Xiuzhen Cheng cheng@gwu.edu

1
Xiuzhen Cheng
cheng_at_gwu.edu
Csci388 Wireless and Mobile Security
Bluetooth and Security
2
Introduction

• Named after Harold Bluetooth, King of Denmark
  (0952-0995 A.D.)
• Bluetooth Consortium was founded in Spring 1998
• By Ericsson, Intel, IBM, Nokia, Toshiba Now more
  than 2000 organizations joint the SIG
• Goal developing a single-chip, low-cost,
  radio-based wireless network technology
• Bluetooth is an open standard for short-range
  digital radio to interconnect a variety of
  devices
• Cell phones, PDA, notebook computers, modems,
  cordless phones, pagers, laptop computers,
  printers, cameras, etc.

3
IEEE 802.15

• In 1999, IEEE established a working group for
  wireless personal area networks (WPAN)
• Contains multiple subgroups
• IEEE 802.15.1
• Standardizes the lower layers of the Bluetooth
  (together with the Bluetooth consortium)
• Bluetooth also specifies higher layers
• IEEE 802.15.2
• Focuses on the coexistence of WPAN and WLAN
• Proposes the adaptive frequency hopping (used
  since version 1.2) that requires a WPAN device
  check for the occupied channels and exclude them
  from their hopping list
• IEEE 802.15.3
• For high-rate at low-power low cost
• IEEE 802.15.4
• Low-rate low-power consumption WPAN enabling
  multi-year battery life
• Zigbee consortium tries to standardize the higher
  layers of 802.15.4

4
Bluetooth is a PAN Technology

• Offers fast and reliable transmission for both
  voice and data
• Can support either one asynchronous data channel
  with up to three simultaneous synchronous speech
  channels or one channel that transfers
  asynchronous data and synchronous speech
  simultaneously
• Support both packet-switching and
  circuit-switching

5
Personal Area Network (PAN)
6
Bluetooth is a standard that will

• Eliminate wires and cables between both
  stationary and mobile devices
• Facilitate both data and voice communications
• Offer the possibility of ad hoc networks and
  deliver synchronicity between personal devices

7
Characteristics of Bluetooth Technology
79 frequencies, each channel is used for 625
microseconds
2M is expected for Bluetooth 2
8
Bluetooth Topology

• Bluetooth-enabled devices can automatically
  locate each other
• Topology is established on a temporary and random
  basis
• Up to eight Bluetooth devices may be networked
  together in a master-slave relationship to form a
  piconet
• One is master, which controls and setup the
  network
• All devices operate on the same channel and
  follow the same frequency hopping sequence
• Two or more piconet interconnected to form a
  scatternet
• Only one master for each piconet
• A device cant be masters for two piconets
• The slave of one piconet can be the master of
  another piconet

9
A Typical Bluetooth Network
10
Piconet

• Master sends its globally unique 48-bit id and
  clock
• Hopping pattern is determined by the 48-bit
  device ID
• Phase is determined by the masters clock
• Why at most 7 slaves?
• Active member address is 3-bit
• Parked and standby nodes
• Parked devices can not actively participate in
  the piconet but are known to the network and can
  be reactivated within some milliseconds
• 8-bit for parked nodes
• No id for standby nodes
• Standby nodes do not participate in the piconet

11
ScatterNet

• FH-CDMA to separate piconets within a scatternet
• More piconets within a scatternet degrades
  performance
• Possible collision because hopping patterns are
  not coordinated
• A device participating in more than one piconet
• At any instant of time, a device can participate
  only in one piconet
• If the device participates as a slave, it just
  synchronize with the masters hop sequence
• The master for a piconet can join another piconet
  as a slave in this case, all communication
  within in the former piconet will be suspended
• When leaving a piconet, a slave notifies the
  master about its absence for certain amount of
  time
• Communication between different piconets takes
  place by devices jumping back and forth between
  these nets

12
Frequency Selection

• FH is used for interference mitigation and media
  access TDD is used for separation of the
  transmission directions
• In 3-slot or 5-slot packets, why frequency does
  not change? Why some frequencies are skipped?

fk
fk1
fk2
fk3
fk4
fk5
fk6
M
S
M
S
M
S
M
fk
fk3
fk4
fk5
fk6
M (3-slot packet)
S
M
S
M
fk
fk1
fk6
M
S (5-slot packet)
M
13
Physical Links

• Synchronous connection-oriented link (SCO)
• Reserve two consecutive slots at fixed intervals
• Asynchronous connectionless Link (ACL)
• Polling scheme master polls each slave
• Error recovery
• ACK a packet in the slot following the packet
• Negative ACK or timeout signals a retransmission

14
Power Management
15
Benefits

• Cable Replacement
• Replace the cables for peripheral devices, USB
  1.1 and 2.0, printers, etc
• Ease of file sharing
• Panel discussion, conference, etc.
• Wireless synchronization
• Synchronize personal information contained in the
  address books and date books between different
  devices such as PDAs, cell phones, etc.
• Bridging of networks
• Cell phone connects to the network through
  dial-up connection while connecting to a laptop
  with Bluetooth.

16
Security of Bluetooth

• Security in Bluetooth is provided on the radio
  paths only
• Link authentication and encryption may be
  provided
• True end-to-end security relies on higher layer
  security solutions on top of Bluetooth
• Bluetooth provides three security services
• Authentication identity verification of
  communicating devices
• Confidentiality against information compromise
• Authorization access right of
  resources/services
• Fast FH together with link radio link power
  control provide protection from eavesdropping and
  malicious access
• Fast FH makes it harder to lock the frequency
• Power control forces the adversary to be in
  relatively close proximity

17
Security Modes
A security manager controls access to services
and to devices
Needs a secret key
Exchange Business Cards
Security mode 2 does not provide any security
until a channel has been established
18
Security Mode 3
19
Key Generation from PIN
PIN 1-16 bytes. PINs are fixed and may be
permanently stored. Many users use
the four digit 0000
Bluetooth Key Generation From PIN
20
Bluetooth Initialization Procedure (Pairing)

• Creation of an initialization key
• Creation of a link key
• Authentication

21
Creation of an Initialization Key
PIN and its length
22
Creation of the Link Key
23
Authentication

• Challenge-Response Based
• Claimant intends to prove its identity, to be
  verified
• Verifier validating the identity of another
  device
• Use challenge-response to verify whether the
  claimant knows the secret (link key) or not
• If fail, the claimant must wait for an interval
  to try a new attempt. The waiting time is
  increased exponentially to defend the
  try-and-error authentication attack
• Mutual authentication is supported
• The E1 authentication algorithm is based on
  SAFER

48-bit device address
Challenge (128-bit)
Response (32-bit)
24
Confidentiality
Authenticated Cipher Offset
25
Confidentiality

• ACO (Authenticated Cipher Offset) is 96-bit,
  generated during the authentication procedure
• ACO and the link key are never transmitted
• Encryption key Kc is generated from the current
  link key
• Kc is 8-bit to 128-bit, negotiable between the
  master and the slave
• Master suggests a key size
• Set the minimum acceptable key size parameter
  to prevent a malicious user from driving the key
  size down to the minimum of 8 bits
• The keystream is different for different packet
  since slot number is different

26
Three Encryption Modes for Confidentiality

• Encryption Mode 1 -- No encryption is performed
  on any traffic
• Encryption Mode 2 -- Broadcast traffic goes
  unprotected while unicast traffic is protected by
  the unique key
• Encryption Mode 3 -- All traffic is encrypted

27
Trust Levels, Service Levels

• Two trust levels trusted and untrusted
• Trusted devices have full access right
• Untrusted devices have restricted service access

28
Bluetooth Security Architecture Summary

• Step 1 User input (initialization or pairing)
• Two devices need a common pin (1-16 bytes)
• Step 2 Authentication key (128-bit link key)
  generation
• Possibly permanent, generated based on the PIN,
  device address, random numbers, etc.
• Step 3 Encryption key (128 bits, store
  temporarily)
• Step 4 key stream generation for xor-ing the
  payload

29
Security Summary

• The security of the whole system relies on the
  PIN, which may be too short
• Users intend to use 4-digit short PINs, or even a
  null PIN
• Utilized new cryptographic primitives, which have
  not gone through enough security analysis.
• The E0 algorithm is designed specifically for
  Bluetooth
• E0 has gone many security analysis. When used in
  Bluetooth mode, the security of E0 is decreased
  from 128-bit to 84-bit when used outside of a
  Bluetooth system, its effective security is only
  39-bit
• Short range was a countermeasure to force the
  attackers to be in close proximity now range
  extenders can be easily built
• Attackers grow since information is more
  attractive
• People use Bluetooth not only for personal
  information, but also for corporate information

30
Hacker Tools

• Bluesnarfing
• Adam Laurie, Serious flaws in Bluetooth security
  lead to disclosure of personal data
• http//www.thebunker.net/security/bluetooth.htm
• Bluejacking
• http//www.bluejackq.com/
• Redfang
• http//www.securiteam.com/tools/5JP0I1FAAE.html

31
Key Problems Summary
32
Key Problems Summary
33
IN-Class Project

• Given all cryptographic primitives (E0, E1, E21,
  E22) used in Bluetooth Pairing/Bonding and
  authentication process, can you design a
  procedure to crack the Bluetooth PIN? Focus on
  short PIN now.
• Hint assume you have recorded all messages
  exchanged during the initialization procedure
• You have 30 minutes for this project no
  implementation, just figure out HOW!

34
Most important security weaknesses

• Problems with E0
• PIN
• Problems with E1
• Location privacy
• Denial of service attacks

35
Problems with E0

• Many publications on this already!
• Output (KC) combination of 4 LFSRs (Linear
  Feedback Shift Register)
• Key (KC) 128 bits
• Best attack guess some registers
• -gt 266 (memory and complexity)

36
PIN

• Some devices use a fixed PIN (default0000)
• Security keys security PIN !!!!
• Possible to check guesses of PIN (SRES) -gt brute
  force attack
• Weak PINs (1234, 5555, )

37
Problems with E1

• E1 SAFER
• Some security weaknesses (although not applicable
  to Bluetooth)
• slow

38
Location privacy

• Devices can be in discoverable mode
• Every device has fixed hardware address
• Addresses are sent in clear
• -gt possible to track devices (and users)

39
Denial of service attacks

• Radio jamming attacks
• Buffer overflow attacks
• Blocking of other devices
• Battery exhaustion (e.g., sleep deprivation
  torture attack)

40
Other weaknesses

• No integrity checks
• No prevention of replay attacks
• Man in the middle attacks
• Sometimes default no security

41
Recommendations

• Never use unit keys!!!!
• Use long and sufficiently random PINs
• Always make sure security is turned on

42
Interesting solutions

• Replace E0 and E1 with AES
• Use MACs to protect integrity
• Pseudonyms
• Identity based cryptography
• Elliptic curves
• Use MANA protocols instead of PIN
• Use network layer security services (IPSEC) to
  provide end-to-end security

43
Conclusion

• Bluetooth has quite a lot of security weaknesses!
• Need for secure lightweight protocols
• More research needed!!

44
And More....

• Zigbee, 802.15.4, and Bluethooth

45
What is ZigBee?

• Technological Standard Created for Control and
  Sensor Networks
• Based on the IEEE 802.15.4 Standard
• Created by the ZigBee Alliance

46
The ZigBee Name

• Named for erratic, zig-zagging patterns of bees
  between flowers
• Symbolizes communication between nodes in a mesh
  network
• Network components analogous to queen bee,
  drones, worker bees

47
IEEE 802.15.4 ZigBee In Context
Application
Customer

• the software
• Network, Security Application layers
• Brand management
• IEEE 802.15.4
• the hardware
• Physical Media Access Control layers

API
Security 32- / 64- / 128-bit encryption
ZigBee Alliance
Network Star / Mesh / Cluster-Tree
MAC
IEEE 802.15.4
PHY 868MHz / 915MHz / 2.4GHz
Stack
Silicon
App
Source http//www.zigbee.org/resources/documents/
IWAS_presentation_Mar04_Designing_with_802154_and_
zigbee.ppt
48
The 802 Wireless Space
Source http//www.zigbee.org/en/resources/
49
ZigBee and Other Wireless Technologies
Source http//www.zigbee.org/en/about/faq.asp
50
ZigBee Aims Low

• Low data rate
• Low power consumption
• Small packet devices

51
ZigBee Frequencies

• Operates in Unlicensed Bands
• ISM 2.4 GHz Global Band at 250kbps
• 868 MHz European Band at 20kbps
• 915 MHz North American Band at 40kbps

52
What Does ZigBee Do?

• Designed for wireless controls and sensors
• Operates in Personal Area Networks (PANs) and
  device-to-device networks
• Connectivity between small packet devices
• Control of lights, switches, thermostats,
  appliances, etc.

53
Lights and Switches
Source ZigBee Specification Document
54
How ZigBee Works

• Topology
• Star
• Cluster Tree
• Mesh
• Network coordinator, routers, end devices

55
How ZigBee Works

• States of operation
• Active
• Sleep
• Devices
• Full Function Devices (FFDs)
• Reduced Function Devices (RFDs)
• Modes of operation
• Beacon
• Non-beacon

56
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
57
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
58
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
59
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
60
ZigBee Mesh Networking
Slide Courtesy of
Source http//www.zigbee.org/en/resources/SlideP
resentations
61
Research in ZigBee

• Introduction
• Research
• Research Papers

62
Introduction

• The IEEE 802.15.4 standard was completed in May
  2003.
• The ZigBee specifications were ratified on 14
  December 2004.
• The ZigBee Alliance announced public availability
  of Specification 1.0 on 13 June 2005.
• Much research is still going on with ZigBee.

63
Academic Research

• Research in ZigBee is being conducted in
  different fields
• Wireless and sensor networks
• Wireless communications
• Neuroengineering

64
Research Papers

• Time Synchronization for ZigBee Networks
• ZigBee Wireless Control That Simply Works
• Journal of Neuroengineering and Rehabilitation
• Development of Ubiquitous Sensor Network
• Wireless Technologies for Data Acquisition
  Systems

65
ZigBee and the Market

• The next big thing
• Expected to hit the market full force in 2006
• Companies have already invested millions

66
ZigBee Products

• Development Kits
• Sensors
• Transceivers
• Modules

67
ZigBee Product Companies

• Helicomm
• MaxStream
• Luxoft Labs
• Crossbow Technology
• Innovative Wireless Technologies

68
Current ZigBee Uses

• Environmental Monitoring
• Agricultural Monitoring
• Home Automation Still on Horizon

69
Product Applications

• Road map products-tracking
• Consumer electronics
• PC
• Personal and healthcare
• Commercial and residential control

70
ZigBees Future
Source http//www.zigbee.org/imwp/idms/popups/pop
_download.asp?ContentID7092
71
Question

• Zigbee vs. Bluetooth competition or
  complimentary?