Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.
-
Upload
clifton-waters -
Category
Documents
-
view
228 -
download
0
Transcript of Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.
![Page 1: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/1.jpg)
Overview of the security weaknesses
in Bluetooth
Dave SingeléeCOSIC seminar 11/06/2003
![Page 2: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/2.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 3: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/3.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 4: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/4.jpg)
Personal Area Network (PAN)
Small number of mobile devices Heterogeneous Ad-hoc network Wireless (WPAN) Small range
![Page 5: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/5.jpg)
Personal Area Network (PAN)
![Page 6: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/6.jpg)
Constraints Limited battery power Computational power Small amount of memory Small range Ad-hoc network Not always I/O-interface
![Page 7: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/7.jpg)
Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …
![Page 8: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/8.jpg)
Different technologies Infrared (IrDA) Radio propagation (Bluetooth) Human body (Body Area Networks) …
![Page 9: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/9.jpg)
Bluetooth 1998: Bluetooth SIG IEEE 802.15 Range < 10m 2.4 GHz ISM band Spread spectrum & frequency hopping 1 Mbit/s Piconets: 1 master and up to 7 slaves
![Page 10: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/10.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 11: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/11.jpg)
My colour convention XXX = public value XXX = secret value
XXX = sent in clear XXX = sent encrypted
![Page 12: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/12.jpg)
Protocols in Bluetooth
1. Generation of unit key2. Generation of initialization key3. Generation of link key4. Mutual authentication5. Generation of encryption key6. Generation of key stream7. Encryption of data
![Page 13: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/13.jpg)
1. Generation unit key
E21RANDA
ADDRA
KA
![Page 14: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/14.jpg)
2. Generation initialization key
E22 E22
PIN
IN_RAND IN_RAND
PIN
L L
IN_RAND
KinitKinit
![Page 15: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/15.jpg)
3. Generation link key (1)
Kinit
KA = Klink
KKinit
KA = Klink
![Page 16: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/16.jpg)
3. Generation link key (2)
KAB = Klink
LK_RANDA LK_RAND
B
E21 E21
E21 E21
ADDRA ADDRB
LK_RANDA
LK_RANDB
KAB = Klink
ADDRB ADDRA
LK_RANDB
LK_RANDB
LKA
LKALKB
LKB
![Page 17: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/17.jpg)
4. Mutual authenticationADDRB
E1 E1
ADDRB
AU_RAND
Klink
AU_RAND
SRES
AU_RAND
Klink
ADDRB
SRES
SRES
ACO ACO
![Page 18: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/18.jpg)
5. Generation encryption key
EN_RAND
E3 E3
EN_RAND
EN_RAND
KlinkKlink
ACO ACO
KC KC
![Page 19: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/19.jpg)
6. Generation key stream
E0 E0
ADDRA
clockMASTE
RKC
KCIPHER KCIPHER
ADDRA
clockMASTE
RKC
![Page 20: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/20.jpg)
7. Encryption of data
KCIPHER KCIPHER
KCIPHER KCIPHER
DATA
DATA
DATA
DATA
![Page 21: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/21.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 22: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/22.jpg)
Most important security weaknesses
Problems with E0 Unit key PIN Problems with E1 Location privacy Denial of service attacks
![Page 23: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/23.jpg)
Problems with E0 Output (KCIPHER) = combination of 4
LFSRs Key (KC) = 128 bits Best attack: guess some registers -> 266 (memory and complexity)
![Page 24: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/24.jpg)
Unit keyKA = Klink
A B
![Page 25: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/25.jpg)
Unit keyKA = Klink
A
C
B
KA = K’link
![Page 26: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/26.jpg)
PIN Some devices use a fixed PIN
(default=0000) Security keys = security PIN !!!! Possible to check guesses of PIN
(SRES) -> brute force attack Weak PINs (1234, 5555, …)
![Page 27: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/27.jpg)
Problems with E1 E1 = SAFER+ Some security weaknesses
(although not applicable to Bluetooth)
slow
![Page 28: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/28.jpg)
Location privacy Devices can be in discoverable
mode Every device has fixed hardware
adress Adresses are sent in clear
-> possible to track devices (and users)
![Page 29: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/29.jpg)
Denial of service attacks Radio jamming attacks Buffer overflow attacks Blocking of other devices Battery exhaustion (e.g., sleep
deprivation torture attack)
![Page 30: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/30.jpg)
Other weaknesses No integrity checks No prevention of replay attacks Man in the middle attacks Sometimes: default = no security …
![Page 31: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/31.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 32: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/32.jpg)
Recommendations Never use unit keys!!!! Use long and sufficiently random
PINs Always make sure security is
turned on …
![Page 33: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/33.jpg)
Interesting solutions Replace E0 and E1 with AES Use MACs to protect integrity Pseudonyms Identity based cryptography Elliptic curves Use MANA protocols instead of PIN Use network layer security services
(IPSEC) to provide end-to-end security
![Page 34: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/34.jpg)
Outline of the talk
1. Introduction2. Protocols in Bluetooth3. Security problems4. Recommendations / solutions5. Conclusion
![Page 35: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/35.jpg)
Conclusion Bluetooth has quite a lot of
security weaknesses! Need for secure lightweight
protocols More research needed!!
![Page 36: Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.](https://reader035.fdocuments.net/reader035/viewer/2022062217/5697bfc21a28abf838ca506e/html5/thumbnails/36.jpg)
Questions
??