2.4 GHz Open band
Globally available
Other devices include microwave ovens, cordless phones
Frequency hopping and Time Division Multiplexing
10 – 100 meter range
Up to 8 active devices can be in the same piconet
2. Sources for talk
• Palm Source Presentation by Peter Easton
205 Bluetooth and Palm OS®
http://www.palmsource.com/slides/Track%20200/205.pdf
• Palm’s Bluetooth Wireless Technology Page
http://www.palmos.com/dev/tech/bluetooth/
• Palm’s Bluetooth Whitepaper
http://www.palmos.com/dev/tech/bluetooth/palm_b
• AnywhereYouGo.com
http://www.anywhereyougo.com/
3. ABSTRACT
• Bluetooth is a way of connecting machines to each other without
cables or any other physical medium.
• It uses radio waves to transfer information, so it is very
susceptible to attacks.
• This paper first gives some background information about
Bluetooth system and security issues in ad hoc networks, then it
concentrates on specific security measures in Bluetooth, mainly
authentication, encryption, key management and ad hoc aspects.
• Then it points out flaws and possible security holes in the
Bluetooth Security Specification
4. Origin of the name and the logo
• Bluetooth was named after a late tenth century king, Harald Bluetooth,
King of Denmark and Norway. He is known for his unification of
previously warring tribes from Denmark (including now Swedish
Scania, where the Bluetooth technology was invented), and Norway.
Bluetooth likewise was intended to unify different technologies, such
as personal computers and mobile phones.The name may have been
inspired less by the historical Harald than the loose interpretation of
him in The Long Ships by Frans Gunnar Bengtsson, a Swedish Viking-
inspired novel.
• The Bluetooth logo merges the Germanic runes analogous to the
modern Latin letter H and B: (for Harald Bluetooth)
(Hagall)
and
(Berkanan)
• merged together, forming a bind rune.
5. What is Bluetooth?
• Open wireless communication standard
– www.bluetooth.com
• Focused on mobile wireless links
– Small, low cost, low power consumption
• Allows small ad hoc wireless networks
– Piconet
• 1 master and up to 7 active slaves
– Scatternet
• Communication between Piconets
6. What is Bluetooth?
• 2.4 GHz Open band
– Globally available
– Other devices include microwave ovens, cordless
phones
– Frequency hopping and Time Division Multiplexing
• 10 – 100 meter range
– Up to 8 active devices can be in the same piconet
7. Related Standards
• IrDA: Infrared Data Association
– Infrared “beaming”
– Short distances (~1 meters)
– Point-to-point, line-of-sight communication
• 802.11B and Home RF
– Higher bandwidth
– Don’t support voice
– More expensive
– Require more power
8. Bluetooth versionsBluetooth versions
Bluetooth 1.0 and 1.0B
Versions 1.0 and 1.0B had many problems
Manufacturers had difficulty making their products interoperable.
Bluetooth 1.1
Many errors found in the 1.0B specifications were fixed.
Added support for non-encrypted channels.
Received Signal Strength Indicator (RSSI).
Bluetooth 1.2
Faster Connection and Discovery
Use the Adaptive frequency-hopping spread spectrum (AFH)
improves resistance to radio frequency interference
Higher transmission speeds in practice, up to 721 kbps
Bluetooth 2.0
This version, specified November 2004
The main enhancement is the introduction of an enhanced data rate (EDR) of 3.0 Mbps.
Lower power consumption through a reduced duty cycle.
Simplification of multi-link scenarios due to more available bandwidth.
Bluetooth 2.1
A draft version of the Bluetooth Core Specification Version 2.1 + EDR is now available
9. Bluetooth System Components
• Link Manager:
- Link Layer messages for setup and link control
Base band :
- base band protocols and low level link routines
• Radio unit :
– actual radio transceiver which enables the
wireless link between Bluetooth devices
12. Bluetooth Security
1. non-secure
– device does not initiate any kind of security procedure
2. service-level security
– more flexibility in application access policies is allowed
3. link level security
– device sets up security procedures before the link set-
up is completed.
– Link level security provides applications with
knowledge of "who" is at the other end of the link and
provide authentication, authorization, and encryption
services
13. Typical Bluetooth Operation
• Discover single or multiple devices
• Create an link to the device
• Create a socket
– SDP: Service Discovery Protocol
– Used by Virtual Serial Driver
– Data Connection
• Pass Data
• Close Socket, close link
19. Problems in the Security of
Bluetooth
• Radio jamming attacks
• Buffer overflow attacks
• Blocking of other devices
• Battery exhaustion
• Man in the middle attacks
• Sometimes: default = no security
• possible to track devices (and users)
20. Recommendations
• Never use unit keys!!!!
• Use long and sufficiently random PINs
• Always make sure security is turned ‘on’
21. Bluetooth™ Wireless
Technology Application Areas
• Pure computing
applications
– Presentations
– Card Scanning
– Synchronizing Data
– Remote Synchronization
– Printing
– Scanners
• Ubiquous Applications
– Communicator platforms
– Electronic Books
– Travel
– Home Entertainment
• System Applications
– In-vehicle systems
– Payment Systems
– Behavior Enforcement
– Collaboration
– Mobile E-commerce
22.
23. 802.15 Wireless Personal Area802.15 Wireless Personal Area
Network(WPAN) Working GroupNetwork(WPAN) Working Group
Working Groups summary
802.15
802.15.1 802.15.2
802.15.4b802.15.3a 802.15.3b
802.15.4802.15.3
802.15.1 : WPAN/Bluetooth
802.15.2 : Coexistence Group
802.15.3 : High Rate(HR) WPAN Group
802.15.3a : UWB
802.15.3b : MAC Amendment Task Group
802.15.4 : Low Rate(LW) WPAN Group(Zigbee)
802.15.4a : WPAN Low Rate Alternative PHY
802.15.4b : Revisions and Enhancements
UWB Forum
802.15.4a
24. Ultra Wide Band (UWB)Ultra Wide Band (UWB)
What is the UWB?
Transmitting information spread over a large bandwidth (>500 MHz)
Provide an efficient use of scarce radio bandwidth
High data rate in WPAN connectivity and longer-range
A February 14, 2002
Report and Order by the FCC authorizes the unlicensed use of UWB
November of 2005.
ITU-R have resulted in a Report and Recommendation on UWB
Expected to act on national regulations for UWB very soon.
The advantage of the UWB
Take advantage of inverse relationship between distance and throughput
Huge bandwidth : very high throughput
Low power consumption
Convenience and flexibility
No interference
25. Ultra Wide Band(UWB)(2/2)Ultra Wide Band(UWB)(2/2)
Wireless
technology
Power mW Rage meter BW/channel Rate bps
CDMA
1xEVDO
600 ~2000 1.25 MHz 2.4M
802.16(WiMAX
)
250 ~4000 25MHz 120M
802.11g(WiFi) 50 ~100 25MHz 54M
Bluetooth 1 ~10 1MHz <1M
UWB <30 10~30 500MHz 100M~1G
Current wireless Comparison
Key application
Wireless USB
Toys and game
Consumer electronics
Location tracking
Handset
26. 802.16 Broadband Wireless Access(BWA)802.16 Broadband Wireless Access(BWA)
Working Group(1/2)Working Group(1/2)
IEEE 802.16
Be was established by IEEE Standards Board in 1999, aims to
prepare formal specifications for the global deployment of
broadband Wireless Metropolitan Area Network.
A unit of the IEEE 802 LAN/MAN Standards Committee.
A related technology Mobile Broadband Wireless Access(MBWA)
Fixed
(Stationary)
Pedestrian
(Nomadic)
Mobile
(Vehicular)
2G/2.5G
Cellular
0.1 1.0 10 100
Peak Data Rate per User (Mbits/second)
Mobility
802.16e
802.16a
(WiMAX)
WWAN
(IMT-2000)
cdma2000®
1xEV-DO,
cdma2000®
1xEV-DV
3.1
WCDMA HSDPA
802.15.1
(Bluetooth)
802.11
(WLAN)
802.15.3a
(UWB)
27. 802.16 Broadband Wireless Access(BWA)802.16 Broadband Wireless Access(BWA)
Working Group(2/2)Working Group(2/2)
Working Groups summary
802.16
802.15.g 802.15.h 802.15.k802.15.j802.16.f 802.15.m802.15.i
802.16f : Management Information Base
802.16g : Management Plane Procedures and Services
802.16h : Improved Coexistence Mechanisms for License-Exempt Operation
802.16i : Mobile Management Information Base
802.16j : Multihop Relay Specification
802.16k : Bridging of 802.16
802.16m : Advanced Air Interface. Data rates of 100 Mbps for mobile
applications and 1 Gbps for fixed applications.
28. “Last Mile” Access Alternatives
Blue-
tooth
Blue-
tooth
Broadband Capable Terrestrial Wireless NetworksBroadband Capable Terrestrial Wireless Networks
UWB
802.1
5
UWB
802.1
5
Personal
Area
Networks
(PANs)
Range50 feet 500 feet 10’s miles
Metropolitan
Area
Networks
(MANs)
WLAN
802.1
1
WLAN
802.1
1
Local
Area
Networks
(LANs)
Wide
Area
Networks
(WANs)
Cellular
2.5 G,
3G
Cellular
2.5 G,
3G
Edge, CDMA2000,
1xEV-DO, UMTS
MMDS
LMDS
WMAN
(802.16d)
WMAN
(802.16e)
Mobile WiMAX
29. Final Thoughts
• A single-chip solution is the ultimate goal
– Around $5/chip
– Several players have begun developing implementations
• Success of device depends on
– The supplier’s ability to deliver implementation at a low
price point
– Application development that is easily integrated with
today’s infrastructure
– Ability of Bluetooth to meet market’s expectations
30. REFERENCES
• [1]Amoroso E., Fundamentals of Computer Security Technology, Prentice Hall,
2004.
• [2]Asokan N. & Ginzboorg P., Key Agreement in Ad-Hoc Networks, Prentice Hall,
2002
• [3]Bluetooth, The Bluetooth Specification, v.1.0B
< http://www.bluetooth.com/developer/specification/specification.asp >
• [4]Zhou L. & Haas Z., Securing Ad Hoc Networks
< http://www.ee.cornell.edu/~haas/Publications/network99.ps >
• [5]Gollmann D., Computer Security, John Wiley & Sons Inc., 2003.
• [6]Müller T., Bluetooth Security Architecture, 1999
< http://www.bluetooth.com/developer/download/download.asp?doc=174 >