BLUETOOTH SECURITYK.Dhanraj

Department of Electronics and CommunicationVIGNANA BHARATHI INSTITUTE OF TECHNOLOGY

Affiliated to JNTU

AbstractBluetooth is a way of connecting machines to each other without cables or any other physical medium. It uses radio waves to transfer information, so it is very susceptible to attacks. This paper first gives some background information about Bluetooth system. It then concentrates on its operation, features, comparison with other technologies, its network topology and security issues in Bluetooth enabled devices with possible solution.

1. Introduction

Bluetooth, the new technology named after the 10th Century Danish King Harold Bluetooth, is a hot topic among wireless developers. This article will provide an introduction to the technology.

Bluetooth was designed to allow low bandwidth wireless connections to become so simple to use that they seamlessly integrate into your daily life. A simple example of a Bluetooth application is updating the phone directory of your mobile phone. Today, you would have to either manually enter the names and phone numbers of all your contacts or use a cable or IR link between your phone and your PC and start an application to synchronize the contact information. With Bluetooth, this could all happen automatically and without any user involvement as soon as the phone comes within range of the PC! Of course, you can easily see this expanding to include your calendar, to do list, memos, email, etc.. This is just one of many exciting applications for this new technology! Can you imagine walking into a store and having all the sale items automatically available on your cell phone or PDA? It is a definite possibility with Bluetooth.

Bluetooth communication occurs in the unlicensed ISM (Industrial, Scientific, Medical) band at 2.4GHz. The transceiver utilizes frequency hopping to reduce interference and fading. A typical Bluetooth device has a range of about 10 meters. The communication channel can support both data (asynchronous) and voice (synchronous) communications with a total bandwidth of 1 Mb/sec.

Bluetooth wireless technology is a short-range communications technology intended to replace the cables connecting portable and/or fixed devices while maintaining high levels of security. The key features of Bluetooth technology are robustness, low power, and low cost. The Bluetooth specification defines a uniform structure for a wide range of devices to connect and communicate with each other. A fundamental Bluetooth wireless technology strength is the ability to simultaneously handle both data and voice transmissions.

Bluetooth wireless technology can be used for these applications:

File transfer. Peripheral connectivity. Ad-hoc networking: Communicating devices can

spontaneously form a community of networks that persists only as long as it's needed

Device synchronization: Seamless connectivity among PDAs, computers, and mobile phones allows applications to update information on multiple devices automatically when data on any one device changes.

Car kits: Hands-free packages enable users to access phones and other devices without taking their hands off the steering wheel

Mobile payments: Your Bluetooth-enabled phone can communicate with a Bluetooth-enabled vending machine to buy a can of Diet Pepsi, and put the charge on your phone bill.

Bluetooth defines provisions for three low-power operating modes in order to conserve battery life:

Sniff Mode Hold Mode Park Mode

2.Bluetooth Operation

Bluetooth networking transmits data via low-power radio waves. It communicates on a frequency of 2.45 gigahertz (actually between 2.402 GHz and 2.480 GHz, to be exact). This frequency band has been set aside by international agreement for the use of industrial, scientific and medical devices (ISM).

A number of devices that you may already use take advantage of this same band. One of the ways Bluetooth devices avoid interfering with other systems is by sending out very weak signals of about 1 milliwatt. The low power limits the range of a Bluetooth device to about 10 meters (32 feet), cutting the chances of interference between your computer system and your portable telephone or television. Even with the low power, Bluetooth doesn't require line of sight between communicating devices. The walls in your house won't stop a Bluetooth signal, making the standard useful for controlling several devices in different rooms.

Bluetooth can connect up to eight devices simultaneously. With all of those devices in the same 10-meter (32-foot) radius, you might think they'd interfere with one another, but it's unlikely. Bluetooth uses a technique called spread-spectrum frequency hopping that makes it rare for more

thanone device to be transmitting on the same frequency at the same time. In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range, changing from one to another on a regular basis. In the case of Bluetooth, the transmitters change frequencies 1,600 times every second, meaning that more devices can make full use of a limited slice of the radio spectrum. Since every Bluetooth transmitter uses spread-spectrum transmitting automatically, it’s unlikely that two transmitters will be on the same frequency at the same time. This same technique minimizes the risk that portable phones or baby monitors will disrupt Bluetooth devices, since any interference on a particular frequency will last only a tiny fraction of a second.

When Bluetooth-capable devices come within range of one another, an electronic conversation takes place to determine whether they have data to share or whether one needs to control the other. The user doesn't have to press a button or give a command -- the electronic conversation happens automatically. Once the conversation has occurred, the devices -- whether they're part of a computer system or a stereo -- form a network. Bluetooth systems create a personal-area network (PAN), or piconet, that may fill a room or may encompass no more distance than that between the cell phone on a belt-clip and the headset on your head. Once a piconet is established, the members randomly hop frequencies in unison so they stay in touch with one another and avoid other piconets that may be operating in the same room.

3.Features of Bluetooth Technology

Every technology has its own advantages or features. These advantages or features are one which if are strong can dominate its drawbacks or loop holes. This simple and fascinating technology has dominated its few drawbacks and is now widely used public.

Bluetooth wireless technology is the simple choice for convenient, wire-free, short-range communication between devices

The Bluetooth wireless technology specification is available free-of-charge to our member companies around the globe

Bluetooth technology operates in the 2.4 GHz, one of the unlicensed industrial, scientific, medical (ISM) radio bands

Bluetooth wireless technology is the most widely supported, versatile, and secure wireless standard on the market today

Bluetooth technology has built-in security such as 128bit encryption and PIN code authentication. Once connected, always securely connected.

Due the above magnificent features of Bluetooth this technology which was firstly used in mobiles has now emerged in development of it different fields.

4.Comparison With Other Technology

When we compare Bluetooth with the other wireless technologies like Ultra-Wideband, Certified Wireless USB, Wi-Fi (802.11), ZigBee (IEEE 802.15.4), HIPERMAN, HiperLAN, Near-Field Magnetic Communication, Near Field Communication (NFC), Infrared (IrDA) Bluetooth makes itself distinguished and efficient from others based on its following features

Bluetooth wireless technology is geared towards voice and data applications

Bluetooth wireless technology operates in the unlicensed 2.4 GHz spectrum

Bluetooth wireless technology can operate over a distance of 10 meters or 100 meters depending on the Bluetooth device class. The peak data rate with EDR is 3 Mbps

Bluetooth wireless technology is able to penetrate solid objects

Bluetooth technology is omni-directional and does not require line-of-sight positioning of connected devices

Security has always been and continues to be a priority in the development of the Bluetooth specification. The Bluetooth specification allows for three modes of security

To get more clear view about Bluetooth feature lets compare it with IrDA and 802.11b.

Bluetooth Vs IrDA:

Home electronics devices like TVs and VCRs communicate using beams of light in the infrared spectrum. Infrared is fairly reliable and doesn't cost much to build into devices. It does have drawbacks:

It's line-of-sight, so a sender must align with its receiver.

It's one-to-one, so a device can't send to multiple receivers at the same time.

Infrared's advantages are consequences of its disadvantages:

Because it's line-of-sight, interference is uncommon. Because it's one-to-one, message delivery is reliable:

each message sent goes to the intended recipient no matter how many infrared receivers are in the room.

Bluetooth vs. 802.11b

While both Bluetooth and IEEE 802.11b are wireless communication protocols and both operate in the 2.4GHz band, it is important not to visualize Bluetooth as a replacement for 802.11 wireless LAN technology. They're designed to accomplish different goals.

The 802.11b protocol is designed to connect relatively large devices with lots of power and speed, such as

desktops and laptops. Devices communicate at up to 11 Mbit/sec, at greater distances (up to 300 feet, or 100 meters). By contrast, Bluetooth is designed to connect small devices like

PDAs, mobile phones, and peripherals at slower speeds (1 Mbit/sec), within a shorter range (30 feet, or 10 meters), which reduces power requirements.

5.Bluetooth Network Topology

Bluetooth-enabled devices are organized in groups called piconets. A piconet consists of a master and up to seven active slaves. A master and a single slave use point-to-point communication; if there are multiple slaves, point-to-multipoint communication is used. A master unit is the device that initiates the communication. A device in one piconet can communicate to another device in another piconet, forming a scatternet, as depicted in Figure 1. Notice that a master in one piconet may be a slave in another piconet:

Scatternet Comprising Three Piconets

The normal duration of transmission is one slot, and a packet can last up to five time slots in length. In order to support full-duplex communications, Bluetooth uses a time-division multiplexing (TDM) scheme, in which a master device always uses an even-numbered slot when it transmits, and a slave uses an odd-numbered slot.

Internally the Bluetooth operation follows certain protocol, which is as follows in sequence of operation. This sequence is called as Bluetooth protocol stack.

6.Security

In any wireless networking setup, security is a concern. Devices can easily grab radio waves out of the air. Bluetooth technology is no different -- it's wireless and therefore susceptible to spying and remote access. Bluetooth wireless technology is no exception. Product developers that use Bluetooth wireless technology in their products have several options for implementing security. There are three modes of security for Bluetooth access between two devices.

Security Mode 1: Non-SecureSecurity Mode 2: Service Level Enforced SecuritySecurity Mode 3: Link Level Enforced Security

For devices, normally there are two levels: Mode 1 and Mode 2 which is normally enabled by the manufacturer.

Bluetooth has few threats which are listed below :

Bluejacking Bluejacking allows phone users to send business cards anonymously using Bluetooth wireless technology. Bluejacking does NOT involve the removal or alteration of any data from the device. These business cards often have a clever or flirtatious message rather than the typical name and phone number. Bluejackers often look for the receiving phone to ping or the user to react. They then send another, more personal message to that device. Once again, in order to carry out a bluejacking, the sending and receiving devices must be within 10 meters of one another. Phone

owners who receive bluejack messages should refuse to add the contacts to their address book. Devices that are set in non-discoverable mode are not susceptible to bluejacking.

Bluebugging

Bluebugging allows skilled individuals to access the mobile phone commands using Bluetooth wireless technology without notifying or alerting the phone’s user. This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. As with all the attacks, without specialized equipment, the hacker must be within a 10-meter range of the phone. This is a separate vulnerability from bluesnarfing and does not affect all of the same phones as bluesnarfing.

Bluesnarfing

Bluesnarfing allows hackers to gain access to data stored on a Bluetooth enabled phone using Bluetooth wireless technology without alerting the phone’s user of the connection made to the device. The information that can be accessed in this manner includes the phonebook and associated images, calendar, and IMEI (international mobile equipment identity). By setting the device in non-discoverable, it becomes significantly more difficult to find and attack the device. Without specialized equipment the hacker must be within a 10 meter range of the device while running a device with specialized software. Only specific older Bluetooth enabled phones are susceptible to bluesnarfing.

Car Whisperer

The car whisperer is a software tool developed by security researchers to connect to and send or receive audio to and from Bluetooth car-kits with a specific implementation. An individual using the tool could potentially remotely connect to and communicate with a car from an unauthorized remote device, sending audio to the speakers and receiving audio from the microphone in the remote device. Without specialized equipment, someone using the tool must be within a 10 meter range of the targeted car while running a laptop with the car whisperer tool. The security researchers’ goal was to highlight an implementation weakness in a select number of Bluetooth enabled car-kits and pressure manufacturers to better secure Bluetooth enabled devices.

Cabir Worm

The cabir worm is malicious software, also known as malware. When installed on a phone, it uses Bluetooth technology to send itself to other similarly vulnerable devices. Due to this self-replicating behaviour, it is classified as a worm. The cabir worm currently only affects mobile phones that use the Symbian series 60 user interface platform and feature Bluetooth wireless

of a one time secure pairing. It is recommended that users employ at minimum an eight character or more alphanumeric PIN when possible. Product owners must share that PIN number only with trusted individuals and trusted products for pairing. Without this PIN number, pairing cannot occur. It is always advisable to pair products in areas with relative privacy. Avoid pairing your Bluetooth enabled devices in public. If, for some reason, your devices become unpaired, wait until you are in a secure, private location before repairing your devices.

Theoretically a hacker can monitor and record activities in the frequency spectrum and then use a computer to regenerate the PIN codes being exchanged. This requires specially built hardware and thorough knowledge of Bluetooth systems. By using a PIN code with eight or more alphanumeric characters it would take the hacker years to discover the PIN. By using a four digit numeric PIN code, the hacker could discover the PIN in a matter of a few hours. Still advanced software is required.

7.Conclusion

We have now examined Bluetooth in general, some of the security properties of distributed systems and ad hoc networks and the Bluetooth security mechanisms. As was seen, the Bluetooth's security seemed to be adequate only for small ad hoc networks, such as a network of the participants in a meeting. Connecting a PDA to a mobile phone using Bluetooth may also be secure enough, but is Bluetooth secure enough for larger ad hoc networks, money transfers and transferring other sensitive information?

In the light of this study, it seems that the security of Bluetooth is still inadequate for any serious, security sensitive work. After the basic problems have been corrected, the more sophisticated security methods may be implemented on the upper levels. The security specification only considers simple issues and the more functional security has to be built above it. This includes the better security authorization systems with possible KDCs and distributed secret schemes. The secure routing protocols for larger ad hoc networks must also be implemented separately.

8.Reference

[1]. http://www.bluetooth.com[2]. http://www.bluetooth.org[3]. http://www.howstuffworks.com/bluetooth.htm[4]. http://www.wirelessdevnet.com[5]. http://www.sysopt.com[6]. http://hotbot.com/[7]. http://www.bluelon.com

technology. Furthermore, the user has to manually accept the worm and install the malware in order to infect the phone.

One of the best ways to avoid these threats is to have a secure PIN number. The personal identification number (PIN) is a four or more digit alphanumeric code that is temporarily associated with one's products for the purposes

[8]. http://news.zdnet.co.uk[9]. http://www.pcworld.com[10].Juha T. Vainio, “Bluetooth Security”, Article, Helsinki University of Technology, 25-05-2000[11]. Taub and Shelling, “Principles of Communication” TMH

[12]. Sham Shanmugan, Analog an Digital Communication, Edition 2.[13]. William Starling, Cryptography