03-05-2011, 12:59 PM
[attachment=13290]
Two Practical Man-In-The-Middle Attacks on Bluetooth Secure Simple Pairing and Countermeasures
Abstract
We propose two new Man-In-The-Middle (MITM)attacks on Bluetooth Secure Simple Pairing (SSP). The attacksare based on the falsification of information sent during theinput/output capabilities exchange and also the fact that thesecurity of the protocol is likely to be limited by the capabilitiesof the least powerful or the least secure device type. In addition,we devise countermeasures that render the attacks impractical,as well as improvements to the existing Bluetooth SSP in orderto make it more secure. Moreover, we provide a comparativeanalysis of the existing MITM attacks on Bluetooth.Index Terms—Bluetooth, man-in-the-middle attack, out-ofbandchannel, secure simple pairing, wireless security.
I. INTRODUCTION
THE use of wireless communication systems and theirinterconnections via networks have grown rapidly in recentyears. Because radio frequency (RF) waves can penetrateobstacles, wireless devices can communicate with no directline-of-sight between them. This makes RF communicationeasier to use than wired or infrared communication, but it alsomakes eavesdropping easier. Moreover, it is easier to disruptand jam wireless RF communication than wired communication.Because wireless RF communication can suffer fromthese threats, additional countermeasures are needed to protectagainst them.Bluetooth [1] is a technology for short range wireless dataand realtime two-way audio/video transfer providing data ratesup to 24 Mb/s. It operates at 2.4 GHz frequency in thefree Industrial, Scientific, and Medical (ISM) band. Bluetoothdevices that communicate with each other form a piconet. Thedevice that initiates a connection is the piconet master and allother devices within that piconet are slaves.Many kinds of Bluetooth devices, such as laptops, PCs,mice, keyboards, printers, mobile phones, headsets and handsfreedevices, are widely used all over the world. In manycountries, a hands-free device or headset connected to a mobilephone is mandatory in moving vechiles for safety reasons.Therefore, the markets for easy-to-use wireless Bluetoothheadsets and hands-free devices are huge!Already in 2006, the one billionth Bluetooth device wasshipped [2], and the volume is expected to increase rapidly inManuscript received July 2, 2009; revised September 23, 2009; acceptedNovember 4, 2009. The associate editor coordinating the review of this paperand approving it for publication was W. Liao.The authors are with the Department of Computer Science, University ofKuopio, P.O. Box 1627, FI-70211 Kuopio, Finland (e-mail: {keijo.haataja,pekka.toivanen}[at]uku.fi).Digital Object Identifier 10.1109/TWC.2010.01.090935the near future. According to the Bluetooth Special InterestGroup (SIG), the target volume for 2010 is as high as twobillion Bluetooth devices [3]. Therefore, it is very importantto keep Bluetooth security issues up-to-date.The results of this paper: In this paper, we propose twonew MITM attacks on Bluetooth SSP. In addition, we devisecountermeasures that render the attacks impractical as well asimprovements to the existing Bluetooth SSP in order to make itmore secure. Moreover, we provide a comparative analysis ofthe existing MITM attacks on Bluetooth including our attacksdescribed in this paper.The rest of the paper is organized as follows. Section IIprovides an overview of Bluetooth security. Our practicalMITM attacks against Bluetooth SSP are proposed in Sect.III. Countermeasures for these attacks and improvements tothe existing Bluetooth SSP are devised in Sect. IV. SectionV provides a comparative analysis of the existing MITMattacks on Bluetooth. Finally, Sect. VI concludes the paperand sketches future word
.II. OVERVIEW OF BLUETOOTH SECURITY
The basic Bluetooth security configuration is done by theuser who decides how a Bluetooth device will implementits connectability and discoverability options.
The differentcombinations of connectability and discoverability capabilitiescan be divided into three categories, or security levels:
1) Silent: The device will never accept any connections. Itsimply monitors Bluetooth traffic.2) Private: The device cannot be discovered, i.e. it isa so-called non-discoverable device. Connections willbe accepted only if the Bluetooth Device Address(BD ADDR) is known to the prospective master. A 48-bit BD ADDR is normally unique and refers globallyto only one individual Bluetooth device.3) Public: The device can be both discovered and connectedto. It is therefore called a discoverable device.Because Bluetooth is a wireless communication system,there is always a possibility that the transmission could bedeliberately jammed or intercepted, or that false or modifiedinformation could be passed to the piconet devices.Powerful directional antennas can be used to increase thescanning, eavesdropping and attacking range of almost anykind of Bluetooth attack considerably. One very good exampleof a long-distance attacking tool is the BlueSniper Rifle [4],[5]. It is a rifle stock with a powerful directional antenna attached to a small Bluetooth compatible computer. Scanning,eavesdropping and attacking can be done over a mile awayfrom the target devices. Moreover, anyone with some basicskills and a few hundred dollars can build her own BlueSniperRifle. Therefore, the possibility that an attacker is using rangeenhancement for improving the performance of the attacksshould be taken seriously.Nowadays it is possible to transform a standard $30 Bluetoothdongle into a full-blown Bluetooth sniffer [6]. Wehave also verified this fact in our research laboratory [7]with many different Cambridge Silicon Radio (CSR) basedBluetooth Universal Serial Bus (USB) dongles supportingBluetooth versions up to 2.0+EDR (Enhanced Data Rate). Inaddition, tools for reverse engineering the firmware of CSRbasedBluetooth dongles are available [8]. The tools includea disassembler for the official firmware, and an assemblerthat can be used for writing custom firmware. With thesetools anyone can now write custom firmware for CSR-basedBluetooth dongles to include raw access for Bluetooth sniffing.The tools also include the source code for sniffing Bluetoothunder Linux. Moreover, it is expected that in the near futuretechniques for finding hidden (non-discoverable) Bluetoothdevices in an average of one minute will be ported onto astandard CSR dongle via a custom firmware [7], [9], [10]. Thiswill open new doors for practical Bluetooth security researchand it will also provide a cheap basic weapon to all attackersfor Bluetooth sniffing. It is expected that Bluetooth sniffingwill soon become a very popular sport among attackers andhackers, thus making Bluetooth security concerns even morealarming.Bluetooth security is based on building a chain of events,none of which should provide meaningful information to aneavesdropper. All events must occur in a specific sequence forsecurity to be set up successfully.In order for two Bluetooth devices to start communicating,procedure called pairing must be performed. As a result ofpairing, two devices form a trusted pair and establish a linkkey which is used later on for creating a data encryptionkey for each session. In Bluetooth versions up to 2.0+EDR,pairing is based exclusively on the fact that both devices sharethe same Personal Identification Number (PIN) or passkey.When the user enters the same passkey in both devices, thedevices generate the same shared secret which is used forauthentication and encryption of traffic exchanged by them.The PIN is the only source of entropy for the sharedsecret. As the PINs often contain only four decimal digits,the strength of the resulting keys is not enough for protectionagainst passive eavesdropping on communication. Even withlonger 16-character alphanumeric PINs, full protection againstactive eavesdropping cannot be achieved: it has been shownthat MITM attacks on Bluetooth communications (versions upto 2.0+EDR) can be performed
