23 research outputs found
Enhancement of bluetooth security authentication using hash-based message authentication code (HMAC) algorithm
Recently, Bluetooth technology is widely used by
organizations and individuals to provide wireless personal area
network (WPAN). This is because the radio frequency (RF)
waves can easily penetrate obstacles and can propagate without
direct line-of-sight (LoS). These two characteristics have led to
replace wired communication by wireless systems. However,
there are serious security challenges associated with wireless
communication systems because they are easier to eavesdrop,
disrupt and jam than the wired systems. Bluetooth technology
started with a form of pairing called legacy pairing prior to any
communication. However, due to the serious security issues found
in the legacy pairing, a secure and simple pairing called SPP was
announced with Bluetooth 2.1 and later since 2007. SPP has
solved the main security issue which is the weaknesses of the PIN
code in the legacy pairing, however it has been found with some
vulnerabilities such as eavesdropping and man-in-the-middle
(MITM) attacks. Since the discovery of these vulnerabilities,
some enhancements have been proposed to the Bluetooth
Specification Interest Group (SIG) which is the regulatory body
of Bluetooth technology; nevertheless, some proposed
enhancements are ineffective or are not yet implemented by
Manufacturers. Therefore, an improvement of the security
authentication in Bluetooth connection is highly required to
overcome the existing drawbacks. This proposed protocol uses
Hash-based Message Authentication Code (HMAC) algorithm
with Secure Hash Algorithm (SHA-256). The implementation of
this proposal is based on the Arduino Integrated Development
Environment (IDE) as software and a Bluetooth (BT) Shield
connected to an Arduino Uno R3 boards as hardware. The result
was verified on a Graphical User Interface (GUI) built in
Microsoft Visual Studio 2010 with C sharp as default
environment. It has shown that the proposed scheme works
perfectly with the used hardware and software. In addition, the
protocol thwarts the passive and active eavesdropping attacks
which exist during SSP. These attacks are defeated by avoiding
the exchange of passwords and public keys in plain text between
the Master and the Slave. Therefore, this protocol is expected to
be implemented by the SIG to enhance the security in Bluetooth
connection
Potential Bluetooth vulnerabilities in smartphones
Smartphone vendors have been increasingly integrating Bluetooth technology into their devices to increase accessible and convenience for users. As the current inclination of integrating PDA and telephony increase, the likelihood of sensitive information being stored on such a device is also increased. Potential Bluetooth vulnerabilities could provide alternative means to compromise Bluetooth-enable smartphones, leading to severe data breaches. This paper gives an insight on potential security vulnerabilities in Bluetooth-enabled smartphones and how these vulnerabilities may affect smartphone users. This paper is discussed from the viewpoint of Bluetooth weaknesses and implementation flaws, which includes pairing, weak key storage, key disclosure, key database modification, unit key weaknesses, manipulating sent data, locating tracking, implementation flaws, disclosure of undiscoverable devices, denial of service, device-based authentication, and uncontrolled propagation of Bluetooth waves, as well as Blueprinting and relay attacks
A framework for analyzing RFID distance bounding protocols
Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol
Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth
Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded.
Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI
Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth
Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded.
Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI
Estudo e avaliação dos mecanismos de segurança empregados na tecnologia Bluetooth
Dentre as tecnologias de redes sem fio voltadas para ambientes adhoc, Bluetooth apresenta-se como a solução com maior desenvolvimento e expansão nos últimos anos. Entretanto, os aspectos de segurança em volta deste padrão não acompanharam este crescimento de maneira adequada, resultando na descoberta e exploração de diversas vulnerabilidades. Partindo deste cenário, este trabalho apresenta duas propostas visando o melhoramento da arquitetura de segurança Bluetooth. Estas propostas abordam respectivamente os procedimentos de autenticação e paring.Considering all wireless technologies applied to adhoc environments, Bluetooh is presented as the solution with the most expressive development and application in the last years. However, the aspects of security around this technology had not followed this growth in the same way, resulting in a sort of vulnerabilities founded.
Considering all these aspects, this paper presents two proposals with major purpose of improve the Bluetooth security architecture. These proposals, respectively, consider the authentication procedure and paring.Red de Universidades con Carreras en Informática (RedUNCI
Distance Bounding Protocols on TH-UWB Link and their Analysis over Noisy Channels
Relay attacks represent nowadays a critical threat to authentication protocols. They cab be thwarted by deploying distance bounding protocols on an UWB radio. Exploiting the characteristics of time-hopping UWB radios to enhance distance bounding protocols leads to two design strategies. The first one is based on a secret time-hopping code while the mapping code is public. The second strategy exploits a secret mapping code with a public time-hopping code. The merits of each strategy are established over noise-free and noist channels as well as for different radio parameters
Bluetooth command and control channel
Bluetooth is popular technology for short-range communications and is incorporated in
mobile devices such as smartphones, tablet computers and laptops. Vulnerabilities associated
with Bluetooth technology led to improved security measures surrounding Bluetooth
connections. Besides the improvement in security features, Bluetooth technology is
still plagued by vulnerability exploits. This paper explores the development of a physical
Bluetooth C&C channel, moving beyond previous research that mostly relied on simulations.
In order to develop a physical channel, certain requirements must be fulfilled and
specific aspects regarding Bluetooth technology must be taken into consideration. To
measure performance, the newly designed Bluetooth C&C channel is executed in a
controlled environment using the Android operating system as a development platform.
The results show that a physical Bluetooth C&C channel is indeed possible and the paper
concludes by identifying potential strengths and weaknesses of the new channel.http://www.elsevier.com/locate/cosehb2016Computer Scienc
Blurtooth: Exploiting cross-transport key derivation in Bluetooth classic and Bluetooth low energy
Bluetooth is a pervasive wireless technology specified in an open
standard. The standard defines Bluetooth Classic (BT) for high-
throughput wireless services and Bluetooth Low Energy (BLE) very
low-power ones. The standard also specifies security mechanisms,
such as pairing, session establishment, and cross-transport key
derivation (CTKD). CTKD enables devices to establish BT and BLE
security keys by pairing just once. CTKD was introduced in 2014
with Bluetooth 4.2 to improve usability. However, the security im-
plications of CTKD were not studied carefully.
This work demonstrates that CTKD is a valuable and novel Blue-
tooth attack surface. It enables, among others, to exploit BT and BLE
just by targeting one of the two (i.e., Bluetooth cross-transport ex-
ploitation). We present the design of the first cross-transport attacks
on Bluetooth. Our attacks exploit issues that we identified in the
specification of CTKD. For example, we find that CTKD enables an
adversary to overwrite pairing keys across transports. We leverage
these vulnerabilities to impersonate, machine-in-the-middle, and
establish unintended sessions with any Bluetooth device support-
ing CTKD. Since the presented attacks blur the security boundary
between BT and BLE, we name them BLUR attacks. We provide a
low-cost implementation of the attacks and test it on a broad set
of devices. In particular, we successfully attack 16 devices with 14
unique Bluetooth chips from popular vendors (e.g., Cypress, Intel,
Qualcomm, CSR, Google, and Samsung), with Bluetooth standard
versions of up to 5.2. We discuss why the countermeasures in the
Bluetooth are not effective against our attacks, and we develop and
evaluate practical and effective alternatives