2.4 GHz Open band Globally available Other devices include microwave ovens, cordless phones Frequency hopping and Time Division Multiplexing 10 – 100 meter range Up to 8 active devices can be in the same piconet

1. BY
AJAL.A.J
ASSISTANT PROFESSOR
METS SCHOOL OF ENGINEERING , MALA
BLUETOOTH SECURITY USING
KEY - GENERATING ENCRYPTION ALGOTITHM

2. Sources for talk
• Palm Source Presentation by Peter Easton
205 Bluetooth and Palm OS®
http://www.palmsource.com/slides/Track%20200/205.pdf
• Palm’s Bluetooth Wireless Technology Page
http://www.palmos.com/dev/tech/bluetooth/
• Palm’s Bluetooth Whitepaper
http://www.palmos.com/dev/tech/bluetooth/palm_b
• AnywhereYouGo.com
http://www.anywhereyougo.com/

3. ABSTRACT
• Bluetooth is a way of connecting machines to each other without
cables or any other physical medium.
• It uses radio waves to transfer information, so it is very
susceptible to attacks.
• This paper first gives some background information about
Bluetooth system and security issues in ad hoc networks, then it
concentrates on specific security measures in Bluetooth, mainly
authentication, encryption, key management and ad hoc aspects.
• Then it points out flaws and possible security holes in the
Bluetooth Security Specification

4. Origin of the name and the logo
• Bluetooth was named after a late tenth century king, Harald Bluetooth,
King of Denmark and Norway. He is known for his unification of
previously warring tribes from Denmark (including now Swedish
Scania, where the Bluetooth technology was invented), and Norway.
Bluetooth likewise was intended to unify different technologies, such
as personal computers and mobile phones.The name may have been
inspired less by the historical Harald than the loose interpretation of
him in The Long Ships by Frans Gunnar Bengtsson, a Swedish Viking-
inspired novel.
• The Bluetooth logo merges the Germanic runes analogous to the
modern Latin letter H and B: (for Harald Bluetooth)
(Hagall)
and
(Berkanan)
• merged together, forming a bind rune.

5. What is Bluetooth?
• Open wireless communication standard
– www.bluetooth.com
• Focused on mobile wireless links
– Small, low cost, low power consumption
• Allows small ad hoc wireless networks
– Piconet
• 1 master and up to 7 active slaves
– Scatternet
• Communication between Piconets

6. What is Bluetooth?
• 2.4 GHz Open band
– Globally available
– Other devices include microwave ovens, cordless
phones
– Frequency hopping and Time Division Multiplexing
• 10 – 100 meter range
– Up to 8 active devices can be in the same piconet

7. Related Standards
• IrDA: Infrared Data Association
– Infrared “beaming”
– Short distances (~1 meters)
– Point-to-point, line-of-sight communication
• 802.11B and Home RF
– Higher bandwidth
– Don’t support voice
– More expensive
– Require more power

8. Bluetooth versionsBluetooth versions
 Bluetooth 1.0 and 1.0B
 Versions 1.0 and 1.0B had many problems
 Manufacturers had difficulty making their products interoperable.
 Bluetooth 1.1
 Many errors found in the 1.0B specifications were fixed.
 Added support for non-encrypted channels.
 Received Signal Strength Indicator (RSSI).
 Bluetooth 1.2
 Faster Connection and Discovery
 Use the Adaptive frequency-hopping spread spectrum (AFH)
 improves resistance to radio frequency interference
 Higher transmission speeds in practice, up to 721 kbps
 Bluetooth 2.0
 This version, specified November 2004
 The main enhancement is the introduction of an enhanced data rate (EDR) of 3.0 Mbps.
 Lower power consumption through a reduced duty cycle.
 Simplification of multi-link scenarios due to more available bandwidth.
 Bluetooth 2.1
 A draft version of the Bluetooth Core Specification Version 2.1 + EDR is now available

9. Bluetooth System Components
• Link Manager:
- Link Layer messages for setup and link control
Base band :
- base band protocols and low level link routines
• Radio unit :
– actual radio transceiver which enables the
wireless link between Bluetooth devices

10. Overview of Bluetooth hardware

12. Bluetooth Security
1. non-secure
– device does not initiate any kind of security procedure
2. service-level security
– more flexibility in application access policies is allowed
3. link level security
– device sets up security procedures before the link set-
up is completed.
– Link level security provides applications with
knowledge of "who" is at the other end of the link and
provide authentication, authorization, and encryption
services

13. Typical Bluetooth Operation
• Discover single or multiple devices
• Create an link to the device
• Create a socket
– SDP: Service Discovery Protocol
– Used by Virtual Serial Driver
– Data Connection
• Pass Data
• Close Socket, close link

14. Key Management

15. Key generating algorithm E22 for
master and initialization keys

16. Encryption process
Encryption key generation

17. Bluetooth Encryption
E0
BD_ADDRA
clockA
KC’
Kcipher
Kcipher
Kcipher
dataA-B
dataB-A
E0
BD_ADDRA
clockA
K’C’
K’cipher
K’cipher
K’cipher
dataA-B
dataB-A
data
A B

18. Authentication

19. Problems in the Security of
Bluetooth
• Radio jamming attacks
• Buffer overflow attacks
• Blocking of other devices
• Battery exhaustion
• Man in the middle attacks
• Sometimes: default = no security
• possible to track devices (and users)

20. Recommendations
• Never use unit keys!!!!
• Use long and sufficiently random PINs
• Always make sure security is turned ‘on’

21. Bluetooth™ Wireless
Technology Application Areas
• Pure computing
applications
– Presentations
– Card Scanning
– Synchronizing Data
– Remote Synchronization
– Printing
– Scanners
• Ubiquous Applications
– Communicator platforms
– Electronic Books
– Travel
– Home Entertainment
• System Applications
– In-vehicle systems
– Payment Systems
– Behavior Enforcement
– Collaboration
– Mobile E-commerce

23. 802.15 Wireless Personal Area802.15 Wireless Personal Area
Network(WPAN) Working GroupNetwork(WPAN) Working Group
 Working Groups summary
802.15
802.15.1 802.15.2
802.15.4b802.15.3a 802.15.3b
802.15.4802.15.3
 802.15.1 : WPAN/Bluetooth
 802.15.2 : Coexistence Group
 802.15.3 : High Rate(HR) WPAN Group
 802.15.3a : UWB
 802.15.3b : MAC Amendment Task Group
 802.15.4 : Low Rate(LW) WPAN Group(Zigbee)
 802.15.4a : WPAN Low Rate Alternative PHY
 802.15.4b : Revisions and Enhancements
 UWB Forum
802.15.4a

24. Ultra Wide Band (UWB)Ultra Wide Band (UWB)
 What is the UWB?
 Transmitting information spread over a large bandwidth (>500 MHz)
 Provide an efficient use of scarce radio bandwidth
 High data rate in WPAN connectivity and longer-range
 A February 14, 2002
 Report and Order by the FCC authorizes the unlicensed use of UWB
 November of 2005.
 ITU-R have resulted in a Report and Recommendation on UWB
 Expected to act on national regulations for UWB very soon.
 The advantage of the UWB
 Take advantage of inverse relationship between distance and throughput
 Huge bandwidth : very high throughput
 Low power consumption
 Convenience and flexibility
 No interference

25. Ultra Wide Band(UWB)(2/2)Ultra Wide Band(UWB)(2/2)
Wireless
technology
Power mW Rage meter BW/channel Rate bps
CDMA
1xEVDO
600 ~2000 1.25 MHz 2.4M
802.16(WiMAX
)
250 ~4000 25MHz 120M
802.11g(WiFi) 50 ~100 25MHz 54M
Bluetooth 1 ~10 1MHz <1M
UWB <30 10~30 500MHz 100M~1G
 Current wireless Comparison
 Key application
 Wireless USB
 Toys and game
 Consumer electronics
 Location tracking
 Handset

26. 802.16 Broadband Wireless Access(BWA)802.16 Broadband Wireless Access(BWA)
Working Group(1/2)Working Group(1/2)
 IEEE 802.16
 Be was established by IEEE Standards Board in 1999, aims to
prepare formal specifications for the global deployment of
broadband Wireless Metropolitan Area Network.
 A unit of the IEEE 802 LAN/MAN Standards Committee.
 A related technology Mobile Broadband Wireless Access(MBWA)
Fixed
(Stationary)
Pedestrian
(Nomadic)
Mobile
(Vehicular)
2G/2.5G
Cellular
0.1 1.0 10 100
Peak Data Rate per User (Mbits/second)
Mobility
802.16e
802.16a
(WiMAX)
WWAN
(IMT-2000)
cdma2000®
1xEV-DO,
cdma2000®
1xEV-DV
3.1
WCDMA HSDPA
802.15.1
(Bluetooth)
802.11
(WLAN)
802.15.3a
(UWB)

27. 802.16 Broadband Wireless Access(BWA)802.16 Broadband Wireless Access(BWA)
Working Group(2/2)Working Group(2/2)
 Working Groups summary
802.16
802.15.g 802.15.h 802.15.k802.15.j802.16.f 802.15.m802.15.i
 802.16f : Management Information Base
 802.16g : Management Plane Procedures and Services
 802.16h : Improved Coexistence Mechanisms for License-Exempt Operation
 802.16i : Mobile Management Information Base
 802.16j : Multihop Relay Specification
 802.16k : Bridging of 802.16
 802.16m : Advanced Air Interface. Data rates of 100 Mbps for mobile
applications and 1 Gbps for fixed applications.

28. “Last Mile” Access Alternatives
Blue-
tooth
Blue-
tooth
Broadband Capable Terrestrial Wireless NetworksBroadband Capable Terrestrial Wireless Networks
UWB
802.1
5
UWB
802.1
5
Personal
Area
Networks
(PANs)
Range50 feet 500 feet 10’s miles
Metropolitan
Area
Networks
(MANs)
WLAN
802.1
1
WLAN
802.1
1
Local
Area
Networks
(LANs)
Wide
Area
Networks
(WANs)
Cellular
2.5 G,
3G
Cellular
2.5 G,
3G
Edge, CDMA2000,
1xEV-DO, UMTS
MMDS
LMDS
WMAN
(802.16d)
WMAN
(802.16e)
Mobile WiMAX

29. Final Thoughts
• A single-chip solution is the ultimate goal
– Around $5/chip
– Several players have begun developing implementations
• Success of device depends on
– The supplier’s ability to deliver implementation at a low
price point
– Application development that is easily integrated with
today’s infrastructure
– Ability of Bluetooth to meet market’s expectations

30. REFERENCES
• [1]Amoroso E., Fundamentals of Computer Security Technology, Prentice Hall,
2004.
• [2]Asokan N. & Ginzboorg P., Key Agreement in Ad-Hoc Networks, Prentice Hall,
2002
• [3]Bluetooth, The Bluetooth Specification, v.1.0B
< http://www.bluetooth.com/developer/specification/specification.asp >
• [4]Zhou L. & Haas Z., Securing Ad Hoc Networks
< http://www.ee.cornell.edu/~haas/Publications/network99.ps >
• [5]Gollmann D., Computer Security, John Wiley & Sons Inc., 2003.
• [6]Müller T., Bluetooth Security Architecture, 1999
< http://www.bluetooth.com/developer/download/download.asp?doc=174 >