Scribd
Upload
52 views17 pages

Security in Wireless Personal Area Networks: Bluetooth

This document discusses security in Bluetooth wireless personal area networks. It describes Bluetooth piconets and scatternets, security modes (non-secure, service-level, and link-level enforced). Security mechanisms include encryption keys, link-layer keys for authentication, and link layer security using device addresses and random keys. It outlines the 4 basic Bluetooth keys (initialization, unit, combination, and master keys) and how they are generated and used. It also covers Bluetooth encryption modes, authentication processes, limitations/problems like jamming, and potential attacks like impersonation and man-in-the-middle.

Uploaded by

Ananthavenkatesh Gummidi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
52 views17 pages

Security in Wireless Personal Area Networks: Bluetooth

This document discusses security in Bluetooth wireless personal area networks. It describes Bluetooth piconets and scatternets, security modes (non-secure, service-level, and link-level enforced). Security mechanisms include encryption keys, link-layer keys for authentication, and link layer security using device addresses and random keys. It outlines the 4 basic Bluetooth keys (initialization, unit, combination, and master keys) and how they are generated and used. It also covers Bluetooth encryption modes, authentication processes, limitations/problems like jamming, and potential attacks like impersonation and man-in-the-middle.

Uploaded by

Ananthavenkatesh Gummidi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Security in Wireless Personal

Area Networks
Bluetooth
Terms

 Piconet(3 bit address)


 Master
 Slave
 Scatternet(Multi-point)
 Nodes States
 Hold
 Park
 Sniff
Security Modes

 Non-Secure
 Service-level enforced security
 Link-Level Enforced Security
Security Mechanisms

 Encryption keys protect data in session


 Link-layer keys provide authentication
 Semi-permanent
 Temporary
 Link layer security
 48-bit device address, fixed & unique
 128-bit pseudorandom private key for authentication
 8 to 128 bit private key for encryption
 128 bit pseudorandom number generated by the device
4 basic keys

 Initialization Key
 Used during installation, requires PIN
 Unit Key
 After device is installed, stored in non-volatile memory
 Combination Key
 Between every pair of devices communicating with each other
 Master Key
 When master wants to transmit to multiple devices at once
Initialization Key

 Uses E22 Algorithm


 Key: Combination of:
 PIN Code(8-128) bits
 Bluetooth device address(48 bits)
 Random 128 bit number
 Discarded after key exchange
Unit Key

 Associated with device


 Generated by E21 Algorithm
 Uses:
 Bluetooth device address
 Random number(128 bits)
Combination Key

 Both devices A & B compute a number LK_KA & LK_KB resp.


 Computed using E21 Algorithm
 Random number
 Bluetooth device address
 Devices exchange random numbers they used by XORing number with current
initialization key
 Then, device extract random number by XORing it with initialization ley
 Now devices know each others Bluetooth device address so A now generates LK_K B & B
generates LK_KA
Master Key

 Temporary key
 Master device generates it with 2 random 128-bit numbers
 Random number is sent to the slaves, which use it & initialization key to generate overlay
 Master key is XORed with overlay by the master & sent to the slaves, which extract master
key
 Done for each slave
Bluetooth Encryption

 Three modes
 First Mode: nothing is encrypted
 Second Mode: Broadcast traffic is not encrypted
 Third Mode: all traffic is encrypted
Authentication
 Unit A wants to verify unit B identity:
 A sends a challenge to B
 B encrypts the challenge & sends back a response
 A also encrypts the challenge & compares it with the response received from B
 Challenge is a random number, which is input to encryption algorithm E1
 Algorithm takes two other inputs:
 Bluetooth address of Claimant(Unit B)
 Link-Layer Key
 Algorithm E1 produces ACO(Authenticated Ciphering Offset),used as encryption
key if authentication is successful
Limitations & Problems

 Unintentional & Intentional Jamming


 Unintentional: Microwaves
 Intentional: Strong Transmitters
 It supports device authentication but not User authentication
Bluetooth Attacks

 A & B communicate using a common key, so B can impersonate as A


 Man-in-Middle Attack
 PIN(4-bit) are vulnerable to Brute Force Attacks
 Location & movement of the victim can be tracked

You might also like