Enhancement of bluetooth security authentication using hash-based message authentication code (HMAC) algorithm

Recently, Bluetooth technology is widely used by organizations and individuals to provide wireless personal area network (WPAN). This is because the radio frequency (RF) waves can easily penetrate obstacles and can propagate without direct line-of-sight (LoS). These two characteristics have led to replace wired communication by wireless systems. However, there are serious security challenges associated with wireless communication systems because they are easier to eavesdrop, disrupt and jam than the wired systems. Bluetooth technology started with a form of pairing called legacy pairing prior to any communication. However, due to the serious security issues found in the legacy pairing, a secure and simple pairing called SPP was announced with Bluetooth 2.1 and later since 2007. SPP has solved the main security issue which is the weaknesses of the PIN code in the legacy pairing, however it has been found with some vulnerabilities such as eavesdropping and man-in-the-middle (MITM) attacks. Since the discovery of these vulnerabilities, some enhancements have been proposed to the Bluetooth Specification Interest Group (SIG) which is the regulatory body of Bluetooth technology; nevertheless, some proposed enhancements are ineffective or are not yet implemented by Manufacturers. Therefore, an improvement of the security authentication in Bluetooth connection is highly required to overcome the existing drawbacks. This proposed protocol uses Hash-based Message Authentication Code (HMAC) algorithm with Secure Hash Algorithm (SHA-256). The implementation of this proposal is based on the Arduino Integrated Development Environment (IDE) as software and a Bluetooth (BT) Shield connected to an Arduino Uno R3 boards as hardware. The result was verified on a Graphical User Interface (GUI) built in Microsoft Visual Studio 2010 with C sharp as default environment. It has shown that the proposed scheme works perfectly with the used hardware and software. In addition, the protocol thwarts the passive and active eavesdropping attacks which exist during SSP. These attacks are defeated by avoiding the exchange of passwords and public keys in plain text between the Master and the Slave. Therefore, this protocol is expected to be implemented by the SIG to enhance the security in Bluetooth connection

Potential Bluetooth vulnerabilities in smartphones

Smartphone vendors have been increasingly integrating Bluetooth technology into their devices to increase accessible and convenience for users. As the current inclination of integrating PDA and telephony increase, the likelihood of sensitive information being stored on such a device is also increased. Potential Bluetooth vulnerabilities could provide alternative means to compromise Bluetooth-enable smartphones, leading to severe data breaches. This paper gives an insight on potential security vulnerabilities in Bluetooth-enabled smartphones and how these vulnerabilities may affect smartphone users. This paper is discussed from the viewpoint of Bluetooth weaknesses and implementation flaws, which includes pairing, weak key storage, key disclosure, key database modification, unit key weaknesses, manipulating sent data, locating tracking, implementation flaws, disclosure of undiscoverable devices, denial of service, device-based authentication, and uncontrolled propagation of Bluetooth waves, as well as Blueprinting and relay attacks

A framework for analyzing RFID distance bounding protocols

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol

Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth

Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded. Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI

Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth

Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded. Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI

Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth

Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded. Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI

Distance Bounding Protocols on TH-UWB Link and their Analysis over Noisy Channels

Relay attacks represent nowadays a critical threat to authentication protocols. They cab be thwarted by deploying distance bounding protocols on an UWB radio. Exploiting the characteristics of time-hopping UWB radios to enhance distance bounding protocols leads to two design strategies. The first one is based on a secret time-hopping code while the mapping code is public. The second strategy exploits a secret mapping code with a public time-hopping code. The merits of each strategy are established over noise-free and noist channels as well as for different radio parameters

Bluetooth command and control channel

Bluetooth is popular technology for short-range communications and is incorporated in mobile devices such as smartphones, tablet computers and laptops. Vulnerabilities associated with Bluetooth technology led to improved security measures surrounding Bluetooth connections. Besides the improvement in security features, Bluetooth technology is still plagued by vulnerability exploits. This paper explores the development of a physical Bluetooth C&C channel, moving beyond previous research that mostly relied on simulations. In order to develop a physical channel, certain requirements must be fulfilled and specific aspects regarding Bluetooth technology must be taken into consideration. To measure performance, the newly designed Bluetooth C&C channel is executed in a controlled environment using the Android operating system as a development platform. The results show that a physical Bluetooth C&C channel is indeed possible and the paper concludes by identifying potential strengths and weaknesses of the new channel.http://www.elsevier.com/locate/cosehb2016Computer Scienc

Blurtooth: Exploiting cross-transport key derivation in Bluetooth classic and Bluetooth low energy

Bluetooth is a pervasive wireless technology specified in an open standard. The standard defines Bluetooth Classic (BT) for high- throughput wireless services and Bluetooth Low Energy (BLE) very low-power ones. The standard also specifies security mechanisms, such as pairing, session establishment, and cross-transport key derivation (CTKD). CTKD enables devices to establish BT and BLE security keys by pairing just once. CTKD was introduced in 2014 with Bluetooth 4.2 to improve usability. However, the security im- plications of CTKD were not studied carefully. This work demonstrates that CTKD is a valuable and novel Blue- tooth attack surface. It enables, among others, to exploit BT and BLE just by targeting one of the two (i.e., Bluetooth cross-transport ex- ploitation). We present the design of the first cross-transport attacks on Bluetooth. Our attacks exploit issues that we identified in the specification of CTKD. For example, we find that CTKD enables an adversary to overwrite pairing keys across transports. We leverage these vulnerabilities to impersonate, machine-in-the-middle, and establish unintended sessions with any Bluetooth device support- ing CTKD. Since the presented attacks blur the security boundary between BT and BLE, we name them BLUR attacks. We provide a low-cost implementation of the attacks and test it on a broad set of devices. In particular, we successfully attack 16 devices with 14 unique Bluetooth chips from popular vendors (e.g., Cypress, Intel, Qualcomm, CSR, Google, and Samsung), with Bluetooth standard versions of up to 5.2. We discuss why the countermeasures in the Bluetooth are not effective against our attacks, and we develop and evaluate practical and effective alternatives