Professional Documents
Culture Documents
Ijcta 2014050541
Ijcta 2014050541
net/publication/268018259
CITATIONS READS
16 32,228
2 authors, including:
Gypsy Nandi
Assam Don Bosco University
24 PUBLICATIONS 153 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
A Study on Knowledge-Based Online Sonial Network Analysis and Mining View project
All content following this page was uploaded by Gypsy Nandi on 09 November 2014.
Abstract— Bluetooth is primarily used for establishing Bluetooth devices are low-power and have a range of
wireless Personal Area Networks (PANs) communication. It 10m distance from the device. Today Bluetooth
is a popular and commonly used technology for sending technology is the implementation of the protocol defined
data from one device to another device. It allows the user to by the IEEE 802.15 standard. The standard defines a
form ad hoc networks to transfer data among wide variety
of devices. The current data transfer rate for a Bluetooth is
wireless PAN (Personal Area Network) operable in an
1 mbps. However, as Bluetooth technology is becoming area of the size of a room or a hall. It is a protocol of
widespread, vulnerabilities in its security are increasing choice to connect two or more devices that are not in
which can be very dangerous to the users’ personal direct line of sight to each other. A security association
information. Preventing such unauthorized access from between two devices can be connected manually by
secure communication plays a vital role to the pairing pairing i.e. the user entered common PIN (Personal
devices. This paper presents the malicious intervention Identification Number) number to each of the devices.
about the attacks on the devices while connecting with other When two devices attempt to connect, unique key is
devices during the exchange of data using Bluetooth generated based on the PIN number entered on both the
technology. It also discusses various security measures that
devices.
can be involved during data exchange using Bluetooth
technology. Attacks like Bluesnarf retrieve personal data from
the devices with flawed implementation of access
Keywords: Bluetooth Security, pairing, malicious attackers, control. Whenever a device tries to attempt to connect to
network security and Man-in-the-middle attack (MIM) another device, a Bluetooth user has the ability to choose
if he/she wants to connect or not. However, Bluetooth
devices are prone to attacks such as battery exhaustion,
I. INTRODUCTION man in the middle, denial of service, and unauthorized
Bluetooth was designed as a cable replacement device control and data access [3]. Experts have warned
technology. It is a short range radio link designed to that unless higher security protection is delivered, all
connect portable and/or fixed electronic devices. The transmission of sensitive data over Bluetooth would be
effective range, to date, is thirty feet or ten meters. It is a unwise.
combination of software and hardware technology. The
hardware is riding on a radio chip. On the other hand, the
main control and security protocols have been II. PROTOCOL STACKS OF BLUETOOTH
implemented in the software. By using both hardware and A protocol stack is a combination of software/hardware
software Bluetooth has become a smart technology for implementation of the actual protocols specified in the
efficient and flexible wireless communication system. standard. It also defines how the devices should
The Bluetooth SIG (Special Interest Group) has
communicate with each other based on the standard. The
developed to reduce the cost of implementation and
speed up its adoption for various applications. The Bluetooth protocol stack is shown in Figure 1. Each
Bluetooth specifications provide for three basic security component of the Bluetooth stack is explained below.
services: - • Bluetooth Radio: specifics details of the air
• Authentication: verifying the identity of interface, including frequency, frequency hopping,
communicating devices based on their Bluetooth modulation scheme, and transmission power.
device address. Bluetooth does not provide native • Baseband: concerned with connection establishment
user authentication. within a piconet, addressing, packet format, timing
• Confidentiality: protecting information from and power control.
eavesdropping by ensuring that only authorized • Link manager protocol (LMP): establishes the link
devices can access and view transmitted data. setup between Bluetooth devices and manages
• Authorization: allowing the control of resources by ongoing links, including security aspects (e.g.
ensuring that a device is authorized to use a service authentication and encryption), and control and
before permitting it to do so. negotiation of baseband packet size.
and device users. All Bluetooth devices can support VII. RISK MITIGATION AND COUNTER MEASURE
Security mode 2. Risk mitigation can be achieved in Bluetooth
systems by applying countermeasures to address specific
• Security Mode 3 threats and vulnerabilities. Organizations should applying
A Bluetooth device initiates security procedures countermeasures to address specific threats and
before the physical link is fully established. vulnerabilities to Bluetooth network. First solution is to
Bluetooth devices operating in Security Mode 3 provide an adequate level of knowledge and
mandates authentication and encryption for all understanding for those who will deal with Bluetooth-
connections to and from the device. This mode enabled devices. Organizations using Bluetooth
supports authentication (unidirectional or mutual) technology should design and document security policies
and encryption [7]. To generate this key, a pairing that address the use of Bluetooth-enabled devices and
procedure is used when the two devices communicate users‟ responsibilities. Organizations should also include
for the first time. The link key is generated during an awareness-based education to support staff to enhance
initialization phase, while two Bluetooth devices that their understanding and knowledge of Bluetooth.
are communicating are “associated”. Per the Bluetooth security checklist with guidelines and
Bluetooth specification, two associated devices recommendations for creating and maintaining secure
simultaneously derive link keys during the Bluetooth piconets:-
initialization phase when a user enters an identical • Need to develop an organizational wireless security
PIN into both devices. The PIN entry, device policy that addresses Bluetooth technology.
association, and key derivation are depicted • Need to ensure that Bluetooth users on the network
conceptually in Figure 4. After initialization is are made aware of their security-related
complete, devices automatically and transparently responsibilities regarding Bluetooth use.
authenticate and perform encryption of the link. It is • Comprehensive security assessments at regular
possible to create a link key using higher layer key intervals to fully understand the organization
exchange methods and then import the link key into Bluetooth security posture.
the Bluetooth modules. The PIN code used in • Need to ensure that wireless devices and networks
Bluetooth devices can vary between 1 and 16 bytes. involving Bluetooth technology are fully understood
The typical 4-digit PIN may be sufficient for some from an architecture perspective and documented
applications; however, longer codes may be accordingly.
necessary [7]. • Users should be provided with a list of precautionary
measures they should take to better protect handheld
Bluetooth devices from theft.
• Change the default setting of the Bluetooth device to
reflect the organization‟s security policy.
• Bluetooth devices should be set to the lowest
necessary and sufficient power level so that
transmissions remain within the secure perimeter of
the organization.
• Choose PIN codes that are sufficiently random and
long. Avoid static PINs, such as all zeroes.
• If Bluetooth devices is lost or stolen, users should
immediately unpaired the missing device from all
other Bluetooth devices with which it was previously
paired.
Figure 4: Bluetooth Generation Key from PIN [7] • Need to install antivirus software on Bluetooth-
enabled hosts that are frequently targeted by
malware.
• Security Mode 4
• Need to fully test and deploy Bluetooth software
This mode is similar to Security mode 2. Security
patches and upgrades regularly.
mode 4 is a service level enforced security mode in
• Users should not accept transmissions of any kind
which security procedures are initiated after link
from unknown or suspicious devices. These types of
setup. Secure Simple Pairing uses Elliptic Curve
transmission include message, files, and images.
Diffie Hellman (ECDH) techniques for key exchange
and link key generation. Security requirements for
services protected by Security Mode 4 must be
VIII. PREVENTIVE MEASURE FOR BLUETOOTH
classified as one of the following: authenticated link
key required, unauthenticated link key required, or USAGE
no security required. Bluetooth Technology has many security vulnerabilities
in its various configurations. Let us talk about how we
can secure ourselves in spite of these vulnerabilities in
Bluetooth:-