22-05-2010, 05:13 PM
[attachment=3602]
Bluetooth and WiFi Security
Presented By:
MANISH EKKA
Roll No 870090
MCA 4th Semester
Introduction
Bluetooth, or IEEE 802.15, specifications are developed by the Bluetooth SIG,originally established by Ericsson,Toshiba,Motorola,Intel,IBM and Nokia.The latest version is Bluetooth 2.0 with data transfer rate 3Mbps
WiFi is controlled by the WiFi alliance, an industry forum. Its specifications form IEEE 802.11 standards.WiFi comes in various flavors like 802.11a,b,g etc
Both Bluetooth and WiFi are wireless technologies
Bluetooth is short ranged(10-100m)
while WiFi networks in the form of meshes can encompass an entire city (e.g. Taipei)
Both these technologies operate in the 2.45GHz frequency band but use different propagation techniques. Also Bluetooth consumes very low power (max 100mW) while WiFi consumes more power.
There is no exchange of IP addresses in Bluetooth while IP addresses are needed for setting up an WiFi network
Bluetooth Security Architecture
In Bluetooth security is in three modes
Mode 1: This is the non secure mode
Mode 2: In this mode security is not established until the establishment of a channel
Mode 3: Here security is implemented even before page link is established
Keys
Unit key
Keys contd.
Initialization key
Keys contd.
Combination key
Both devices generate a random number and then generate
a key using it and the device address.The random number is exchanged securely and combination key is generated. It
is unique for every pair of devices.
Authentication-Challenge response protocol
Performed after pairing to verify the genuineness of the device wishing to establish communication. Algorithm based on SAFER+ cipher.
Encryption
ACO stands for Authenticated Ciphering Offset. It is used for calculating the COF (Ciphering Offset Number).
which is then used in calculating the encryption key.
Encryption in Bluetooth is of three modes
--No encryption
--Unicasting is encrypted but broadcast traffic is not
--All traffic is encrypted
Generating the key
After authentication data is exchanged, which is encrypted. This requires an encryption key.
Encrypting the Data
Clock (A) is 26 bits of the master clock
K c is the encryption key
K str is the output key stream
Vulnerabilities of Bluetooth
Security compromised if unit keys used for pairing instead of combination keys. Also using shorter PIN keys makes it easier to guess the K init
Use of unit key leads to impersonation .
Bluesnarfing
Battery denial of service attacks
Bluesniping
Privacy violation
Data authentication not reliable as CRC is used in integrity check
Securing Bluetooth networks
Using combination keys instead of unit keys
Using longer and random PIN values
Carrying out the pairing in a secure environment where there is less chance of an intruder observing the initialization procedure.
Putting devices in non-discoverable mode
Upgrading software
Changing location in event of suspicious Bluetooth activity
Pairing up with trusted devices
WiFi Security Architecture
WEP (Wired Equivalent Privacy)
It uses RC4 stream cipher for confidentiality and CRC-32 checksum for integrity.128 bit WEP uses 104 bit key and 24 bit IV. Weak as the short 24 bit IV is not long enough to prevent repetitions on busy network.
Contd.
WPA (WiFi Protected Access)
More strong then WEP. Uses RC4 stream cipher for encryption with 128 bit key and 48 bit IV.802.1X authentication server is used with this scheme. TKIP (Temporal Key Integrity Protocol) used which changes the keys dynamically during run time. Also message integrity improved due to use of more secure MIC (Message Integrity Code) algorithm over CRC.PSK (Pre Shared Key) mode available where authentication server is absent.
Contd.
WPA2
Newer and enhanced version of WPA .Uses an AES (Advanced Encryption Standard) based protocol called CCMP (Counter Mode CMC-MAC Protocol) which replaces TKIP.
MAC (Media Access Control) address filtering
Another means of securing the network. Those devices whose MAC addresses are known beforehand can communicate within the network.
Vulnerabilities
Insecure access points. In default state APs have their SSID broadcast enabled. Also the default password can be easily guessed.
Insecure and misconfigured user stations.
Malicious APs.
MAC spoofing.
Man-in-the-Middle Attack.
Denial of Service Attack.
Case study
An email is sent to a POP3 account over an unencrypted WiFi network.
Contd.
Contd.
Securing a WiFi network (home)
Changing default access name and password of the router
Turning off peer to peer connections
Disabling SSID broadcast and turning on MAC address filtering
Enabling encryption using WEP and WPA
Checking rogue access points and clients
Using a strong firewall
Password protecting computers and files while they are on the network
Putting the wireless network in its own subnet so that the wired network is behind a firewall
Turning off network devices when not in use
Securing a WiFi network (public)
Connecting to a known access point
Encrypting sensitive data before transferring or emailing
Using a VPN
Using firewall and updated anti virus software
Updating the OS by installing security patches
Keeping the passkey secret
Using Web based e-mail employing secure http (https) instead of email clients like Outlook.
Disabling file sharing
Using strong passwords for safeguarding files as well as access to the computer
Conclusion
Wireless technology is a young technology .It is inherently insecure than wired networks because the medium is uncontrolled and physically open. So it is more vulnerable to attacks. But most attacks in Bluetooth occur due to use of shorter PIN values, key mismanagement and keeping the devices in discoverable mode. In case of WiFi they occur because simple steps like enabling encryption, configuration and password protection are not carried out. With the current technology available, most attacks on these networks can be foiled.
Thank You
