|
Bluetooth Security
Like 802.11 security, Bluetooth is not meant to be an end-to-end security protocol,
but actually only a means of security for the wireless portions of the network.
Bluetooth features three security modes:
- Security Mode 1: Nonsecure:
In nonsecure mode, a device will not initiate security procedures and authentication
and encryption are completely bypassed.
- Security Mode 2: Service-level enforced security:
In this mode, security procedures are begun after channels are established at
the Logical Link Control and Adaptation Protocol level. A security manager controls
access to different services and devices by using policies and “trust”
levels.
- Security Mode 3: Link-level security:
In mode 3, a device starts security procedures before channel establishment.
Authentication, both unidirectional and mutual, and encryption are both supported,
through the use of a secret link key between devices. The link key is generated
the first time two devices communicate.
Link key generation:
Two devices communicating for the first time will go through an initialization
phase; they will be “associated” at that point. The link key generation
begins when the user enters identical PINs into both devices, which the devices
use to generate their secret link keys. One of Bluetooth's security strengths is
that in subsequent communications between devices, the link key is never transmitted
outside of the device; the link key is simply used in cryptographic algorithms to
generate matching sequences.
Authentication:
In Bluetooth, authentication is achieved through a challenge-response scheme
whose purpose is to verify that the device requesting access has knowledge of
the secret link key. The requesting device first sends its unique device address
to the verifying device. The verifying device then sends a 128-bit random challenge
from a random number generator. both devices use the E1 algorithm on the random
challenge, the device address, and the link key to yield a 32-bit result. The
verifier then compares the two results and authenticates the requesting device
if the results match.
Bluetooth blocks repeated link key-cracking attempts by exponentially increasing
the amount of time mandated between attempts. This technique fails against attackers
who perform offline attacks to search the space of all PINs.
Confidentiality:
Bluetooth encrypts its data transmissions with a stream cipher called E0. The
key stream used is generated through an algorithm that takes the following values
as input: the device address, a random number, a slot number, and an encryption
key. The encryption key is produced from an internal key generator that takes
as input: the link key, a random number, and a value from the authentication
procedure. The key stream used to encrypt each data packet changes on a per-packet
basis because the slot number is different each time, but all other variables
remain static.
Top of page
|