BLUETOOTH SECURITY(蓝牙安全)1

Preliminarystudy:BLUETOOTHSECURITYSilJanssensSil.Janssens@vub.ac.beJanuary9,2005Lastupdated22/11/2004DateAuthorComment22/11/2004SilJanssensAdditionsandcorrectionsafterremarksofRobertMaierandDaveSingelee09/11/2004SilJanssensAdditionsandcorrections04/11/2004SilJanssensAdaptationsafterremarksofPhilipCara27/10/2004SilJanssensAdaptationsafterremarksofDaveSingelee18/10/2004SilJanssensCorrections17/10/2004SilJanssensCorrectionsandadditions16/10/2004SilJanssensCorrectionsandadditions14/10/2004SilJanssensCorrectionsandadditions10/10/2004SilJanssensCorrectionsandadditions6/10/2004SilJanssensFirstDraftTable1:VersionHistory1Contents1Introduction31.1Purposeandscope............................31.2Definitions,acronymsandabbreviations................31.3References................................72Bluetoothoverview142.1Bluetoothspecifications.........................143Overallsecuritydescription154Bluetoothsecurityoverview164.1SecurityMode1:Nonsecuremode...................164.2SecurityMode2:Service-levelenforcedsecuritymode........174.3SecurityMode3:Link-levelenforcedsecuritymode.........174.4BluetoothKeyGenerationfromPIN..................174.5BluetoothAuthentication........................184.6BluetoothEncryptionProcess......................194.7ProblemswiththeBluetoothStandardSecurity............205Bluetoothsecurityattacks225.1Impersonationattackbyinserting/replacingdata............225.2Bluejacking...............................225.3BluetoothWardriving..........................235.4Nokia6310iBluetoothOBEXMessageDoS..............245.5Brute-Forceattack...........................245.6Denial-of-Serviceattackonthedevice.................245.7Disclosureofkeys............................245.8Unitkeyattacks.............................255.9Backdoorattack.............................255.10Pairingattack..............................255.11BlueStumbling=BlueSnarfing.....................255.12BlueBugattack.............................265.13PSMScanning.............................265.14Off-linePIN(viaKinit)recovery....................265.15On-linePINcracking..........................275.16Off-lineencryptionkey(viaKc)....................275.17AttackontheBluetoothKeyStreamGenerator............275.18ReflectionAttack............................275.19Replayattacks..............................275.20Man-in-the-middleattack........................275.21Denial-of-ServiceattackontheBluetoothnetwork..........275.22Aman-in-the-middleattackusingBluetoothinaWLANinterworkingenvironment...............................275.23Impersonateoriginalsending/receivingunit..............285.24Correlationattacks...........................2821IntroductionBluetoothwirelesstechnologyisashort-rangeradiotechnologythatisdesignedtoful-filltheparticularneedsofwirelessinterconnectionsbetweendifferentpersonaldevices,whichareverypopularintoday’ssociety.ThedevelopmentofBluetoothstartedinthemid-1990s,whenaprojectwithinEricssonMobileCommunicationsrequiredawaytoconnectakeyboardtoacomputerdevicewithoutacable.Thewirelesslinkturnedouttobeusefulformanyotherthings,anditwasdevelopedintoamoregenerictoolforconnectingdevices.Asynchronousmodeforvoicetrafficwasaddedandsupportforuptosevenslaveswasintroduced.Inordertogainmomentumforthetechnologyandtopromoteacceptance,theBluetoothSpecialInterestGroup(SIG)wasfoundedin1998.Thegroupconsistsofmanycompaniesfromvariousfields.Byjoiningforces,theSIGmembershaveevolvedtheradiolinktowhatisnowknownasBluetoothwire-lesstechnology.1.1PurposeandscopeThepurposeofthisdocumentistoprovideanintroductiontothesecurityaspectsofBluetoothandtheexistingattacksonthesecurityofBluetooth.1.2Definitions,acronymsandabbreviationsACL:Asynchronousconnection-oriented(logicaltransport).ACO:Authenticatedcipheringoffset.Aparameterbindingdevicestoaparticu-larauthenticationevent.AES:AdvancedEncryptionStandardAG:Audiogateway.Amobilephoneorotheroutloud-playingdevice(connectedtoaheadset).BB:Baseband.ThisisthelowestlayeroftheBluetoothspecification.BDADDR:BluetoothdeviceaddressBER:Biterrorrate.Averageprobabilitythatareceivedbitiserroneous.BNEP:Bluetoothnetworkencapsulationprotocol.EmulationofEthernetoverBluetoothlinks.CA:Certificateauthority.Trustedissuerofcertificates.CAC:Channelaccesscode.AcodederivedfromthemasterdeviceaddressinaBluetoothconnectionCAK:Commonaccesskey.Acommonkeythatcanbeusedwhenconnectingtodifferentaccesspointsbelongingtoaparticularnetworkprovider.CID:Channelidentifier.EndpointsatanL2CAPchannel.COF:Cipheringoffset.Additionalsecretinputtocipheringkeygenerationpro-cedure.CPU:Centralprocessingunit3CRC:Cyclicredundancycheck.Achecksumaddedtothepayloadbythesenderthatthereceivercanusetodetecttransmissionerrors.DAC:Deviceaccesscode.AcodederivedfromaspecificslavedeviceinaBluetoothconnectionDH:Diffie-Hellman.Thenameofthefirstpublickeyexchangescheme.DoS:Denialofservice.Incidentinwhichauserororganizationisdeprivedoftheservicesofaresourcetheywouldnormallyexpecttohave.DSP:Digitalsignalprocessor.Editingofsoundsinordertoproducedifferentsoundeffects.DT:DataterminalE0:Bluetoothciphe