Security Protocols in Bluetooth

[Xiomar]

In addition, protocols have various other application-related input in the Bluetooth standard displayed. These include the Object Exchange (OBEX) protocol, which was acquired from the IrDAStandard for infrared, or modeling the representation of objects and the structuring of dialogues between the objects. Using OBEX is handled the vCard protocol that enables the exchange of virtual business cards. The Wireless Application Protocol (WAP), which was developed for the transmission of WML resources on mobile phones, is also available in the Bluetooth standard and is realized via the TCP / IP layers.

[Zeverto]

Security in wireless systems is of paramount importance. This authorization is a strong need, must also always be guaranteed the confidentiality between the two devices. Therefore, support Bluetooth security measures at both links as well as application layer (Bluetooth Security White Paper PDF download). These are balanced, so that each device in an identical manner, perform authentication and encryption in the same way. The key material for the link layer will have four components generated from: the Bluetooth device address, two secret keys and a pseudo-random number, the newly generated will transfer all of (as Specification of the Bluetooth System) of. For the Bluetooth standard has a special set cryptographic algorithms of the so-called E-family of Massey and Rueppel developed.

[Fragman]

The authentication of the devices uses a symmetrical two-sided challenge / response system, called the E1 algorithm. To encrypt the data of the E0 algorithm is used, a symmetrical stream encryption method. The key management and use is made of different elements. For the generation of the cryptographic key elements of the so-called E2 and E3 algorithms. As always, can be in cryptographic security systems, two different types of possible attacks: It can be weaknesses in the algorithm as given in the implementation of the Protocol. The E0 algorithm has been analyzed extensively by the community, and there are good estimates of the cryptographic strength. Especially with the summation generator has an item on a weakness that could be used in correlation attacks.

[spuff]

Direct attacks on the E0-processes are known, but have considerable complexity to one. It shows an attack that demonstrates that the maximum effective key length 84 bits reduced if the attacker 132 bits of the encrypted data stream are known. The maximum effective key length can be reduced up to 73 bits, 243 bits when the encrypted data stream are known. Apart from these complex theoretical gaps also some general weaknesses are present. So it was in the past, such as faulty implemented Bluetooth stack, such as Toshiba.

[Jevin]

In the area of protocol implementations following weaknesses are well known - they are essentially also those that lead to known attacks. The key length can be negotiated between two stations, the largest common key size is selected. Provides a station that is only a small key length, so all communication is encrypted with this short length. The choice of the PIN code for authentication is also a common vulnerability. In some systems, the PIN code is even fixed. The mutual authentication is not based on certificates and allows in principle a man-in-the-middle attack. Most application protocols provide no security themselves. As some of the protocols also allow access to the file system, opens up further security holes an attacker. The Service Discovery Protocol (SDP) allows for active collection of information about the stations, their location and the services provided.

[DarenHawk]

Despite all these possibilities of attack should be noted that the specification of Bluetooth security mechanisms for potential attackers when properly implemented by system designers and correct use by the user. For other techniques to try to tie in the success of Bluetooth. One of the most prominent examples is certainly Wireless USB. The technology certainly has the stuff to make Bluetooth competition, because most users already familiar with USB, the threshold for use is therefore correspondingly low. Yet Bluetooth is not even in the years to be indispensable in the mobile life. Because, above all in its traditional area, the coupling of a cell phone to another device, this technology may prove time and again.