security in bluetooth, cdma and umts
TRANSCRIPT
![Page 1: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/1.jpg)
MOTILAL NEHRU NATIONAL INSTITUTE OF TECHNOLOGYALLAHABAD
SECURITY IN BLUETOOTH, CDMA AND
UMTS
![Page 2: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/2.jpg)
BLUETOOTH System for short range wireless communication
Wireless data transfer via ACL link
Data rates up to 3 Mb/s
2.4 GHz ISM band (Industrial Scientific Medicine)
Typical communication range is 10-100 meters
Bluetooth SIG (Special Interest Group) developed the
technology
![Page 3: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/3.jpg)
SECURITY THREATS
Disclosure Threat
Integrity Threat
Denial of Service (DoS)
![Page 4: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/4.jpg)
ATTACKS
Snarf Attack
Backdoor Attack
BlueBug Attack
BlueJack Attack
Denial of Service Attack
BluePrinting Attack
![Page 5: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/5.jpg)
SECURITY LEVELS AND MODES
Security Levels:
Silent
Private
Public
Security Modes:
Non Secure
Service Level Enforced Security
Link Level Enforced Security
![Page 6: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/6.jpg)
AUTHENTICATION, AUTHORIZATION , ENCRYPTION
Authentication is the process of proving the identity of
one piconet member to another
Authorization determines whether the user is authorized
to have access to the services provided
Encryption is the process of encoding the information so
that no eavesdropper can read it
![Page 7: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/7.jpg)
SECURITY OPERATIONS
![Page 8: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/8.jpg)
AUTHENTICATION
![Page 9: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/9.jpg)
AUTHORIZATION
![Page 10: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/10.jpg)
ENCRYPTION
Encryption Mode 1
Encryption Mode 2
Encryption Mode 3
![Page 11: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/11.jpg)
ENCRYPTION PROCEDURE
![Page 12: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/12.jpg)
KNOWN VULNERABILITIES
Spoofing through Keys
Spoofing through a Bluetooth Address
PIN Length
![Page 13: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/13.jpg)
COUNTERMEASURES Know your Environment
Be Invisible
Abstinence is best
Use only long PIN codes (16 case sensitive
alphanumerical characters)
Requiring Authentication for every L2CAP request
Using additional security at software level and an
additional password to physically protect the Bluetooth
devices
![Page 14: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/14.jpg)
COUNTERMEASURES CONTD… Requiring re authentication always prior to access of a
sensitive information / service
To prevent Man-in-the-middle attack, approach is to
make it difficult for an attacker to lock onto the
frequency used for communication. Making the
frequency hopping intervals and patterns reasonably
unpredictable might help to prevent an attacker from
locking onto the devices signal.
![Page 15: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/15.jpg)
PROPOSED SOLUTION FOR DOS ATTACK
When the pairing message is sent by one device
When the attacker is sending the message with the
address, which is already connected to Bluetooth device
When the pairing message sent by more than one device
When the attacker is changing the Bluetooth address of
itself with another Bluetooth address
![Page 16: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/16.jpg)
UMTS security
![Page 17: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/17.jpg)
UMTS system architecture (R99) is based on GSM/GPRS
![Page 18: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/18.jpg)
POSSIBLE ATTACKS ON UMTS
Denial of service Identity catching Impersonation of the network Impersonation of the user
![Page 19: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/19.jpg)
3G SECURITY FEATURES „ Mutual Authentication
The mobile user and the serving network authenticate each other
„ Data Integrity Signaling messages between the mobile station and RNC
protected by integrity code Network to Network Security Secure communication between serving networks. IPsec
suggested Secure IMSI (International Mobile Subscriber
Identity) Usage The user is assigned a temporary IMSI by the serving
network
![Page 20: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/20.jpg)
3G SECURITY FEATURES CONTD…
� User – Mobile Station Authentication
The user and the mobile station share a secret key, PIN � Secure Services
Protect against misuse of services provided by the home network and the serving network
� Secure Applications
Provide security for applications resident on mobile station
![Page 21: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/21.jpg)
AUTHENTICATION AND KEY AGREEMENT
„ AuC and USIM share
permanent secret key K
Message authentication functions f1, f1*, f2
key generating functions f3, f4, f5
„ AuC has a random number generator
„ AuC has scheme to generate fresh sequence numbers
„ USIM has scheme to verify freshness of received
sequence numbers
![Page 22: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/22.jpg)
AUTHENTICATION AND KEY AGREEMENT
128 bit secret key K is shared between the home network and the mobile user
Home Network Mobile station
![Page 23: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/23.jpg)
Complete Message flow for successful AKA
![Page 24: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/24.jpg)
Encryption
![Page 25: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/25.jpg)
Integrity Check
![Page 26: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/26.jpg)
NETWORK DOMAIN SECURITY IPSec
IP traffic between networks can be protected with IPSEC between security gateways
Encapsulating Security Payload (ESP) is used for protection of packets
ESP is always used in tunnel mode Advance Encryption Standard (AES)
![Page 27: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/27.jpg)
CDMA
![Page 28: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/28.jpg)
CODE DIVISION MULTIPLE ACCESS (CDMA)
Channel access method used by various radio
communication technology
Employs spread spectrum technology and a special
coding scheme
Attacks are very difficult and rare
![Page 29: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/29.jpg)
DIFFERENCE BETWEEN CDMA, TDMA AND FDMA
![Page 30: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/30.jpg)
TYPES OF CDMA
Frequency Hopping Spread Spectrum CDMA
Direct Sequence Spread Spectrum CDMA
![Page 31: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/31.jpg)
SECURITY
By design, CDMA technology makes eavesdropping very
difficult
42-bit PN (Pseudo Random Noise) sequence
64-bit authentication key (A-Key)
Electronic Serial Number (ESN) of the mobile
![Page 32: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/32.jpg)
AUTHENTICATION
![Page 33: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/33.jpg)
AUTHENTICATION MODEL
![Page 34: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/34.jpg)
ENCRYPTION
![Page 35: Security in bluetooth, cdma and umts](https://reader035.vdocuments.us/reader035/viewer/2022081401/559b62ae1a28ab125f8b4895/html5/thumbnails/35.jpg)
Thank You!!!!!