Bluetooth Communication Security

INTRODUCTION:
Bluetooth is an easy to use network communication technology which, however, is profoundly vulnerable to security threats. The advantage of Bluetooth is its versatile ability, as a short range radio, to support the kind of wireless communication which is so much a part of our day-to-day life. For this reason, it is important to understand the potential risks linked with various wireless devices and communication protocols that resort to Bluetooth.
BLUETOOTH:
Bluetooth is a Radio Frequency standard (IEEE 802.15.1) that connects network devices like cellphones, PDAs, laptop, computer or peripheral devices, GPS receivers etc. over a short range, wirelessly. "Bluetooth is a wireless technology which was named after a Danish Viking and King, Harald Blatand; his last name means "Bluetooth" in English. He is known for his efforts of uniting Denmark and Norway, just like Bluetooth wireless technology is credited with uniting two devices."
It allows users to form ad hoc networks among different network communication devices to transfer video, voice and data. It establishes wireless personal area networks (WPAN), known as Piconets.
It operates in the range of 2.4000 to 2.4835 GHz and works on Frequency Hopping Spread Spectrum (FHSS) technology for all transmissions in which transmitted data is divided into packets where each packet is hopped randomly on one of the 79 designated Bluetooth channels, unlike Fixed-Frequency transmission, to avail the following advantages:
a. High resistance of Spread spectrum signals to narrowband interference.
b. Difficult to intercept Bluetooth signals in real time transmission.
c. Efficient utilization of bandwidth.
The connection, established among devices using Bluetooth, generally survives in close proximity of upto 10 meters but is extendable upto 100 meters by using hooks and adapters. This is because of the Microwave aspect of Bluetooth frequencies which form part of the S - band of the electromagnetic spectrum. The speed of Bluetooth transmission depends on the combination of Basic Rate (BR-giving data rate of 1Mbps) and Enhanced Data Rate (EDR- giving 2-3 Mbps data rate), known as 'BR/EDR radio'.
Bluetooth Communication:
The Bluetooth communication principle is based upon a master/slave operational mode. The term "piconet" refers to the network formed by one device with all devices found within its range. Within a single coverage area up to 10 piconets can coexist where a master can be connected to as many as 7 active slave devices and 255 slaves in parked mode.
To establish a connection Bluetooth enters following two modes: a. Discoverable Mode: A Bluetooth enabled device is in "discoverable mode", when it responds to the inquiry scan of other Bluetooth devices to pair or connect to it. b. Connectable Mode: A Bluetooth enabled device is in "Connectable mode", when it is in the range that will respond to another device trying to establish a network connection
SECURITY:
Like other wireless technologies, Bluetooth too faces security threats and vulnerabilities. There are diverse methodologies to deal with these.
Security Threats:
a. Blue-jacking-- It is about temporarily clogging up another person's cellphone by sending it an anonymous text message using Bluetooth wireless networking system. This attack is similar to spam and phishing email attacks. It is also known as Blue-Spamming.
b. Blue-stumbling--This is searching for hackable Bluetooth devices, randomly.
c. Blue-snarfing- It exploits the object exchange protocol for pairing of two Bluetooth devices to gain access to data stored on the device including the device’s international mobile equipment identity (IMEI)- a unique identification number for each device that an attacker could use to route and intercept all incoming calls to the attacker’s device.
d. Blue-bugging- This attack allows the attacker to read data on a Bluetooth enabled cellphone, hijacking the conversations, initiating phone calls, sending text messages, connecting to the Internet, and more.
e. Blue-trackingâ€"It tracks the people locations by following the signal of their Bluetooth devices.
f. Secure simple pairing attack: The man-in-middle attacks are not prevented even in secure simple pairing.
Bluetooth Security:
Security, while using Bluetooth devices, is rooted in the following fundamental principles:
1. Authentication: determining whether the communicating device is what it is declared to be, based on the Bluetooth device address.
2. Authorization: allowing the user control and access of resources based on authenticated user identity.
3. Confidentiality: to ensure that only authorized devices can access data and this data is not intercepted by intruders.
Security Model:
Link layer security - Pairing keys:
This security includes the use of a number of keys generated for both authentication and encryption utilized by higher layers, providing PIN number. This is a legacy pairing technique where device allows user to decide and enter a PIN number of up to 16bits.
In Secure simple pairing association model, whenever a Bluetooth session- the time interval for which the device is part of a Piconet, is initiated, a series of additional keys are generated. Out of the additional keys, one of these keys called link key or authentication key, is a one-time 128-bit secret key that is used only during that session. The authentication is achieved through private key encryption by way of a random number generated by each device to verify that each is sharing the same secret link key. A new encryption key is generated each time the device enters encryption mode where authentication key is used during the entire session.
Application layer security:
Application layer security could include one of the following security modes:-
Secure Mode 1: This is actually a no-security mode which provides no security authentication, authorization and encryption to data. The system in this mode is highly vulnerable to attacks. Such devices can be easily connected to other device, initiated even for malicious activities as connection establishment is not restricted or no authentication and authorization process is followed.
Secure Mode 2: This ensures that security operations are initiated once connection is established but logical channel linkage is still awaited. In this mode different security policies, held and applied by the centralized security manager, provide access between different interfaces and different device users. Also, these varying security trust levels restrict the access of undesired applications. This mode authorizes a device if it is allowed to have access to a specific application or service on a specific device. Here the Bluetooth service is discovered before performing security procedures like authorization, authentication and encryption managed by security controller only.
Security Mode 3: In this mode authentication and encryption for all connections to and from the device is essential which means the discovery of the Bluetooth service itself, prior to authentication and authorization, is restricted.
Security Mode 4: Here the security operations begin after physical and logical links are established using Secure Simple Pairing (SSP), in which Elliptic Curve Diffie-Hellman (ECDH) key agreement replaces legacy key agreement for link key generation. A brief of ECDH key arrangement is explain below: