Investigation of effective Bluetooth security features

Table of contents

Introduction

Bluetooth signals can be easily intercepted, as can any other type of wireless signals. Therefore, the Bluetooth specification calls for the built-in security to discourage eavesdropping and attempts to falsify the origin of messages, which is called “spoofing”. This section provides an overview of the security mechanisms included in the Bluetooth specifications to illustrate their limitations and provide a foundation for some of the security recommendations.

Get your 100% original paper on any topic done
in as little as 4 hours

Write My Essay

In this example, Bluetooth security is provided between the mobile phone and the laptop computer. IEEE 802.11 security protects the wireless local area network link which is between the laptop computer and the IEEE 802.11 AP. The communications on the wired network are not protected by the Bluetooth security.

1. Three Basic Security Services

The three basic security services specified in the Bluetooth standard are authentication, confidentiality and authorization.

Authentication

Prevents spoofing and unwanted access to critical data and functions. It is the process of verifying the identity of the communication devices. User authentication is not provided natively by Bluetooth.

The Bluetooth device authentication procedure is in the front of a challenge-response scheme. The device attempting to prove its identity in an authentication process is the claimant and the device validating the identity of the claimant is the verifier.

The challenge-response protocol validates devices by verifying the knowledge of a secret key, which is the Bluetooth link key.

Steps in Authentication Process

Step 1: The verifier transmits a 128-bit random challenge (AU_RAND) to the claimant, which is obtained from the random number generator derived from a pseudo-random process within the Bluetooth device.
Step 2: The claimant uses the E1 algorithm to compute an authentication response using its unique 48-bit Bluetooth device address (BD_ADDR), the link key, and AU_RAND as inputs. The verifier does the same computation.
Step 3: The claimant returns the most significant 32 bits of the E1 output as the computed response, SRES to the verifier.
Step 4: The verifier uses a comparator to compare the SRES from the claimant and its own computed value from the E1 algorithm.
Step 5: If both the values are the equal, the authentication is considered successful. If not, the authentication has failed.

The 5 steps accomplishes one-way authentication. The Bluetooth standards allow both one-way and mutual authentication to be performed. For mutual authentication, the steps are repeated with the verifier and claimant switching roles.

Confidentiality

Preventing information compromise caused by ensuring that only authorised devices can access and view data.

To provide confidentiality to the user’s data, encryption technique is used by the Bluetooth technology. Bluetooth has three Encryption Modes.

The modes are as follows:

Encryption Mode 1: No encryption is performed on any traffic.
Encryption Mode 2: Individually addressed traffic is encrypted using encryption keys based on individual link keys. Broadcast traffic is not encrypted.
Encryption Mode 3: All traffic is encrypted using an encryption key based on the master link key.

The encryption key is produced using an internal key generator (KG). The KG produces stream cipher keys based on 128-bit link key, 128 bit EN_RAND and 96-bit ACO value which is the least significant bits from the E1 algorithm of authentication process. A key stream output is exclusive-OR-ed with the payload bits and sent to the receiving device. This stream key is produced using a cryptographic algorithm based on linear feedback shift registers (LFSR). The clock provides the slot number. The encryption function E0 output is exclusive-OR-ed with the sender data and transmitted. The received data is exclusive-OR-ed with the keystream and original data is retrieved.

Trust levels, Service levels, and Authorizations

The Bluetooth levels of trust are

Trusted device: fixed relationship with another device and has full access to all services.
Untrusted device: does not have an established relationship and hence restricted access to services.

The security services defined for Bluetooth devices are

Service level 1: requires authorization and authentication. Automatic access is granted to trusted device; untrusted devices need manual authorization.
Service level 2: requires authentication only; authorization is not necessary. Access to an application is granted only after an authentication procedure.
Service level 3: open to all devices, with no authentication required. Access is granted automatically.

2. Security Modes

The various versions of Bluetooth specifications define four security modes. Each Bluetooth device must operate in one of the four modes.

Security Mode 1: a non secure mode. Authentication and encryption are bypassed leaving the device and connections susceptible to attackers. This mode is only supported in v2.0 + EDR devices.

Security mode 2: a service level-enforced security mode. The security procedures are initiated after LMP link establishment but before L2CAP channel establishment. The authentication and encryption mechanisms in this mode are implemented at the LMP layer. All Bluetooth devices support this security mode 2.

Security Mode 3: link level-enforces security mode. The Bluetooth device initiates the security procedures before the physical link is fully established. This mode mandates authentication and encryption for all connections to and from the devics. This mode is supported only in v2.0 + EDR devices.

Security Mode 4: a service level-enforced security mode like the security mode 2. But the security procedures are initiated after link setup. Authentication and encryption algorithms are identical to the algorithms in Bluetooth v2.0 + EDR and earlier versions. This is mandatory for v2.1 + EDR devices.

Appendix D—Online Resources

References

Bluetooth Special Interest Group, Bluetooth 2.0 and 2.1 specifications, http://www.bluetooth.com/Bluetooth/Technology/Building/Specifications/

Bluetooth Special Interest Group, “Bluetooth Security White Paper”, May 2002, http://www.bluetooth.com/NR/rdonlyres/E870794C-2788-49BF-96D3- C9578E0AE21D/0/security_whitepaper_v1.pdf

Bluetooth Special Interest Group, “Simple Pairing Whitepaper”, August 2006, http://bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6- F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf

Defense Information Systems Agency (DISA), “DoD Bluetooth Headset Security Requirements Matrix”, Version 2.0, 07 April 2008, http://iase.disa.mil/stigs/checklist/dod_bluetooth_headset_security_requirements_matrix_v2-

0_7april2008.pdf

Defense Information Systems Agency (DISA), “DoD Bluetooth Smart Card Reader Security Requirements Matrix”, Version 2.0, 01 June 2007, http://iase.disa.mil/stigs/checklist/DoD-Bluetooth- Smart-Card-Reader-Security-Requirements-Matrix.pdf

Y. Lu, W. Meier, and S. Vaudenay, “The Conditional Correlation Attack: A Practical Attack on Bluetooth

Encryption”, http://lasecwww.epfl.ch/pub/lasec/doc/LMV05.pdf

We will write a custom Essay on Investigation of effective Bluetooth security features specifically for you for only ~~$16.05~~ $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with MyStudyWriters

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

Nursing

thank you so much

Customer 452749, June 10th, 2021

Business and administrative studies

excellent paper

Customer 452773, March 3rd, 2023

English 101

IThank you

Customer 452631, April 6th, 2021

ACC/543: Managerial Accounting & Legal Aspects Of Business

EXCELLENT JOB

Customer 452773, January 10th, 2024

Human Resources Management (HRM)

excellent work

Customer 452773, July 3rd, 2023

Criminal Justice

This has been the greatest help while I am recovering from an illness. Thank your team so much.

Customer 452671, May 2nd, 2021

Business and administrative studies

excellent work

Customer 452773, March 9th, 2023

Social Work and Human Services

Great work I would love to continue working with this writer thought out the 11 week course.

Customer 452667, May 30th, 2021

Business and administrative studies

excellent job

Customer 452773, March 12th, 2023

Business and administrative studies

Thank you for your hard work

Customer 452773, October 19th, 2023

Human Resources Management (HRM)

excellent job

Customer 452773, July 17th, 2023

History

Don't really see any of sources I provided, but elsewise its great, thank you!

Customer 452697, May 8th, 2021

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat

Check the price of your paper

Investigation of effective Bluetooth security features

Steps in Authentication Process

Confidentiality

Trust levels, Service levels, and Authorizations

Share this:

Related

Need help with your Assignment?

Sometimes it is hard to do all the work on your own