2. BLUETOOTH
System for short range wireless communication
Wireless data transfer via ACL link
Data rates up to 3 Mb/s
2.4 GHz ISM band (Industrial Scientific Medicine)
Typical communication range is 10-100 meters
Bluetooth SIG (Special Interest Group) developed the
technology
3. SECURITY THREATS
Disclosure Threat
Integrity Threat
Denial of Service (DoS)
5. SECURITY LEVELS AND MODES
Security Levels:
Silent
Private
Public
Security Modes:
Non Secure
Service Level Enforced Security
Link Level Enforced Security
6. AUTHENTICATION,
AUTHORIZATION , ENCRYPTION
Authentication is the process of proving the identity of
one piconet member to another
Authorization determines whether the user is authorized
to have access to the services provided
Encryption is the process of encoding the information so
that no eavesdropper can read it
12. KNOWN VULNERABILITIES
Spoofing through Keys
Spoofing through a Bluetooth Address
PIN Length
13. COUNTERMEASURES
Know your Environment
Be Invisible
Abstinence is best
Use only long PIN codes (16 case sensitive
alphanumerical characters)
Requiring Authentication for every L2CAP request
Using additional security at software level and an
additional password to physically protect the Bluetooth
devices
14. COUNTERMEASURES CONTD…
Requiring re authentication always prior to access of a
sensitive information / service
To prevent Man-in-the-middle attack, approach is to
make it difficult for an attacker to lock onto the
frequency used for communication. Making the
frequency hopping intervals and patterns reasonably
unpredictable might help to prevent an attacker from
locking onto the devices signal.
15. PROPOSED SOLUTION FOR DOS
ATTACK
When the pairing message is sent by one device
When the attacker is sending the message with the
address, which is already connected to Bluetooth device
When the pairing message sent by more than one device
When the attacker is changing the Bluetooth address of
itself with another Bluetooth address
18. POSSIBLE ATTACKS ON UMTS
Denial of service
Identity catching
Impersonation of the network
Impersonation of the user
19. 3G SECURITY FEATURES
„ Mutual Authentication
The mobile user and the serving network authenticate
each other
„ Data Integrity
Signaling messages between the mobile station and RNC
protected by integrity code
Network to Network Security
Secure communication between serving networks. IPsec
suggested
Secure IMSI (International Mobile Subscriber
Identity) Usage
The user is assigned a temporary IMSI by the serving
network
20. 3G SECURITY FEATURES
CONTD…
„ User – Mobile Station Authentication
The user and the mobile station share a secret key, PIN
„ Secure Services
Protect against misuse of services provided by the home
network and the serving network
„ Secure Applications
Provide security for applications resident on mobile
station
21. AUTHENTICATION AND KEY
AGREEMENT
„ AuC and USIM share
permanent secret key K
Message authentication functions f1, f1*, f2
key generating functions f3, f4, f5
„ AuC has a random number generator
„ AuC has scheme to generate fresh sequence numbers
„ USIM has scheme to verify freshness of received
22. AUTHENTICATION AND KEY
AGREEMENT home
128 bit secret key K is shared between the
network and the mobile user
Home Network Mobile station
26. NETWORK DOMAIN SECURITY
IPSec
IP traffic between networks can be protected with
IPSEC between security gateways
Encapsulating Security Payload (ESP) is used for
protection of packets
ESP is always used in tunnel mode
Advance Encryption Standard (AES)
28. CODE DIVISION MULTIPLE ACCESS
(CDMA)
Channel access method used by various radio
communication technology
Employs spread spectrum technology and a special
coding scheme
Attacks are very difficult and rare
30. TYPES OF CDMA
Frequency Hopping Spread Spectrum CDMA
Direct Sequence Spread Spectrum CDMA
31. SECURITY
By design, CDMA technology makes eavesdropping very
difficult
42-bit PN (Pseudo Random Noise) sequence
64-bit authentication key (A-Key)
Electronic Serial Number (ESN) of the mobile