Embed Size (px)
DESCRIPTION
Xiuzhen Cheng [email protected]. Csci 388 Wireless and Mobile Security – Bluetooth and Security. Introduction. Named after Harold Bluetooth, King of Denmark (0952-0995 A.D.) Bluetooth Consortium was founded in Spring 1998 - PowerPoint PPT Presentation
Citation preview
Xiuzhen ChengXiuzhen Cheng
CsciCsci388388 Wireless and Mobile SecurityWireless and Mobile Security – Bluetooth and Security – Bluetooth and Security
Introduction
Named after Harold Bluetooth, King of Denmark (0952-0995 A.D.)Bluetooth Consortium was founded in Spring 1998
By Ericsson, Intel, IBM, Nokia, Toshiba; Now more than 2000 organizations joint the SIGGoal: developing a single-chip, low-cost, radio-based wireless network technology
Bluetooth is an open standard for short-range digital radio to interconnect a variety of devices
Cell phones, PDA, notebook computers, modems, cordless phones, pagers, laptop computers, printers, cameras, etc.
IEEE 802.15
In 1999, IEEE established a working group for wireless personal area networks (WPAN)
Contains multiple subgroupsIEEE 802.15.1
Standardizes the lower layers of the Bluetooth (together with the Bluetooth consortium)Bluetooth also specifies higher layers
IEEE 802.15.2Focuses on the coexistence of WPAN and WLANProposes the adaptive frequency hopping (used since version 1.2) that requires a WPAN device check for the occupied channels and exclude them from their hopping list
IEEE 802.15.3For high-rate at low-power low cost
IEEE 802.15.4Low-rate low-power consumption WPAN enabling multi-year battery lifeZigbee consortium tries to standardize the higher layers of 802.15.4
Bluetooth is a PAN Technology
Offers fast and reliable transmission for both voice and data
Can support either one asynchronous data channel with up to three simultaneous synchronous speech channels or one channel that transfers asynchronous data and synchronous speech simultaneouslySupport both packet-switching and circuit-switching
Personal Area Network (PAN)
Bluetooth is a standard that will …
Eliminate wires and cables between both stationary and mobile devicesFacilitate both data and voice communicationsOffer the possibility of ad hoc networks and deliver synchronicity between personal devices
Characteristics of Bluetooth Technology
2M is expected for Bluetooth 2
79 fr
eque
ncie
s, ea
ch c
hann
el is
use
d fo
r 62
5 m
icro
seco
nds
Bluetooth Topology
Bluetooth-enabled devices can automatically locate each otherTopology is established on a temporary and random basisUp to eight Bluetooth devices may be networked together in a master-slave relationship to form a piconet
One is master, which controls and setup the networkAll devices operate on the same channel and follow the same frequency hopping sequence
Two or more piconet interconnected to form a scatternet
Only one master for each piconetA device can’t be masters for two piconetsThe slave of one piconet can be the master of another piconet
A Typical Bluetooth Network
Piconet
Master sends its globally unique 48-bit id and clockHopping pattern is determined by the 48-bit device IDPhase is determined by the master’s clock
Why at most 7 slaves?Active member address is 3-bit
Parked and standby nodesParked devices can not actively participate in the piconet but are known to the network and can be reactivated within some milliseconds8-bit for parked nodesNo id for standby nodesStandby nodes do not participate in the piconet
ScatterNet
FH-CDMA to separate piconets within a scatternetMore piconets within a scatternet degrades performance
Possible collision because hopping patterns are not coordinatedA device participating in more than one piconet
At any instant of time, a device can participate only in one piconetIf the device participates as a slave, it just synchronize with the master’s hop sequenceThe master for a piconet can join another piconet as a slave; in this case, all communication within in the former piconet will be suspendedWhen leaving a piconet, a slave notifies the master about its absence for certain amount of time
Communication between different piconets takes place by devices jumping back and forth between these nets
Frequency Selection
FH is used for interference mitigation and media access; TDD is used for separation of the transmission directions
In 3-slot or 5-slot packets, why frequency does not change? Why some frequencies are skipped?
M S M S M S M
fk fk+1 fk+2 fk+3 fk+4 fk+5 fk+6
M (3-slot packet) S M S M
fk fk+3 fk+4 fk+5 fk+6
M S (5-slot packet) M
fk fk+1 fk+6
Physical Links
Synchronous connection-oriented link (SCO)Reserve two consecutive slots at fixed intervals
Asynchronous connectionless Link (ACL)Polling scheme – master polls each slave
Error recoveryACK a packet in the slot following the packetNegative ACK or timeout signals a retransmission
Power Management
Benefits
Cable ReplacementReplace the cables for peripheral devices, USB 1.1 and 2.0, printers, etc
Ease of file sharingPanel discussion, conference, etc.
Wireless synchronizationSynchronize personal information contained in the address books and date books between different devices such as PDAs, cell phones, etc.
Bridging of networksCell phone connects to the network through dial-up connection while connecting to a laptop with Bluetooth.
Security of Bluetooth
Security in Bluetooth is provided on the radio paths only
Link authentication and encryption may be providedTrue end-to-end security relies on higher layer security solutions on top of Bluetooth
Bluetooth provides three security servicesAuthentication – identity verification of communicating devicesConfidentiality – against information compromiseAuthorization – access right of resources/services
Fast FH together with link radio link power control provide protection from eavesdropping and malicious access
Fast FH makes it harder to lock the frequencyPower control forces the adversary to be in relatively close proximity
Security Modes
Exchange Business Cards Nee
ds a
secr
et k
ey
A security manager controls access to services and to devices
Security mode 2 does not provide any security until a channel has been established
Security Mode 3
Key Generation from PINPIN: 1-16 bytes. PINs are fixed and may be permanently stored. Many users use the four digit 0000
Bluetooth Key Generation From PIN
Bluetooth Initialization Procedure (Pairing)
Creation of an initialization key Creation of a link key Authentication
Creation of an Initialization Key
PIN
and
its l
engt
h
Creation of the Link Key
Authentication
Challenge-Response BasedClaimant: intends to prove its identity, to be verifiedVerifier: validating the identity of another deviceUse challenge-response to verify whether the claimant knows the secret (link key) or notIf fail, the claimant must wait for an interval to try a new attempt. The waiting time is increased exponentially to defend the “try-and-error” authentication attackMutual authentication is supportedThe E1 authentication algorithm is based on SAFER+
Challenge (128-bit)
Response (32-bit)
48-bit device address
Confidentiality
Authenticated Cipher Offset
Confidentiality
ACO (Authenticated Cipher Offset) is 96-bit, generated during the authentication procedure
ACO and the link key are never transmitted
Encryption key Kc is generated from the current link key
Kc is 8-bit to 128-bit, negotiable between the master and the slaveMaster suggests a key sizeSet the “minimum acceptable” key size parameter to prevent a malicious user from driving the key size down to the minimum of 8 bits
The keystream is different for different packet since slot number is different
Three Encryption Modes for Confidentiality
Encryption Mode 1: -- No encryption is performed on any trafficEncryption Mode 2: -- Broadcast traffic goes unprotected while unicast traffic is protected by the unique keyEncryption Mode 3: -- All traffic is encrypted
Trust Levels, Service Levels
Two trust levels: trusted and untrustedTrusted devices have full access rightUntrusted devices have restricted service access
Bluetooth Security Architecture Summary
Step 1: User input (initialization or pairing)Two devices need a common pin (1-16 bytes)
Step 2: Authentication key (128-bit link key) generationPossibly permanent, generated based on the PIN, device address, random numbers, etc.
Step 3: Encryption key (128 bits, store temporarily)Step 4: key stream generation for xor-ing the payload
Security Summary
The security of the whole system relies on the PIN, which may be too short
Users intend to use 4-digit short PINs, or even a null PINUtilized new cryptographic primitives, which have not gone through enough security analysis.
The E0 algorithm is designed specifically for BluetoothE0 has gone many security analysis. When used in Bluetooth mode, the security of E0 is decreased from 128-bit to 84-bit; when used outside of a Bluetooth system, its effective security is only 39-bit
Short range was a countermeasure to force the attackers to be in close proximity; now range extenders can be easily builtAttackers grow since information is more attractive
People use Bluetooth not only for personal information, but also for corporate information
Hacker Tools
Bluesnarfing: Adam Laurie, Serious flaws in Bluetooth security lead to disclosure of personal datahttp://www.thebunker.net/security/bluetooth.htm
Bluejackinghttp://www.bluejackq.com/
Redfanghttp://www.securiteam.com/tools/5JP0I1FAAE.html
Key Problems Summary
Key Problems Summary
IN-Class Project
Given all cryptographic primitives (E0, E1, E21, E22) used in Bluetooth Pairing/Bonding and authentication process, can you design a procedure to crack the Bluetooth PIN? – Focus on short PIN now.
Hint: assume you have recorded all messages exchanged during the initialization procedure
You have 30 minutes for this project – no implementation, just figure out HOW!
Most important security weaknesses
Problems with E0PIN Problems with E1Location privacyDenial of service attacks
Problems with E0
Many publications on this already!Output (KC) = combination of 4 LFSRs (Linear Feedback Shift Register)Key (KC) = 128 bitsBest attack: guess some registers
-> 266 (memory and complexity)
PIN
Some devices use a fixed PIN (default=0000) Security keys = security PIN !!!!Possible to check guesses of PIN (SRES) -> brute force attackWeak PINs (1234, 5555, …)
Problems with E1
E1 = SAFER+Some security weaknesses (although not applicable to Bluetooth)slow
Location privacy
Devices can be in discoverable modeEvery device has fixed hardware addressAddresses are sent in clear
-> possible to track devices (and users)
Denial of service attacks
Radio jamming attacksBuffer overflow attacksBlocking of other devicesBattery exhaustion (e.g., sleep deprivation torture attack)
Other weaknesses
No integrity checksNo prevention of replay attacksMan in the middle attacksSometimes: default = no security…
Recommendations
Never use unit keys!!!!Use long and sufficiently random PINsAlways make sure security is turned on…
Interesting solutions
Replace E0 and E1 with AESUse MACs to protect integrityPseudonymsIdentity based cryptographyElliptic curvesUse MANA protocols instead of PINUse network layer security services (IPSEC) to provide end-to-end security
Conclusion
Bluetooth has quite a lot of security weaknesses!Need for secure lightweight protocolsMore research needed!!
And More....
Zigbee, 802.15.4, and Bluethooth
What is ZigBee?
Technological Standard Created for Control and Sensor Networks Based on the IEEE 802.15.4 Standard Created by the ZigBee Alliance
The ZigBee Name
Named for erratic, zig-zagging patterns of bees between flowersSymbolizes communication between nodes in a mesh networkNetwork components analogous to queen bee, drones, worker bees
“the software” Network, Security & Application layersBrand management
IEEE 802.15.4“the hardware” Physical & Media Access Control layers
IEEE 802.15.4 & ZigBee In Context
PHY868MHz / 915MHz / 2.4GHz
MAC
NetworkStar / Mesh / Cluster-Tree
Security32- / 64- / 128-bit encryption
ApplicationAPI
ZigBeeAlliance
IEEE 802.15.4
Customer
Silicon Stack App
Source: http://www.zigbee.org/resources/documents/IWAS_presentation_Mar04_Designing_with_802154_and_zigbee.ppt
The 802 Wireless Space
Source: http://www.zigbee.org/en/resources/
ZigBee and Other Wireless Technologies
Source: http://www.zigbee.org/en/about/faq.asp
ZigBee Aims Low
Low data rateLow power consumptionSmall packet devices
ZigBee Frequencies
Operates in Unlicensed BandsISM 2.4 GHz Global Band at 250kbps868 MHz European Band at 20kbps915 MHz North American Band at 40kbps
What Does ZigBee Do?
Designed for wireless controls and sensorsOperates in Personal Area Networks (PAN’s) and device-to-device networksConnectivity between small packet devicesControl of lights, switches, thermostats, appliances, etc.
Lights and Switches
Source: ZigBee Specification Document
How ZigBee Works
TopologyStarCluster TreeMesh
Network coordinator, routers, end devices
How ZigBee Works
States of operationActiveSleep
DevicesFull Function Devices (FFD’s)Reduced Function Devices (RFD’s)
Modes of operationBeaconNon-beacon
Slide Courtesy of
ZigBee Mesh Networking
Source: http://www.zigbee.org/en/resources/#SlidePresentations
Slide Courtesy of
ZigBee Mesh Networking
Source: http://www.zigbee.org/en/resources/#SlidePresentations
Slide Courtesy of
ZigBee Mesh Networking
Source: http://www.zigbee.org/en/resources/#SlidePresentations
Slide Courtesy of
ZigBee Mesh Networking
Source: http://www.zigbee.org/en/resources/#SlidePresentations
Slide Courtesy of
ZigBee Mesh Networking
Source: http://www.zigbee.org/en/resources/#SlidePresentations
Research in ZigBee
Introduction
Research
Research Papers
Introduction
The IEEE 802.15.4 standard was completed in May 2003. The ZigBee specifications were ratified on 14 December 2004.The ZigBee Alliance announced public availability of Specification 1.0 on 13 June 2005. Much research is still going on with ZigBee.
Academic Research
Research in ZigBee is being conducted in different fields:
Wireless and sensor networksWireless communicationsNeuroengineering
Research Papers
Time Synchronization for ZigBee NetworksZigBee: “Wireless Control That Simply Works”Journal of Neuroengineering and RehabilitationDevelopment of Ubiquitous Sensor NetworkWireless Technologies for Data Acquisition Systems
ZigBee and the Market
The next big thingExpected to hit the market full force in 2006Companies have already invested millions
ZigBee Products
Development KitsSensorsTransceiversModules
ZigBee Product Companies
HelicommMaxStreamLuxoft LabsCrossbow TechnologyInnovative Wireless Technologies
Current ZigBee Uses
Environmental MonitoringAgricultural MonitoringHome Automation Still on Horizon
Product Applications
Road map products-trackingConsumer electronicsPCPersonal and healthcareCommercial and residential control
ZigBee’s Future
Source: http://www.zigbee.org/imwp/idms/popups/pop_download.asp?ContentID=7092
Question
Zigbee vs. Bluetooth: competition or complimentary?
