3.2: Example of a Piconet temporary network ............................................................... 10
Figure 3.3: Example of a Scatternet ......................................................................................... 11Figure 3.4: Overview of types of Bluetooth (Padgette, Scarfone and Chen , 2012) ................. 11Figure 5.1: Generation of Initialization Key (Giousouf, n.d.) ..................................................... 18Figure 5.2: Generation of Unit Key (Giousouf, n.d.) ................................................................. 19Figure 5.3: Generation of Combination Key (Giousouf, n.d.) .................................................... 19Figure 5.4: Generation of Master Key (Giousouf, n.d.) ............................................................. 20Figure 5.5: Generation of Encryption Key (Giousouf, n.d.) ....................................................... 21Figure 5.6: Algorithm E21 (Giousouf, n.d.) ................................................................................ 21Figure 5.7: Algorithm E22 (Giousouf, n.d.) ................................................................................ 22Figure 5.8: Algorithm E3 (Giousouf, n.d.) .................................................................................. 22Figure 5.9: Pairing process between Bluetooth device (NATIONALINSTRUMENTS, 2008). ... 23Figure 6.1: Authentication Process in Bluetooth (Padgette and Scarfone, 2008) ..................... 24Figure 6.2: Overview of Encryption Process in Bluetooth (Padgette and Scarfone, 2008) ....... 27
-
7/29/2019 Overview of Bluetooth
4/37
Page 4 of37
1. Appendix
-
7/29/2019 Overview of Bluetooth
5/37
Page 5 of37
2. Introduction
In modern era every technologys growing tendency is direct to wireless
technology. What is wireless technology? Wireless technology is a technique thatallows its user to transmit data or information in the air, in other term is that the
transmission can be done without using any visible wire. In this research paper we
will focus on one of the wireless technology which is found in the early stage in
wireless technologys history, Bluetooth.
The name Bluetooth is come from the name of a king which lived in Denmark
in 10th century (Lai, 2001). The reason of choosing the king name is unknown for me
but I think it is better to include some interesting information at the starting of this
research paper. Bluetooth is actually found and develop by 5 big organizations which
included Ericsson, Nokia, IBM, Intel and Toshiba (Lai, 2001). Back the beginning
stage of mobile industry Ericsson and Nokia can be considered as the biggest
organization during the era. But when come to the current state, the biggest
organization in the mobile industry already changed to Apple and Samsung.
Bluetooth actually simplify the lives of people during the old era, even though
this technology is still available in modern smart phone but the usage of its
application is become lesser and lesser. Besides, user also did not use Bluetooth as
often as before. The most basic example of Bluetooth application will be it allows the
user to transmit a file from a users phone to another users phone or mobile devices
which also support Bluetooth. To perform this activity it needs no setup, it will
always on in the background (Lai, 2001). But of course the connectivity of Bluetooth
can also turn off manually. One of the weaknesses of Bluetooth is that its connectivity
for both the sender and receiver is very short. The ranges of functional connection are
about 10 meters only (Lai, 2001).
Of course Bluetooth used some protocol and feature to ensure the security of
the connection. The multiple levels of security and security feature will be discussed
more in the coming sub-topic. On this research paper, we will focus more on the
security area. There is more security issues will be describe and discussed later.
-
7/29/2019 Overview of Bluetooth
6/37
Page 6 of37
3. Overview of Bluetooth Technology
3.1. Bluetooth Stack Architecture
In Bluetooth its specification can be divided into two parts, the core portion and
the profile specifications (Kardach, n.d.). Core portion is used to describe how
Bluetooth work, in the other hand the profile specification is mainly concentrate on
how to build interoperating devices using the core technologies (Kardach, n.d.). In
Figure 3.1 is the architecture view of Bluetooth stack.
Figure 3.1: Overview of Bluetooth Stack Architecture (msdn, 2006)
-
7/29/2019 Overview of Bluetooth
7/37
Page 7 of37
Lets do a very quick and brief discussion about this Bluetooth stack
architecture. Due to the limitation of time constrain we will only go through those
layer which is important in Bluetooth.
OBEX It is stand for Object Exchange. Obex client module: Obexapi.dll Obex server module: Obexsvr.dll Primarily used as a push or pull application.
TDI It is stand for Transport Driver Interface It separate the highly asynchronous callback-
based architecture of the stack presenting aWindow Sockets Specification
COM Port Emulation It is host dial-up and LAN access profilesSDP It is stand for Service Discovery Protocol.
It is used to handles publishing and discoveryof services.
This protocol empowers portable Bluetooth topermits devices to deal with the dynamicallychanging Bluetooth environment when the
Bluetooth technology is operating in motion.
SDP client module: Btdrt.dll SDP server module: Btd.dll
RFCOMM Serial Cable Emulation Protocol It can support maximum 60 simultaneous
connections between two Bluetooth devices. It serves as a base for COM port emulation
facilities.
It makes data synchronization possiblebetween Bluetooth devices and other mobile
devices such as PDA and smart phone.
Control the data flow between devices andapplications.
-
7/29/2019 Overview of Bluetooth
8/37
Page 8 of37
PAN Personal Area Network Piconet and Scatternet (will be discuss in
coming section)
L2CAP
Logical Link Control and Adaptation Protocol Do not have the responsible to control data
flow, it is depend on the reliable device to
device baseband link provided by Bluetooth
hardware.
Included in Btd.dllBluetooth Universal
Transport Manager(BthUniv)
It is the intermediate transport driver whichlocated in the middle of HCI layer andTransport layer.
It is used to spot the Plug and Play devices andresponsible to execute correct transport driver/
Located in Bthuniv.dllHCI Transport Layer Operate in transport layer and is responsible to
transfer the HCI commands to the Bluetooth
hardware.
LMP Have the services of authentication andencryption.
Stand for Link Manager Protocol. Standard that used to manage link
establishment between Bluetooth devices.
BB It is stand for Baseband Used to permit the physical radio frequency
link among Bluetooth units that produce a
Piconet.
The table above is reference from (msdn, 2006)
-
7/29/2019 Overview of Bluetooth
9/37
Page 9 of37
3.2. Advantages and Disadvantages of Bluetooth Technology
3.2.1. Advantages
The most obvious advantage of using Bluetooth is that it is accepted bythe entire world and it is a standard which is supported by more than two
thousand manufacturers (InterBluetooth, n.d.).
Can be used on most of the mobile computing devices such as lap top,PDA, smart phone, headset and so on (InterBluetooth, n.d.).
Another significant advantages its installation fees is very cheapcompare to other wireless technologies. It is because Bluetooth is license
free and it did not require any charges compare to other wireless
network service (InterBluetooth, n.d.).
It is similar with Non- Line of Sight (NLON) technology which will notinterrupt by obstacles (InterBluetooth, n.d.).
By using channel hopping, Bluetooth can dodging the interference fromany other wireless devices and help to provide an error free data
transmission environment (InterBluetooth, n.d.).
Support maximum number of 7 devices to inside a range which up to 10meters, which is the best solution for a home network (InterBluetooth,
n.d.). This network also known as Piconet, we will discuss it in detail on
coming sub-topic.
It consumes very less power because generally the range of Bluetoothsupport user to communicate with others is only up to 10 meters
(InterBluetooth, n.d.).
3.2.2. Disadvantages Compare with infrared technology, Bluetooth only support 2.1Mbps data
transfer rates where infrared technology can support 4Mbps data transfer
rates.
Although it consumes very less power but it will still waste power if youleft it running at background.
-
7/29/2019 Overview of Bluetooth
10/37
Page 10 of37
3.3. Piconet
Piconet in Bluetooth is meaning that several node are connected and to form a
connection which similar with a LAN connection. But in Bluetooth we call it as a
Personal Area Network (PAN). It is built by Slave and Master (Al-Hasani, n.d.).Each node in the Piconet has 28-bit internal clock and 48-bit address (Al-Hasani,
n.d.). During the beginning stage, each of the node do not recognize each other, to
establish the communication each of the node will send out an inquiry to other slaves
which is located in the same range (Al-Hasani, n.d.). After that it will entered in to the
paging state (Al-Hasani, n.d.). It is the state where the packet is starting to exchange
between the nominated Master and the prospective slaves (Al-Hasani, n.d.). There are
a reverse in the paging state and inquiry state. In paging state the master disclose the
slave (Al-Hasani, n.d.). In inquiry state, the slaves disclose their master (Al-Hasani,
n.d.). The maximum number of devices connect to a Piconet is 8, one Master and 7
slaves (Al-Hasani, n.d.). This network is temporary network and the data connection
within the Piconet can be added or removed dynamically (Al-Hasani, n.d.).
Figure 3.2: Example of a Piconet temporary network
-
7/29/2019 Overview of Bluetooth
11/37
Page 11 of37
3.4. Scatternet
Scatternet is also one type of the network that can be found in Bluetooth. It is
similar with the Piconet. In fact, it is actually is the bigger size of Piconet. Scatternetis formed by two or more Piconet which connected together (NOKIADeveloper, n.d.).
The formation of Scatternet is that a slave from a Piconet can become a master for
another Piconet (NOKIADeveloper, n.d.). This merge is known as the Scatternet
(NOKIADeveloper, n.d.). The maximum number of Scatternet is 10.
Figure 3.3: Example of a Scatternet
3.5. Types of Bluetooth
Figure 3.4: Overview of types of Bluetooth (Padgette, Scarfone and Chen , 2012)
Bluetooth can be categories into three types. Figure 3.3 is the summary of the
types of classes which available in Bluetooth technology. mW is stand for miliwatts
and decibels referenced to one miliwatt dBm (Padgette, Scarfone and Chen, 2012).
Class 2 type of Bluetooth is the type we will always interact with in our daily
operation.
-
7/29/2019 Overview of Bluetooth
12/37
Page 12 of37
4. Bluetooth Security Feature
Again we will talk about the security. No matter what category, industry you
are in security concern is always the major issues that we need to focus. In businesstheir security is how to ensure their money can keep in a safety place and how to
ensure their confidential information will not leak out and known by its competitor. In
IT world, the security is about how to protect the data during the data transmission
and how to secure the data and information which is stored in the database or server.
In this topic, we will show some security feature that the Bluetooth technology used
to secure its services to their users.
4.1. Basic Security Feature
When we talk about basic security feature, as an IT field student or workers
usually we will know that it is about CIA, Confidentiality, Integrity and
Authentication. This three is the most basic security features that every program
should have. In Bluetooth it did not support all this three function, but it is actually
very similar, it just replacing the Integrity into Authorization. In my opinion it is
because Bluetooth is usually used for short range data transmission, so that it is very
hard to interrupt the data connection and changing the data within the same area very
quickly. So that, they did not state Integrity in their basic security feature lists. Just
to recap that, there are three basic security features or we may call it as security
services that are specified in Bluetooth standard. First one is the Authentication
service. It is used to verify the ident ity of the communicating devices based on their
Bluetooth device address by Padgette, Scarfone and Chen. Besides this service also
offer and extra function, if the Bluetooth devices that attempt to connect to the
Piconet are not able to authenticate correctly it will use the abort mechanism to abort
the attempt (Ivris Marcelo, n.d.). Then the second is the Confidentiality. It is used to
preventing information compromise caused by eavesdropping by ensuring that only
authorized device can access and view transmitted data by Padgette, Scarfone and
Chen. Its mean that only the sender and receiver can have access to the content. The
last one will be the Authorization. This feature is design to control the resources to
avoid un-authorized devices to use the service (Ivris Marcelo, n.d.). Bluetooth willalways operate this this question are this devices authorized? Can it have access to
-
7/29/2019 Overview of Bluetooth
13/37
Page 13 of37
this service during its operation (Ivris Marcelo, n.d.). By implementing this services,
Bluetooth can secure the resources will not be used by any other third party member
or any other un-authorized devices.
4.2. Service Level of Bluetooth Technology
There are three available service level can be found in Bluetooth. Because of
these three level of services is provided, it made the demands for authorization,
encryption and authentication can be set all alone (Ivris Marcelo, n.d.). The three
security levels are:
Service Lv1 Those that need authentication and authorization (Ivris Marcelo,
n.d.).
Only the trusted Bluetooth devices can obtain automatic access(Ivris Marcelo, n.d.).
Manual authorization operation is assign to untrusted Bluetoothdevices (Ivris Marcelo, n.d.).
Service Lv2 Those that need only authentication (Ivris Marcelo, n.d.). After finishing and passed the authentication process, the access to
the application is granted (Ivris Marcelo, n.d.).
In this service level it does not require authorization process (IvrisMarcelo, n.d.).
Service Lv3 Those that is open to all devices (Ivris Marcelo, n.d.). Do not go through the authentication process (Ivris Marcelo, n.d.). The access to an application is allocated automatically (Ivris
Marcelo, n.d.).
The architecture of Bluetooth technology allows for defining security policiesthat can set trust relationship (Ivris Marcelo, n.d.). Its mean that, not all device can get
-
7/29/2019 Overview of Bluetooth
14/37
Page 14 of37
access to all other services (Ivris Marcelo, n.d.). This policy allows the trusted devices
to access some specific services only (Ivris Marcelo, n.d.). It is very essential that to
gain knowledge about this critical point, because the Bluetooth core protocols can
only authenticate the device itself not the user itself (Ivris Marcelo, n.d.). However, it
not meaning that user-based access control is not available in Bluetooth ( Ivris
Marcelo, n.d.). Bluetooths security architecture also supports the application to
implement or execute their own security policies (Ivris Marcelo, n.d.). Furthermore,
the link layer (Bluetooth specific security control layer) of Bluetooth is open to the
security controls imposed by the application layers (Ivris Marcelo, n.d.). Therefore,
there is a way to operate the user-based authentication process and fine-grained access
control inside the Bluetooth security architecture (Ivris Marcelo, n.d.).
4.3. Key Management
In the security architecture of Bluetooth, it provides Bluetooth a secure data
communication environment by implementing the symmetric key cryptography (Lee,
2006). Symmetric key cryptography in Bluetooth is used to generate and shared the
public key (also known as common link key) for the two communicating Bluetooth
devices (Lee, n.d.). This procedure is used to provide the services of authentication
process and encryption (Lee, n.d.). Encryption is the method that transforms plain text
into cipher text which is not readable by human. This key management feature will
be further discussed on the coming sub-topic.
-
7/29/2019 Overview of Bluetooth
15/37
Page 15 of37
5. Key Generation and Security Mode
5.1. Security Modes
In Bluetooth there are four different types of security mode. In this sub-topic
we will talk about it. Besides that, we will also talk about the two faith levels which
are also available in Bluetooth technology. First at all we will discuss about the three
modes:
Mode 1 In this mode there are no securities at all (Akhavan and Vakily,
2011).
The Bluetooth devices will not start any security feature or protocolto ensure the security (Akhavan and Vakily, 2011).
Mode 2 Service-level security A channel on Logical Link Control and Adaptation Protocol
(L2CAP) level is initiated without any security process (Akhavan
and Vakily, 2011).
There are different security necessities can be set for each of theapplication, if the application that running on the Bluetooth device
require low security then its requirement can be set to low, if it
require high security to transmit confidential data the security
requirement can be set to high (Akhavan and Vakily, 2011).
Mode 3 Link-level security Will start the security procedures for a secure connection before
creating a channel on L2CAP level (Akhavan and Vakily, 2011).
It is an default assembly security mechanism It is not aware of service or application-layer security by Akhavan
and Vakily
-
7/29/2019 Overview of Bluetooth
16/37
Page 16 of37
Mode 4 Introduced at Bluetooth v2.1 + EDR (Radio-Electronics.com, n.d.) It is used to secure simple pairing process by using Elliptic Curve
Diffie Hellman (ECDH) method for key exchange and link key
generation (Radio-Electronics.com, n.d.).
There are four security necessities for services protected by thismode is:
Authenticated link key (Radio-Electronics.com, n.d.) Unauthenticated link key (Radio-Electronics.com, n.d.) No security required (Radio-Electronics.com, n.d.)
This mode is the compulsory mode which make communicationpossible between v2.1 + EDR devices (Radio-Electronics.com,
n.d.).
After briefing all the three security mode, now we try to go a litter bit more
detail here. In the security mode 2, setting per service and per device basis are made
(Akhavan and Vakily, 2011). It required two databases in Bluetooth technology, one
of the databases is used to store device information and another one is used to store
service information (Akhavan and Vakily, 2011). Furthermore, the application
software provides the security configuration contained in the service database
(Akhavan and Vakily, 2011). In the other than the information about the past sessions
with other Bluetooth devices is store in the device database (Akhavan and Vakily,
2011).
Then we now go to the two faith levels. The level stated here is the trusted
and untrusted level. As the name goes to trust, it means the device is already passed
the authentication process or it is already paired so that it will be marked as trusted in
the device database (Akhavan and Vakily, 2011). In trusted level it has 15 unrestricted
accesses to all services (Akhavan and Vakily, 2011). When go to untrusted level it has
restricted access to services (Akhavan and Vakily, 2011). It is untrusted because it is
unknown or new devices or it never paired with the Bluetooth devices before so that it
did not save inside the device database (Akhavan and Vakily, 2011). By default, the
new devices will always be treating as untrusted (Akhavan and Vakily, 2011).
-
7/29/2019 Overview of Bluetooth
17/37
Page 17 of37
5.2. Types of Key in Bluetooth
In Bluetooth there are four different types of key that will used to secure the
data transmission and also making authorized the Bluetooth devices to communicatewith another Bluetooth devices. The four type of key is Initialization Key,
Combination or unit keys, Master Key and Encryption Key (Akhavan and Vakily,
2011).
Initialization Key It is the first key that being produce during the pairing procedure
(Akhavan and Vakily, 2011).
It is used to generate the next type of key in the later pairingprocedure (Akhavan and Vakily, 2011).
After the next type of key is generated this key will be expired(Akhavan and Vakily, 2011).
The strength of this key relies solely on a 4 to 16bytes PIN(Akhavan and Vakily, 2011).
Combination or Unit Keys Combination key is known as Kab and Unit Key is known as Ka
(Akhavan and Vakily, 2011).
Both of this key will store at the Bluetooth devices permanentlyunless the devices updated through the link key update process
or the broadcast encryption scheme (Akhavan and Vakily,
2011).
These two key can be used at any time, but it is only limit to theBluetooth devices which is sharing this key (Akhavan and
Vakily, 2011)
Master key
The Bluetooth specification defines shared master key to allowPiconet master to encrypt broadcast traffic by Akhavan and
Vakily.
-
7/29/2019 Overview of Bluetooth
18/37
Page 18 of37
Encryption Key Also known as Kc, it is generated from the current link keys and
it will be updated when the Bluetooth devices entered to the
encryption mode (Akhavan and Vakily, 2011).
Another function of Kc is to create a cipher stream KCipher thatin turn will be XORed with payloads (Akhavan and Vakily,
2011).
5.3. Generation of the initialization key, Kinit
The link key that is used in the initialization process is also known as
initialization key Kinit (Giousouf, n.d.). It is generated by using a BD_ADDR which is
a pin code and also a random number IN_RAND (Giousouf, n.d.). Both of this two
value BD_ADDR and IN_RAND will go through an algorithm E22 to generate this
initialization key (Giousouf, n.d.). The pin code which used to generate BD_ADDR is
enter by the user into both Bluetooth devices (Giousouf, n.d.). This code will be saved
as the original secret used for the key generation (Giousouf, n.d.). Note that the PIN
shall not more than 16 bytes since the algorithm that used to produce the BD_ADDR
are not support more than 16 bytes (Giousouf, n.d.).
Figure 5.1: Generation of Initialization Key (Giousouf, n.d.)
-
7/29/2019 Overview of Bluetooth
19/37
Page 19 of37
5.4. Generation of Unit Key, KA
This key is generated by using E21 algorithm (Giousouf, n.d.).
Figure 5.2: Generation of Unit Key (Giousouf, n.d.)
5.5. Generation of Combination Key, KAB
Combination key is the combination of two devices generated random value
and using the algorithm E21 to generate LK_KA and LK_KB (Giousouf, n.d.). Before
LK_KA and LK_KB is generated by using the random value which generated by the
two device LK_RANDA and LK_RANDB (Giousouf, n.d.). After that LK_KA and
LK_KB will be XORed with the current link key and exchanged (Giousouf, n.d.).
After both the Bluetooth devices generated the new combination key, a mutual
authentication process is initiated to ensure that the success of the transaction
(Giousouf, n.d.). Then the link key will be drop or expired after a successful exchange
of a new combination key (Giousouf, n.d.).
Figure 5.3: Generation of Combination Key (Giousouf, n.d.)
-
7/29/2019 Overview of Bluetooth
20/37
Page 20 of37
5.6. Generation of Master Key, Kmaster
First at all we need to create a new link key from two 128-bit random number
which also technically known as RAND1 and RAND2 (Giousouf, n.d.). After thesetwo random numbers are generated they will be process by using algorithm E 22 to
generate Kmaster(Giousouf, n.d.).
Kmaster= E22 (RAND1 and RAND2,16)
After that another RAND is send to the slave (Giousouf, n.d.). On each side an
overlay (OVL) is calculated using algorithm E22 with the current link key and the
RAND as the input (Giousouf, n.d.).
OVL= E22 (K,RAND,16)
The master will then sending the bitwise XOR of the OVL and the new link to
the slave and the slave will start calculating the Kmaster (Giousouf, n.d.). In order to
completing this transaction successfully the devices will then operate an
authentication process by using the new generated link key (Giousouf, n.d.). This
process will be repeat when each of the slave receives the new link key (Giousouf,
n.d.).
Figure 5.4: Generation of Master Key (Giousouf, n.d.)
-
7/29/2019 Overview of Bluetooth
21/37
Page 21 of37
5.7. Generation of Encryption Key, KC
The Encryption key is generated by using algorithm E3. To use E3 we need
used three component, first is the current link key, second is the 96-bit Cipher OFsetnumber (COF) and the third is the 128-bit random generated number(Giousouf, n.d.).
Figure 5.5: Generation of Encryption Key (Giousouf, n.d.)
5.8. Algorithm that used to generate Keys
Figure 5.6: Algorithm E21 (Giousouf, n.d.)
-
7/29/2019 Overview of Bluetooth
22/37
Page 22 of37
Figure 5.7: Algorithm E22 (Giousouf, n.d.)
Figure 5.8: Algorithm E3 (Giousouf, n.d.)
-
7/29/2019 Overview of Bluetooth
23/37
Page 23 of37
5.9. Pairing Process
There is a critical process that must be going through when Bluetooth wanted
to generate a common key for authentication and encryption between two Bluetoothdevices (Akhavan and Vakily, 2011). The process is known as pairing process. First at
all, both the Bluetooth devices need to enter a security code which is matched for the
two devices. This process means that both of the devices users are agree to establish a
connection (seguridadmobile, n.d.). Actually the pairing process is very simple it just
keep on exchanging a set of random number and identify the exchanged random
number either it is matched with the previous sent out random number or not. After
the first match, an authentication key is generated, then after the second match link
key is being created. This pairing procedure only have to do one time, after the
connection is terminated it will generate a new session with new Encryption key
(NATIONALINSTRUMENTS, 2008). During the time the Bluetooth devices wanted
to be connected again they can use the Encryption key to secure data communication
(NATIONALINSTRUMENTS, 2008). Then the Authentication identify by using the
Link keys (NATIONALINSTRUMENTS, 2008).
Figure 5.9: Pairing process between Bluetooth device (NATIONALINSTRUMENTS,
2008).
-
7/29/2019 Overview of Bluetooth
24/37
Page 24 of37
6. Authentication and Confidentiality
6.1. Authentication
Base on the research paper ofPadgette and Scarfone in 2008, the authentication
process of Bluetooth technology is in the form of a challenge-response scheme. By
referring to this method each of the Bluetooth devices which are involved in the
authentication process are known as the claimant or the verifier (Padgette and
Scarfone, 2008). Claimant, it is the term that used to identify the Bluetooth devices
which wanted to prove its identity (Padgette and Scarfone, 2008). In the other hand
verifier, is the Bluetooth devices which are authenticating the identity of the claimant
(Padgette and Scarfone, 2008). Challenge-response protocol is the method that
authenticating the devices by verifying the knowledge of the secret key that used in
Bluetooth technology (Padgette and Scarfone, 2008). The key is known as Bluetooth
Link Key (Padgette and Scarfone, 2008).
Figure 6.1: Authentication Process in Bluetooth (Padgette and Scarfone, 2008)
-
7/29/2019 Overview of Bluetooth
25/37
Page 25 of37
The step that involved in the process of Figure 6.1 are as follows:
1. The process starts from the verifier transmitting a 128-bit random numberto the claimant (Padgette and Scarfone, 2008). The random numbers are
also called as random challenge (AU_RAND) (Padgette and Scarfone,
2008).
2. Then the verifier and claimant will proceed to generate a critical 32 bitsoutput by using E1 algorithm (Padgette and Scarfone, 2008). To use this
algorithm both of them will use their unique 48-bit Bluetooth device
address (BD_ADDR), the link key and also the random numer
(AU_RAND) as an input for the algorithm (Padgette and Scarfone, 2008).
As I mention just now only the critical 32-bits output will be used for
authentication process the remaining 96 bits will be used to create
Bluetooth encryption key (Padgette and Scarfone, 2008). This 96 bits
output is known as Authenticated Ciphering Offset (ACO) value (Padgette
and Scarfone, 2008).
3. Then the claimant will returns the critical 32bits of the E1 output as theresponse to the verifier(Padgette and Scarfone, 2008). This output is also
known as SRES (Padgette and Scarfone, 2008).
4. After receiving the SRES the verifier will then compares the SRES with itsown SRES which calculated by itself(Padgette and Scarfone, 2008).
5. If both of the values are matching then the authentication process iscompleted successfully (Padgette and Scarfone, 2008). In the other hand, if
both the values are mismatched, the authentication process is marked as
failed (Padgette and Scarfone, 2008).
For additional information, Bluetooth standard is actually supporting
authentication process by using one-way authentication and mutual authentication so
that it is more secure because the attacker cannot guess what method the Bluetooth
devices are using to authenticate each other(Padgette and Scarfone, 2008).
-
7/29/2019 Overview of Bluetooth
26/37
Page 26 of37
6.2. Confidentiality
In order to provide a confidentiality services to the user, Bluetooth standard
introduced three encryption modes (Padgette and Scarfone, 2008). The purpose ofthese three modes is to obstruct eavesdropping attacks to the payloads of the
transmitting data between Bluetooth devices (Padgette and Scarfone, 2008). However,
there are actually two of these modes providing confidentiality (Padgette and
Scarfone, 2008). The three modes are:
Encryption Mode 1 No encryption is executing on any traffic (Padgette and Scarfone,
2008).
Encryption Mode 2 Individual addressed traffic is encrypted using encryption keys based
on individual link keys by (Padgette and Scarfone, 2008)
Broadcast traffic is not encrypted by (Padgette and Scarfone, 2008)
Encryption Mode 3 All the traffic in this mode is encrypted by using the master link key
(Padgette and Scarfone, 2008).
Furthermore, the same encryption mechanism are applied on both Encryption
Mode 2 and 3 (Padgette and Scarfone, 2008). In Figure 6.2, the encryption key
provided to the encryption algorithm is created using an internal key generator (KG)
(Padgette and Scarfone, 2008). KG create stream cipher key based on the 128-bit link
key (Padgette and Scarfone, 2008). This link key is the secret of Bluetooth devices,
the EN_RAND and ACO (Padgette and Scarfone, 2008). The ACO value is created
during the authentication process which can be review on Figure 6.1 (Padgette and
Scarfone, 2008).
The Bluetooth encryption process is based on a stream cipher algorithm, E0
(Padgette and Scarfone, 2008). The key stream output is sent to the receiving devices
-
7/29/2019 Overview of Bluetooth
27/37
Page 27 of37
after it is exclusive-OR-ed with the payload bits (Padgette and Scarfone, 2008). This
key stream is created byusing Liner Feedback Shift Registers (LFSR) (Padgette and
Scarfone, 2008). BD_ADDR, ENRAND, slot number and encryption is taken as the
inputs of the encryption function when combined initialize the LFSRs before the
transmission of each packet (Padgette and Scarfone, 2008). The encryption key (KC)
is created from the current link key and may vary from 8 bits to 128 bits (Padgette and
Scarfone, 2008). For extra information here, the E0 algorithm is not the Federal
Information Processing Standards (FIPS) approved algorithm (Padgette and Scarfone,
2008).
Figure 6.2: Overview of Encryption Process in Bluetooth (Padgette and
Scarfone, 2008)
-
7/29/2019 Overview of Bluetooth
28/37
Page 28 of37
7. Bluetooth Vulnerabilities & Threats
7.1. Vulnerabilities
Although Bluetooth technology are not a very frequent used techniques in
modern world but it still used many protocol and method to secure data transmission
between Bluetooth devices. However, nothing is perfect, human will make mistake, of
course the machine and protocol which designed and developed by human will make
mistake too. In this topic we are going to discuss about the vulnerabilities that found
on Bluetooth technology.
7.1.1. Vulnerabilities before Bluetooth v1.2
Link Key is based on Unit Key The major problem in here is not that link key cannot based on
unit key, the problem is because the key is static and reusable so
that it is less of security. Besides it can lead to eavesdropping and
spoofing if the key is obtain by attacker (Padgette, Scarfone and
Chen , 2012).
7.1.2. Vulnerabilities before Bluetooth v2.1
Three problem Security Mode 1 does not initiate security method. It make that
the communicated made in this mode is insecure (Padgette,
Scarfone and Chen , 2012).
PIN code can be very short even through it can support up to16bits (Padgette, Scarfone and Chen , 2012). Short PIN is easy to
guess and hack.
Encryption key stream will be re-use afer 23.3 hours (Padgette,Scarfone and Chen , 2012). If the connection lasts more than
23.3 hour the clock value will be repreted hence generating an
identical key stream to that user earlier in the connection by
Padgette, Scarfone and Chen on 2012.
-
7/29/2019 Overview of Bluetooth
29/37
Page 29 of37
7.1.3. Vulnerabilities in Bluetooth v2.1 and v3.0
Static SSP passkey Random key or session key should be used for each pairing try
(Padgette, Scarfone and Chen , 2012). Security Mode 4
Because it is not supported by every bluetooth devices, when theBluetooth device does not support this mode, the devices can fall
back to mode 1 which did not secure by any security protocol or
method (Padgette, Scarfone and Chen , 2012).
7.1.4. Vulnerabilities in Bluetooth before v4.0
Attempts for authentication are repeatable Because this process can be repeat so that the attacker can
keeping requesting the random number so that they might able to
guess the information about secret link key (Padgette, Scarfone
and Chen , 2012).
It should limit the authentication request to prevent attackerkeeping attempt for authentication (Padgette, Scarfone and Chen
, 2012).
Master key problem The master key is used by all the member in the Piconet for
broadcast encryption. (Padgette, Scarfone and Chen , 2012).
Which mean that if the Piconet have 7 connecting devices all of
them are using the same master key (Padgette, Scarfone and
Chen , 2012).
This secret key should not share to more than 2 party, because itis insecure (Padgette, Scarfone and Chen , 2012).
-
7/29/2019 Overview of Bluetooth
30/37
Page 30 of37
7.2. Threats
In this section we will show out a brief overview of threats that the Bluetooth
technology are facing.
Threats Description
Bluesnarfing This attack is about the attackers obtain theaccess to a Bluetooth devices by exploiting a
firmware flaw in the older Bluetooth devices
(Padgette, Scarfone and Chen , 2012).
This attack will allow access to get IMEIinformation, after obtain this information the
attacker can used it to route all incoming call
from the user devices to the attacker devices
(Padgette, Scarfone and Chen , 2012).
Bluejacking This attack start from sending unsolicitedmessage to the Bluetooth devices (Padgette,
Scarfone and Chen , 2012).
This message create no harm but seduce theuser to respond some phishing message
(Padgette, Scarfone and Chen , 2012).
Bluebugging This attack is achieved by using the securityflaw in the firmware of some older version of
Bluetooth devices to get access to the devices
data and its commands (Padgette, Scarfone
and Chen , 2012).
The command can by executed withoutnoticing the user itself (Padgette, Scarfone and
Chen , 2012).
Denial of Service This type of attack is not very harmful butannoying.
This attack is about draining the devicesbattery by making the interfaces not functional
-
7/29/2019 Overview of Bluetooth
31/37
Page 31 of37
(Padgette, Scarfone and Chen , 2012).
Car Whisperer It is a software tools which is introduced byEuropean security researchers that exploits a
key implementation problem in hands-freeBluetooth car kits (Padgette, Scarfone and
Chen , 2012).
It makes the attacker can access the audiofrom the microphone in the car or even
sending audio to the cars speaker (Padgette,
Scarfone and Chen , 2012).
Fuzzing Attacks This attack is about sending malformed ornon-standard data to the devices and to check
how the devices will operate after the attack
(Padgette, Scarfone and Chen , 2012).
If the devices is stop functioning a seriousvulnerability is exposed and more attack will
be found later, because it is related with the
protocol stack of the technology (Padgette,
Scarfone and Chen , 2012).
Secure Simple Pairing
Attacks
To force the devices to operate in Just WorksSSP which will cause MITM (Padgette,
Scarfone and Chen , 2012).
This means that the devices will not able toperform input and output (Padgette, Scarfone
and Chen , 2012).
This attack can be also achieved by using thefixed passkey to perform MITM attack
(Padgette, Scarfone and Chen , 2012).
-
7/29/2019 Overview of Bluetooth
32/37
Page 32 of37
8. Bluetooth Countermeasures
In order to provide a more secure and provide confidentiality and integrity
services to the user, Bluetooth standards organizations should come out with someproper and well planning countermeasures to ensure that their planning can be
implemented successfully. In this sub-topic we going to discuss some of the possible
item or entity which may be implemented by the Bluetooth standard to mitigating the
risk or threats of Bluetooth standard are facing or dealing with. But of course it does
not mean by implementing and developing this set of recommendation
countermeasures will guaranty that the Bluetooth can be operate in a hundred percent
safety environment but for sure it may help to improving and enhancing the security
level in Bluetooth standard. This set of suggestion is not fully about technically it also
involved some personal behavior about the user, by follow the guideline which will be
stated later it should help to reduce the threat or risk that Bluetooth are facing
currently (Padgette, Scarfone and Chen , 2012).
Here we going to list some recommendation of security that the Bluetooth
standard can used it to further enhance their security. We try to separate it into two
categories which are highly recommended practice. This is the categories that we
think that is important and more executable to help Bluetooth to secure their services.
Another categories is should consider, in this categories the recommendation is
required more resources to implement and should be considered carefully by the
organization.
Highly Recommended Practice Developing an organizational wireless security policy that addresses
Bluetooth technology (Padgette, Scarfone and Chen, 2012).
Confirm that the Bluetooth users in the network will highly aware oftheir security-related responsibilities about Bluetooth use (Padgette,
Scarfone and Chen, 2012).
Set up a timetable to perform overall security assessments, it can assistthem to understand their organizations Bluetooth security posture
(Padgette, Scarfone and Chen, 2012).
-
7/29/2019 Overview of Bluetooth
33/37
Page 33 of37
Can try to document the possible risk and vulnerability of Bluetoothdevices, this can help the user having more awareness to avoid this
type of attack to be happened and also helping them to have an overall
understanding of the connectivity between each Bluetooth devices
(Padgette, Scarfone and Chen, 2012).
The organization can also prepare a set or precautionary measureswhich can help the user to take better action to protect the Bluetooth
devices from theft (Padgette, Scarfone and Chen, 2012).
By changing the default setting of Bluetooth devices to match theorganization security policy it can help to enhance the security level
(Padgette, Scarfone and Chen, 2012). It is because the default setting is
not matching with the organization security policy and those setting are
usually not secure enough (Padgette, Scarfone and Chen, 2012).
Change the Bluetooth devices to the lowest power level which meansthat reduces the connectivity range can help to prevent others
unauthorized user attempt to attack the network (Padgette, Scarfone
and Chen, 2012).
Another technical practice that the organization should practice is tochange the PIN code which is not convenient to use (Padgette,
Scarfone and Chen , 2012). It means that the PIN code should be long
and complicated and also preventing the user using static PIN code for
more than 1 month (Padgette, Scarfone and Chen, 2012). This can help
to avoid PIN code being track by intentional attacker.
Ensuring that the link keys are not based on unit key because theshared unit keys can exposed many vulnerability and several attack is
started at this area (Padgette, Scarfone and Chen, 2012). Example of
attack that can start from this area are eavesdropping and MITM
(Padgette, Scarfone and Chen, 2012).
Always set the Bluetooth devices to be undiscoverable by otherdevices unless a pairing process is required at the particular period
(Padgette, Scarfone and Chen, 2012).
Ensuring that when the Bluetooth devices is connected to any otherdevice interface a password input is requested (Padgette, Scarfone and
-
7/29/2019 Overview of Bluetooth
34/37
Page 34 of37
Chen, 2012). It can help to prevent unauthorized user gaining access to
the device (Padgette, Scarfone and Chen, 2012).
Should Consider The organization can prepare a complete inventory list of Bluetooth-
enable wireless devices which can be refer when they wanted to
perform an audit that is searching for un-authenticated use of wireless
technologies (Padgette, Scarfone and Chen, 2012).
Use application-level authentication and encryption atop theBluetooth stack for sensitive data communication by Padgette,
Scarfone and Chen in 2012. It is because Bluetooth devices can always
refer to the local memory can obtain the link key which can make them
able to connect to the previous paired Bluetooth devices (Padgette,
Scarfone and Chen, 2012). This procedure is very insecure because if
the devices is lost and obtain by an attacker, the attacker will be able to
access the data without noticing another user in the network (Padgette,
Scarfone and Chen, 2012).
It can also enhanced by employing more authentication method such asbiometrics, public key infrastructure (PKI) or two-factor authentication
(Padgette, Scarfone and Chen, 2012).
-
7/29/2019 Overview of Bluetooth
35/37
Page 35 of37
9. Conclusion
At the end of this research paper, I would like to describe some of my personal
opinion about Bluetooth technology. In this modern era, almost everydayorganizations are introducing some kind of new technology. The growing speed of
electrical and technical industry is very fast. Many new technology getting old and not
interest by people after the new technique is introduced. For Bluetooth, it already quit
from the list of frequently used technology for data transmission or data
synchronization. But it still maintains its own strengths and advantages compare with
other competitor technique.
However, it still can be further enhanced. As we mentioned in the earlier topic,
in order to secure the data transmission between Bluetooth and avoiding intentional
attacker to get access to the Bluetooth network, we are suggested to reset the setting to
make the connection range become smaller. There is a consequence found on this
countermeasure. It actually reducing the effectiveness of Bluetooth, because the data
connectivity range of Bluetooth is already very small now we still setting it become
smaller, means that the data transmission can only be done in very particular small
area. What I would like to suggest here is, try to finding a new solution which is about
to reset the connectivity range from horizontally, to vertically. It is because usually
the office is located in tall building, the range the user needs for transmission should
be vertically and not horizontally, so that I think that is good to have such technology
can be utilize in an office like this case. I believe all the organization would like to
implement this cheap, easy to implement and provide effective and efficient data
transmission and synchronization technology to run their daily operation instead of
using high charge WiMax or LTE or brand new 4G or 5G technique.
-
7/29/2019 Overview of Bluetooth
36/37
Page 36 of37
10. Reference
Al-Hasani, H., n.d.BLUETOOTH SCATTERNET BASED ON CCC[pdf].Available at
: [Accessed 11 June 2013]
Akhavan, M. and Vakily, V.T. 2011. Improvement Bluetooth Authentication and
pairing protocol using Encrypted Key Exchange and Station-to-Station MAC
Protocols [pdf].Available at : [Accessed
13 June 2013]
Giousouf, A. n.d. Bluetooth Security [pdf].Available at : [Accessed 16 June 2013]
InterBluetooth, n.d. The Pros and Cons of Bluetooth Technology [Online].Available
at: [Accessed 12 June
2013]
Ivris Marcelo, B.N., n.d. Bluetooth Security Features [pdf].Available at : [Accessed
12 June 2013]
Kardach, J., n.d. Bluetooth* Architecture Overview [pdf].Available at : [Accessed 13 June 2013]
Lai, J., May 2006.Introduction to Bluetooth Technology [Online].Available
at: [Accessed 11 June 2013]
Lee, CS., n.d.Bluetooth Security Protocol Analysis and Improvements [pdf].Available
at : [Accessed 13 June
2013]
NOKIADeveloper., n.d.Bluetooth Overview [Online].Available
at:
[Accessed 12 June 2013]
NATIONALINSTRUMENTS., 11 April 2008.Bluetooth [Online].Available
at: [Accessed 13 June 2013]
msdn., 2006.Bluetooth Stack Architecture (Window CE5.0) [Online].Available
at: [Accessed 13 June
2013]
Padgette, J. Scarfone, K. Chen, L., June 2012. Guide to Bluetooth Security
[pdf].Available at :< http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-
121_rev1.pdf> [Accessed 12 June 2013]
Padgette, J. Scarfone, K., September 2008. Guide to Bluetooth Security
[pdf].Available at :
[Accessed 16 June 2013]
Radio-Electronics.com, n.d. Bluetooth Security [Online].Available at : [Accessed
16 June 2013]
seguridadmobile., n.d.Bluetooth security mechanisms [Online].Available
at: [Accessed 13 June 2013]
https://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttp://www.developer.nokia.com/Community/Wiki/Bluetooth_Overviewhttp://www.developer.nokia.com/Community/Wiki/Bluetooth_Overviewhttp://www.ni.com/white-paper/7104/enhttp://www.ni.com/white-paper/7104/enhttp://msdn.microsoft.com/en-us/library/ms890956.aspxhttp://msdn.microsoft.com/en-us/library/ms890956.aspxhttp://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdfhttp://www.mcs.csueastbay.edu/~lertaul/BluetoothSECV1.pdfhttp://www.mcs.csueastbay.edu/~lertaul/BluetoothSECV1.pdfhttp://www.mcs.csueastbay.edu/~lertaul/BluetoothSECV1.pdfhttp://www.radio-electronics.com/info/wireless/bluetooth/security.phphttp://www.radio-electronics.com/info/wireless/bluetooth/security.phphttp://www.seguridadmobile.com/bluetooth/bluetooth-security/security-mechanisms.htmlhttp://www.seguridadmobile.com/bluetooth/bluetooth-security/security-mechanisms.htmlhttp://www.seguridadmobile.com/bluetooth/bluetooth-security/security-mechanisms.htmlhttp://www.seguridadmobile.com/bluetooth/bluetooth-security/security-mechanisms.htmlhttp://www.seguridadmobile.com/bluetooth/bluetooth-security/security-mechanisms.htmlhttp://www.radio-electronics.com/info/wireless/bluetooth/security.phphttp://www.mcs.csueastbay.edu/~lertaul/BluetoothSECV1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdfhttp://msdn.microsoft.com/en-us/library/ms890956.aspxhttp://www.ni.com/white-paper/7104/enhttp://www.developer.nokia.com/Community/Wiki/Bluetooth_Overviewhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmkhttps://www.google.com.my/url?sa=t&rct=j&q=&esrc=s&source=web&cd=13&cad=rja&ved=0CDkQFjACOAo&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.122.3116%26rep%3Drep1%26type%3Dpdf&ei=nga5UcmeJNGxrAejxYDgAg&usg=AFQjCNH3icrNZ5fyO94WcBLtFRUDUPnxAA&sig2=eRHjqHwiomeNT0Aw23JYVg&bvm=bv.47883778,d.bmk