Abstract image of a woman sitting on books and studying on a laptop

Le security v0.8

Ravikiran HV, profile picture
Ravikiran HV

The document discusses the security considerations for Bluetooth Smart (Low Energy) devices, highlighting vulnerabilities such as passive eavesdropping, man-in-the-middle attacks, and identity tracking. It outlines security architecture, including security modes and pairing processes to mitigate these risks, as well as various encryption and privacy features introduced in the Bluetooth specifications. Overall, it emphasizes the growing need for robust security measures in BLE devices amidst rising cyber threats.

Engineering
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
SECURITY CONSIDERATIONS FOR BLUETOOTH SMART DEVICES Ravikiran HV Technical Lead, PathPartner Technology Pvt. Ltd. Revision - 0.8
Contents Introduction:...............................................................................................................5 Low energy, Low security: ........................................................................................5 Threats for Bluetooth Smart: .....................................................................................6 Passive Eavesdropping: .........................................................................................6 Man in the Middle (MITM):..................................................................................7 Identity Tracking:...................................................................................................8 Duplicate device:....................................................................................................8 Security architecture: .................................................................................................9 Security in Host:.....................................................................................................9 Security manager: ..................................................................................................9 LE security modes:...............................................................................................10 LE security mode 1:.........................................................................................10 LE security mode 2:.........................................................................................10 Securing Bluetooth Smart:.......................................................................................11 Pairing:.................................................................................................................11 Phase-1 (capability exchange): ........................................................................12 Phase-2 (Secure Key Generation):...................................................................12 Phase-3 (Transport Specific Key Distribution): ..............................................13 Bonding:...............................................................................................................13 Key Generation:...................................................................................................14 Encryption:...........................................................................................................14 Signed Data:.........................................................................................................14 Privacy feature: ....................................................................................................14 Static device address:.......................................................................................15 Private address: ................................................................................................15 Directed advertising:........................................................................................15
Authentication over proximity:............................................................................16 Hidden MAC:.......................................................................................................16 Security re-establishment:........................................................................................16 Security regulations: ................................................................................................17 Conclusion: ..............................................................................................................17 BLE Expertise in PathPartner:..............................................................................17 References:.............................................................................................................17
Table of Figures FIGURE 1 – LE DEVICES WITHOUT PRIVACY ...................................................................................................................6 FIGURE 2 – MITM..........................................................................................................................................................8 FIGURE 3 – SECURITY MANAGER ...................................................................................................................................9 FIGURE 4 - PAIRING PROCESS.......................................................................................................................................11
Introduction: Bluetooth smart (also known as Bluetooth low energy or BLE) is introduced in the legacy Bluetooth 4.0 specification by Bluetooth special interest group. Bluetooth smart is primarily designed for low power embedded devices with limited computation capabilities. With expeditious growth in the IoT technology, BLE has become substantiate criterion for the smart devices. Bluetooth specification supports the asymmetrical architecture of the LE devices. Memory and processing power requirements of peripheral devices are much lower than the central. This will be a great advantage in case of single mode - peripheral only devices. Device that acts always as peripheral can be designed with low memory, longer battery life and low power consumption. Low power smart wearable devices available in market such as heart rate monitors, blood pressure monitors, fitness kit, smart watches etc run on a small coin cell battery for years. Low energy, Low security: Like any other wireless technology, BLE is no exception from security threats. While Bluetooth smart technology and beacons bring lots of potential in the IOT design, security threats such as device tracking, eaves dropping, man in the middle attack etc are increasing significantly. BLE devices are designed to broadcast MAC, UUID and service information’s at a predefined interval. Due to continuous advertisement, hackers can easily track the device and decode the broadcasting information using a sniffers or even smart phone. Below Figure-1 indicates how a LE device can be tracked by the hacker and steal sensitive data over a period of time across various geographical locations. With hacking and cybercrime reported enormously all over the world, people are extremely concerned about the privacy. Sensitive data getting in to the hands of the wrong people without user consent may lead to significant damages. For example, if such devices with serious security flaws are deployed in military, then military personnel can be tracked by the foe and also it can reveal the secrets to rivalry.
Figure 1 – LE devices without privacy Threats for Bluetooth Smart: Bluetooth Low Energy standards are vast, complex and enable various profiles to support a huge number of applications. Bluetooth Low Energy is a peer- to-peer design without any centralized infrastructure to monitor and maintain each device securely. Due to limited infrastructure and the nature of the operation, smart connectable devices are facing security threats in various levels of the user operations including pairing, connection and data exchange. A malicious attacker can get access to the insecure BLE device and modify the data to mislead the recipients, deny the services or restrict the services to the limited users. He may also opt to drain out the battery by changing the software configuration and attempt to make it permanently unusable. A security compromised device poses risk of disclosing the confidential information and personal data. Passive Eavesdropping: Passive eavesdropping is secretly listening to the private communication between two devices in real-time by un-authenticated third party devices. Using a 2.4GHZ channel sniffer, one can listen to all the communication between BLE devices without the consent of communicating devices. Since eavesdropping does
not affect the normal communication between the devices, chances of user noticing eavesdropping attempt are extremely low. If unencrypted message or unsigned messages and used in communication, hacker can get direct access to all the confidential data exchanged between the devices. Pairing procedures are the well- known techniques to avoid the eavesdropping issues and encrypt the messages before exchange. But, if the attacker is listening to the devices during the pairing process itself, then pairing methods can’t assure the safety against the attack! Man in the Middle (MITM): In MITM, attacker secretly reads and interprets the messages from the sender and delivers the message to the reader after interpreting it. Since the attacker is actively involved in the communication between the devices, this attack is also known as active eavesdropping. During the course of attack, attacker may insert his own messages or corrupt the data before delivering it to the reader. Devices participating in the connection will assume that they are communicating with each other directly. But an intermediate MITM attacker has complete control over the communication of these devices. Public key cryptography can provide needed protection against MITM. But this method will fail, if an active MITM attacker listens to the shared public key during the initial pairing process and shares his own public Key instead of actual public key. A device which received the public key from attacker has no knowledge about the source of the key and hence it will encrypt and send the next message with the public key shared by the attacker. Now, the attacker can easily decrypt the messages and interpret it. Also, he may optionally decide to encrypt the message using the original public key and deliver to the initiator to keep the communication intact. Below figure-2 indicates how a hacker can attack the communication between two devices in MITM.
Figure 2 – MITM Identity Tracking: Bluetooth Low Energy device are designed for periodic advertisement of the status or its existence. Advertisement packet contains the MAC address of the broadcaster and unique service formation. It also contains information about the proximity of the device in terms of the signal strength. Using publicly available advertisement data and characteristics, attacker can extract large amount of information and may help him to track the devices based on these unique information. Duplicate device: An attacker with the knowledge of MAC address can make a dummy device with the same MAC address, which runs the dummy service. Such kind of attack is more dangerous in business and may lead to huge loss since customers will not be able to get the intended service.
Security architecture: Security in Host: Unlike classic Bluetooth, Bluetooth low energy device implement the key management and security manger on host instead of controller. All the key generation and distributions of key are taken care by SMP running on host. This approach introduced by Bluetooth specification helps the host to be flexible and reduces the cost of the LE-only controllers. Host generated Keys are used by the controllers for data encryption. For any correction of change in need of security levels, algorithms or methods only host firmware can be upgraded independently Security manager: Figure 3 – Security Manager Bluetooth specification mandates a security manager in the protocol stack implementation. Security manger defines the authentication, pairing, encryption Security Manager
and signing between the Bluetooth low energy devices. This is responsible for all the security and privacy implementations of the BLE stack such as generation and storing various keys, generating random address and address resolution for the privacy feature. Security manager uses the services provided by the L2CAP layer to manage the security. Each device can generate its own key without any external influence and strength of the key is proportional to the algorithm implemented in the device. LE security modes: Security requirements of the device and services are expressed in terms of security modes and security levels. Bluetooth SIG defines four security modes namely mode-1 and mode-2. Each service and device may have separate security requirement. A physical connection between two devices always operates in a single security mode. With wide adoption of 4.2 specifications, secure simple pairing methods have become de-facto requirement for the LE device to ensure security. LE security mode 1: Security mode-1 defines four different levels of security namely, no security, unauthenticated pairing with encryption, authenticated pairing with encryption and authenticated LE secures connection pairing with encryption. Level 3 and level for provides more security to the system than prior levels. LE secures connection (Level-4) introduced in Bluetooth SIG 4.2 specifications ensure more security to the LE communication via Elliptic Curve Diffie-Hellman public key cryptography technique. LE security mode 2: Security mode-2 defines two security levels namely unauthenticated pairing with data signing and authenticated pairing with data signing. Data signing requirements of mode-2 differentiates it from the prior mode-1 specifications.
Securing Bluetooth Smart: Bluetooth SIG defines various methods to secure the LE communication. Core specifications provide several techniques for encryption, data integrity and user data privacy, discussed in detail in below section. Pairing: The association is done in three phases, which includes device capability exchange, LTK generation for secure Connection and transport specific key distribution. For legacy devices, STK is used instead of LTK. Figure 4 - Pairing Process
Phase-1 (capability exchange): The first step of pairing process is to exchange the identity and capability information to establish a trusted link between LE devices. Master initiates the pairing procedure by sending a pairing request to slaves. If security procedures are not initiated by the master, slave can request master for initiating it. Once the security requests are received by the slave, master re-initiates the pairing process. Phase-2 (Secure Key Generation): Selection of pairing method depends on capabilities exchanged in phase-1. Short Term Keys (STK) are generated based on selected pairing method such as just works, passkey entry and out of band. Generated secure key pairs (STK) will be used to establish a secure channel between the participating devices. In legacy 2.0 standards PIN based pairing method was introduced. In this method, users must enter the predefined 4-digit PIN code on both the devices. Devices will be paired on successful authentication of the PIN on both ends. These predefined PINs cannot be changed unless the next firmware upgrade. Since it is a fixed number, it is relatively easy for the hackers to interpret the messages and break the security of the system. Later in 2.1 specifications, Secure Simple Pairing (SSP) methods introduced to ensure both security and simplicity Just Works: In Just Work method, no key exchange between the devices and no user interaction required. This method is well suited if at-least one of the devices participating in the communication doesn’t have the user interface. This method provides no MITM protection. Numeric comparison: If both devices participating in the BLE connection have a display and at- least has Yes/No Key, then numeric comparison method can be used. A 6-digit randomly generated code will be displayed on each device. User need to press Yes/No after manually verifying the key’s displayed.
Pass Key Entry: This method may be used for the devices with a display and other with the keypad or both devices with at-least numeric keypad. In first case, one device shows the 6-digit number and other receives the 6-digit input from user and in later case both devices receives 6-digit numeric input from the user. On successful authentication devices will be paired and provides MITM protection. Out of Band: Out of band pairing method is adopted by Bluetooth standards for the scenarios where both the devices participating in the communication have enabled out of band communication channel. All secret information’s and cryptographic keys will be exchanged out of the Bluetooth band. With the rapid growth of the NFC technology, NFC has become de-facto technology for Bluetooth OOB communications. Since NFC works at 13.56 MHz, Bluetooth sniffers on 2.4GHz bandwidth can’t listen to the information exchanged in the pairing process. Also, NFC is designed to operate over a very small distance up to 10cm, which makes it more suitable for security critical applications to avoid any MITM attacks. Phase-3 (Transport Specific Key Distribution): After STK generation and encrypting the links, transport specific keys are distributed. Keys to be distributed are determined by the parameters of pairing request and response. Keys exchanged in this phase may include LTK, IRK, the signature key etc. Bonding: Bonding is the process of creating the long term trusted relationship between the devices based on link key generated during pairing process. Long term key’s (LTK) are generated and stored on both the initiator and responder. These LTK’s must be used for all the subsequent communication between the same devices to ensure the data security.
Key Generation: Host implements the necessary API’s on LE devices to generate the keys such as STK, LTK, IRK, CSRK etc. Unlike classic Bluetooth, controller is not involved any key generation methods in case of BLE. The host generates Private and Public key pair and secure connection will be created by taking the factors from both the devices participating creating the communication. Master and Slave exchanges Identity resolving Key (IRK) for device Identity and Connection Signature Resolving Key (CSRK) for Authentication of unencrypted data. Encryption: LE controller uses the keys generated by the host and encrypts the messages. Legacy controllers are designed to support to FIPS compliant 128-bit AES. Latest 4.2 LE specifications introduce Elliptic Curve Diffie-Hellman (ECDH) cryptography over earlier 128-bit AES. ECDH initially exchanges the keys over public insecure channel and then enables the secure channel communication between the devices participating in the process. Signed Data: BLE specification supports sending signed data over an unencrypted channel with trusted relationship. Even though devices are not paired, BLE devices can still maintain the privacy of data by signing it. The sender uses CSRK to sign the data and receiver verifies the signature. On successful verification of the signature, the receiver assumes that a message has arrived from a trusted source. Privacy feature: Devices are identified by a 48-bit MAC address compliant to IEEE. It is optional for the devices to implement either or both public address and private address. Public device address is broadcasted by the BLE device and hence increases the risk of security. Bluetooth devices provide the privacy feature to reduce the risk of device tracking based on identifier of the device. In legacy BLE systems, host implements the address generation and resolution. According to BLE 4.2 specification, private address generation and resolution are implemented in the
controller. Privacy enabled devices are expected to support at-least one of the static device address or private address. Static device address: The static device address is randomly generated 48-bit address compliant to Bluetooth SIG specifications. Static address will be changed on every power cycle, and hence reduced the risk of tracking over power cycles. But the devices which are not power cycled for the long time, risk of attacker tracing the devices is still higher. Private address: Bluetooth SIG compliant private address is the recommended way of providing security to BLE devices. BLE specification supports resolvable private address and non resolvable private address. Only requirement to have the non resolvable private address is address shall not be equal to public address of the device. Non resolvable private addresses are typically used for beacons. To generate resolvable private address, devices needs to be paired, exchange the private address and IRK during the pairing process. Only paired devices can resolve this random address and thus possibilities of tracking the device over period of time is nullified. Private address is changed periodically based on a timer event and only a trusted device can resolve this address. Directed advertising: In directed advertising devices indicates both MAC address of the advertising device and MAC address of the devices it is advertising to. Advertiser invites the specific trusted device to re-connect, if required. Address used by the advertiser a special private address called as reconnect address. In legacy Bluetooth standards, reconnect address can be changed only based on user actions such as connect, disconnect, device power cycle etc. Latest 4.2 specifications supports timer based update of the reconnect address.
Authentication over proximity: Received Signal Strength Indicator (RSSI) is the indication of beacon signal strength observed by the receiver. RSSI is a factor of transmitting power of broadcaster and the distance between broadcaster and receiver. As an additional safety measure for the BLE devices, signal strength monitor can be used to extract the distance between the broadcaster and the receiver and BLE devices with predefined range of RSSI only can be selected for communication. This method will reduce the risk of a being tracked or monitored or misleading by a hacker over a long distance. Since RSSI can vary greatly depending on the usage conditions and environment, this method is specific to the usage conditions and deployment of the products. Hidden MAC: Bluetooth SIG introduced 4.2 standards with improved data exchange rate as well as security. Most of the major security features of the classic Bluetooth are adapted to Low Energy specifications. This specification hides the unique MAC address of the devices. Advertising LE devices need not broadcast their MAC address for identification purpose. Security re-establishment: The device may re-establish the security using previously generated LTK. Master device initiates the encryption. So, security re-establishment can be of two types namely, master initiated or slave requested. In master initiated security re- establishment procedure, there is no security manager signaling is involved. Master initiates link layer encryption only. Slave can also request the master to initiate the security procedures and in response, master implements the Link Layer encryption.
Security regulations: US federal security regulations ensure that all Bluetooth devices are capable of exceeding strict government security regulations. Majority of the LE products vendors today ensure that they are compliant to Federal Information Processing Standards (FIPS). These standards are developed and certified by National Institute of Technology (NIST). Conclusion: Compare to Legacy LE standards, 4.2 specifications introduce a new security model along with Secure Simple pairing. Security techniques like MAC address hiding, Elliptic Curve Diffie-Hellman based key exchange and LE secure connections have ensure the industry standards security for the LE device. Thus Bluetooth SIG 4.2 specifications ensured the smarter privacy approaches for the LE devices and now Bluetooth smart is highly secure than ever. Bluetooth Expertise in PathPartner: PathPartner provides wide range of services in Bluetooth and Bluetooth smart technology including platform integration, in house product design and protocol development. We offer stack integration, porting the software across platform and operating systems and in house product development, validation and testing. Having extensive hands-on experience in Bluetooth smart and classic Bluetooth, we have delivered various promising solution to our global customers. Our Industry standard FIPS compliant solution for Bluetooth smart and Bluetooth smart ready are already deployed in various end user premises successfully. References: https://www.bluetooth.org/en-us/specification/adopted-specifications https://developer.bluetooth.org/

More Related Content

DOCX
Report of android hacking
div2345
 
PDF
Authentication in Smart Grid
Sherif Abdelfattah
 
PDF
2FYSH: two-factor authentication you should have for password replacement
TELKOMNIKA JOURNAL
 
PDF
A Survey on Communication for Smartphone
Editor IJMTER
 
PDF
Ransomware protection in loT using software defined networking
IJECEIAES
 
PDF
Detection andprevention of fake access point using sensor nodes
eSAT Publishing House
 
PPTX
Ethical hacking
Fahad Hussain
 
PDF
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
IOSR Journals
 
Report of android hacking
div2345
 
Authentication in Smart Grid
Sherif Abdelfattah
 
2FYSH: two-factor authentication you should have for password replacement
TELKOMNIKA JOURNAL
 
A Survey on Communication for Smartphone
Editor IJMTER
 
Ransomware protection in loT using software defined networking
IJECEIAES
 
Detection andprevention of fake access point using sensor nodes
eSAT Publishing House
 
Ethical hacking
Fahad Hussain
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
IOSR Journals
 

What's hot (16)

PDF
Camera based attack detection and prevention tech niques on android mobile ph...
eSAT Journals
 
PPTX
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
PDF
Detection of Rogue Access Point in WLAN using Hopfield Neural Network
IJECEIAES
 
PDF
38 9145 it nfc secured offline password storage (edit lafi)
IAESIJEECS
 
DOCX
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Syed Ubaid Ali Jafri
 
PPTX
Man in The Middle Attack
Deepak Upadhyay
 
PDF
Enhanced adaptive security system for SMS – based One Time Password
Chandrapriya Rediex
 
PPTX
Secure communication in Networking
anita maharjan
 
PDF
D03302030036
theijes
 
PDF
Ethical Hacking And Hacking Attacks
Aman Gupta
 
PPTX
Detecting and Confronting Flash Attacks from IoT Botnets
Farjad Noor
 
PPTX
Secure communication
Tushar Swami
 
PPTX
Man in-the-middle attack(http)
Togis UAB Ltd
 
PPTX
Man in-the-middle attack(http)
Togis UAB Ltd
 
PPTX
Man in the middle
AhmadThaqifAimanAhma
 
DOCX
ieee final year projects in trichy .
vsanthosh05
 
Camera based attack detection and prevention tech niques on android mobile ph...
eSAT Journals
 
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Detection of Rogue Access Point in WLAN using Hopfield Neural Network
IJECEIAES
 
38 9145 it nfc secured offline password storage (edit lafi)
IAESIJEECS
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Syed Ubaid Ali Jafri
 
Man in The Middle Attack
Deepak Upadhyay
 
Enhanced adaptive security system for SMS – based One Time Password
Chandrapriya Rediex
 
Secure communication in Networking
anita maharjan
 
D03302030036
theijes
 
Ethical Hacking And Hacking Attacks
Aman Gupta
 
Detecting and Confronting Flash Attacks from IoT Botnets
Farjad Noor
 
Secure communication
Tushar Swami
 
Man in-the-middle attack(http)
Togis UAB Ltd
 
Man in-the-middle attack(http)
Togis UAB Ltd
 
Man in the middle
AhmadThaqifAimanAhma
 
ieee final year projects in trichy .
vsanthosh05
 
Ad

Similar to Le security v0.8 (20)

PPT
INTRODUCTION TO BLUETOOTH HACKING (An0n Ali).ppt
wacod67650
 
PDF
Unit 2.design computing architecture 2.1
Swapnali Pawar
 
PDF
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
IJNSA Journal
 
PDF
Security threats analysis in bluetooth enabled mobile devices
IJNSA Journal
 
PDF
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
PDF
Iaetsd network security and
Iaetsd Iaetsd
 
DOC
Fitsum R. Lakew Wireless Network Security Threat
FITSUM RISTU LAKEW
 
PPTX
itmsday2.pptx
santoshmohanthy2
 
PDF
Cybersecurity - Poland.pdf
PavelVtek3
 
PDF
Cyber Security- Module 2- BETCK105I Final Dr.sv.pdf
SURESHA V
 
PDF
Cn35499502
IJERA Editor
 
PDF
IoT Security.pdf
SudhanshiBakre1
 
PPTX
CyberSecurity and Importance of cybersecurity
Home
 
PDF
Security in IoT
SKS
 
PDF
Generic threats to mobile application
Vikrant Kansal
 
PDF
LIFT OFF 2017: IoT and MSS Deep Dive
Robert Herjavec
 
PPTX
Bluejacking
Komal Singh
 
PPTX
Network Security of Data Protection
UthsoNandy
 
PPTX
Iot(security)
Shreya Pohekar
 
PPTX
A Quick Guide On What Is IoT Security_.pptx
TurboAnchor
 
INTRODUCTION TO BLUETOOTH HACKING (An0n Ali).ppt
wacod67650
 
Unit 2.design computing architecture 2.1
Swapnali Pawar
 
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
IJNSA Journal
 
Security threats analysis in bluetooth enabled mobile devices
IJNSA Journal
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
Iaetsd network security and
Iaetsd Iaetsd
 
Fitsum R. Lakew Wireless Network Security Threat
FITSUM RISTU LAKEW
 
itmsday2.pptx
santoshmohanthy2
 
Cybersecurity - Poland.pdf
PavelVtek3
 
Cyber Security- Module 2- BETCK105I Final Dr.sv.pdf
SURESHA V
 
Cn35499502
IJERA Editor
 
IoT Security.pdf
SudhanshiBakre1
 
CyberSecurity and Importance of cybersecurity
Home
 
Security in IoT
SKS
 
Generic threats to mobile application
Vikrant Kansal
 
LIFT OFF 2017: IoT and MSS Deep Dive
Robert Herjavec
 
Bluejacking
Komal Singh
 
Network Security of Data Protection
UthsoNandy
 
Iot(security)
Shreya Pohekar
 
A Quick Guide On What Is IoT Security_.pptx
TurboAnchor
 
Ad

Recently uploaded (20)

PPTX
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
PPTX
Principal presentation for NAAC (1).pptx
GMKosgiker
 
PPTX
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PDF
Applications of Equal_Area_Criterion.pdf
Puja Gurav
 
PPTX
Measurement Uncertainty and Measurement System analysis
jayabal subbaian
 
PDF
20250617 - IR - Global Guide for HR - 51 pages.pdf
JanBaumann6
 
PPTX
Software Engineering and software moduleing
deepikame6
 
PDF
Introduction to Power System StabilityPS
Puja Gurav
 
PDF
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
PDF
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
PPTX
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
PPTX
Petroleum Refining & Petrochemicals.pptx
choksihimanshu
 
PPT
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
PDF
Java Basics-Introduction and program control
lohithsrikarb719
 
PPTX
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
PPTX
wireless networks, mobile computing.pptx
DayaFlorance
 
PPTX
mechattonicsand iotwith sensor and actuator
hrtec3
 
PDF
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
Principal presentation for NAAC (1).pptx
GMKosgiker
 
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
Applications of Equal_Area_Criterion.pdf
Puja Gurav
 
Measurement Uncertainty and Measurement System analysis
jayabal subbaian
 
20250617 - IR - Global Guide for HR - 51 pages.pdf
JanBaumann6
 
Software Engineering and software moduleing
deepikame6
 
Introduction to Power System StabilityPS
Puja Gurav
 
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
Petroleum Refining & Petrochemicals.pptx
choksihimanshu
 
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
Java Basics-Introduction and program control
lohithsrikarb719
 
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
wireless networks, mobile computing.pptx
DayaFlorance
 
mechattonicsand iotwith sensor and actuator
hrtec3
 
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 

Le security v0.8

  • 1. SECURITY CONSIDERATIONS FOR BLUETOOTH SMART DEVICES Ravikiran HV Technical Lead, PathPartner Technology Pvt. Ltd. Revision - 0.8
  • 2. Contents Introduction:...............................................................................................................5 Low energy, Low security: ........................................................................................5 Threats for Bluetooth Smart: .....................................................................................6 Passive Eavesdropping: .........................................................................................6 Man in the Middle (MITM):..................................................................................7 Identity Tracking:...................................................................................................8 Duplicate device:....................................................................................................8 Security architecture: .................................................................................................9 Security in Host:.....................................................................................................9 Security manager: ..................................................................................................9 LE security modes:...............................................................................................10 LE security mode 1:.........................................................................................10 LE security mode 2:.........................................................................................10 Securing Bluetooth Smart:.......................................................................................11 Pairing:.................................................................................................................11 Phase-1 (capability exchange): ........................................................................12 Phase-2 (Secure Key Generation):...................................................................12 Phase-3 (Transport Specific Key Distribution): ..............................................13 Bonding:...............................................................................................................13 Key Generation:...................................................................................................14 Encryption:...........................................................................................................14 Signed Data:.........................................................................................................14 Privacy feature: ....................................................................................................14 Static device address:.......................................................................................15 Private address: ................................................................................................15 Directed advertising:........................................................................................15
  • 3. Authentication over proximity:............................................................................16 Hidden MAC:.......................................................................................................16 Security re-establishment:........................................................................................16 Security regulations: ................................................................................................17 Conclusion: ..............................................................................................................17 BLE Expertise in PathPartner:..............................................................................17 References:.............................................................................................................17
  • 4. Table of Figures FIGURE 1 – LE DEVICES WITHOUT PRIVACY ...................................................................................................................6 FIGURE 2 – MITM..........................................................................................................................................................8 FIGURE 3 – SECURITY MANAGER ...................................................................................................................................9 FIGURE 4 - PAIRING PROCESS.......................................................................................................................................11
  • 5. Introduction: Bluetooth smart (also known as Bluetooth low energy or BLE) is introduced in the legacy Bluetooth 4.0 specification by Bluetooth special interest group. Bluetooth smart is primarily designed for low power embedded devices with limited computation capabilities. With expeditious growth in the IoT technology, BLE has become substantiate criterion for the smart devices. Bluetooth specification supports the asymmetrical architecture of the LE devices. Memory and processing power requirements of peripheral devices are much lower than the central. This will be a great advantage in case of single mode - peripheral only devices. Device that acts always as peripheral can be designed with low memory, longer battery life and low power consumption. Low power smart wearable devices available in market such as heart rate monitors, blood pressure monitors, fitness kit, smart watches etc run on a small coin cell battery for years. Low energy, Low security: Like any other wireless technology, BLE is no exception from security threats. While Bluetooth smart technology and beacons bring lots of potential in the IOT design, security threats such as device tracking, eaves dropping, man in the middle attack etc are increasing significantly. BLE devices are designed to broadcast MAC, UUID and service information’s at a predefined interval. Due to continuous advertisement, hackers can easily track the device and decode the broadcasting information using a sniffers or even smart phone. Below Figure-1 indicates how a LE device can be tracked by the hacker and steal sensitive data over a period of time across various geographical locations. With hacking and cybercrime reported enormously all over the world, people are extremely concerned about the privacy. Sensitive data getting in to the hands of the wrong people without user consent may lead to significant damages. For example, if such devices with serious security flaws are deployed in military, then military personnel can be tracked by the foe and also it can reveal the secrets to rivalry.
  • 6. Figure 1 – LE devices without privacy Threats for Bluetooth Smart: Bluetooth Low Energy standards are vast, complex and enable various profiles to support a huge number of applications. Bluetooth Low Energy is a peer- to-peer design without any centralized infrastructure to monitor and maintain each device securely. Due to limited infrastructure and the nature of the operation, smart connectable devices are facing security threats in various levels of the user operations including pairing, connection and data exchange. A malicious attacker can get access to the insecure BLE device and modify the data to mislead the recipients, deny the services or restrict the services to the limited users. He may also opt to drain out the battery by changing the software configuration and attempt to make it permanently unusable. A security compromised device poses risk of disclosing the confidential information and personal data. Passive Eavesdropping: Passive eavesdropping is secretly listening to the private communication between two devices in real-time by un-authenticated third party devices. Using a 2.4GHZ channel sniffer, one can listen to all the communication between BLE devices without the consent of communicating devices. Since eavesdropping does
  • 7. not affect the normal communication between the devices, chances of user noticing eavesdropping attempt are extremely low. If unencrypted message or unsigned messages and used in communication, hacker can get direct access to all the confidential data exchanged between the devices. Pairing procedures are the well- known techniques to avoid the eavesdropping issues and encrypt the messages before exchange. But, if the attacker is listening to the devices during the pairing process itself, then pairing methods can’t assure the safety against the attack! Man in the Middle (MITM): In MITM, attacker secretly reads and interprets the messages from the sender and delivers the message to the reader after interpreting it. Since the attacker is actively involved in the communication between the devices, this attack is also known as active eavesdropping. During the course of attack, attacker may insert his own messages or corrupt the data before delivering it to the reader. Devices participating in the connection will assume that they are communicating with each other directly. But an intermediate MITM attacker has complete control over the communication of these devices. Public key cryptography can provide needed protection against MITM. But this method will fail, if an active MITM attacker listens to the shared public key during the initial pairing process and shares his own public Key instead of actual public key. A device which received the public key from attacker has no knowledge about the source of the key and hence it will encrypt and send the next message with the public key shared by the attacker. Now, the attacker can easily decrypt the messages and interpret it. Also, he may optionally decide to encrypt the message using the original public key and deliver to the initiator to keep the communication intact. Below figure-2 indicates how a hacker can attack the communication between two devices in MITM.
  • 8. Figure 2 – MITM Identity Tracking: Bluetooth Low Energy device are designed for periodic advertisement of the status or its existence. Advertisement packet contains the MAC address of the broadcaster and unique service formation. It also contains information about the proximity of the device in terms of the signal strength. Using publicly available advertisement data and characteristics, attacker can extract large amount of information and may help him to track the devices based on these unique information. Duplicate device: An attacker with the knowledge of MAC address can make a dummy device with the same MAC address, which runs the dummy service. Such kind of attack is more dangerous in business and may lead to huge loss since customers will not be able to get the intended service.
  • 9. Security architecture: Security in Host: Unlike classic Bluetooth, Bluetooth low energy device implement the key management and security manger on host instead of controller. All the key generation and distributions of key are taken care by SMP running on host. This approach introduced by Bluetooth specification helps the host to be flexible and reduces the cost of the LE-only controllers. Host generated Keys are used by the controllers for data encryption. For any correction of change in need of security levels, algorithms or methods only host firmware can be upgraded independently Security manager: Figure 3 – Security Manager Bluetooth specification mandates a security manager in the protocol stack implementation. Security manger defines the authentication, pairing, encryption Security Manager
  • 10. and signing between the Bluetooth low energy devices. This is responsible for all the security and privacy implementations of the BLE stack such as generation and storing various keys, generating random address and address resolution for the privacy feature. Security manager uses the services provided by the L2CAP layer to manage the security. Each device can generate its own key without any external influence and strength of the key is proportional to the algorithm implemented in the device. LE security modes: Security requirements of the device and services are expressed in terms of security modes and security levels. Bluetooth SIG defines four security modes namely mode-1 and mode-2. Each service and device may have separate security requirement. A physical connection between two devices always operates in a single security mode. With wide adoption of 4.2 specifications, secure simple pairing methods have become de-facto requirement for the LE device to ensure security. LE security mode 1: Security mode-1 defines four different levels of security namely, no security, unauthenticated pairing with encryption, authenticated pairing with encryption and authenticated LE secures connection pairing with encryption. Level 3 and level for provides more security to the system than prior levels. LE secures connection (Level-4) introduced in Bluetooth SIG 4.2 specifications ensure more security to the LE communication via Elliptic Curve Diffie-Hellman public key cryptography technique. LE security mode 2: Security mode-2 defines two security levels namely unauthenticated pairing with data signing and authenticated pairing with data signing. Data signing requirements of mode-2 differentiates it from the prior mode-1 specifications.
  • 11. Securing Bluetooth Smart: Bluetooth SIG defines various methods to secure the LE communication. Core specifications provide several techniques for encryption, data integrity and user data privacy, discussed in detail in below section. Pairing: The association is done in three phases, which includes device capability exchange, LTK generation for secure Connection and transport specific key distribution. For legacy devices, STK is used instead of LTK. Figure 4 - Pairing Process
  • 12. Phase-1 (capability exchange): The first step of pairing process is to exchange the identity and capability information to establish a trusted link between LE devices. Master initiates the pairing procedure by sending a pairing request to slaves. If security procedures are not initiated by the master, slave can request master for initiating it. Once the security requests are received by the slave, master re-initiates the pairing process. Phase-2 (Secure Key Generation): Selection of pairing method depends on capabilities exchanged in phase-1. Short Term Keys (STK) are generated based on selected pairing method such as just works, passkey entry and out of band. Generated secure key pairs (STK) will be used to establish a secure channel between the participating devices. In legacy 2.0 standards PIN based pairing method was introduced. In this method, users must enter the predefined 4-digit PIN code on both the devices. Devices will be paired on successful authentication of the PIN on both ends. These predefined PINs cannot be changed unless the next firmware upgrade. Since it is a fixed number, it is relatively easy for the hackers to interpret the messages and break the security of the system. Later in 2.1 specifications, Secure Simple Pairing (SSP) methods introduced to ensure both security and simplicity Just Works: In Just Work method, no key exchange between the devices and no user interaction required. This method is well suited if at-least one of the devices participating in the communication doesn’t have the user interface. This method provides no MITM protection. Numeric comparison: If both devices participating in the BLE connection have a display and at- least has Yes/No Key, then numeric comparison method can be used. A 6-digit randomly generated code will be displayed on each device. User need to press Yes/No after manually verifying the key’s displayed.
  • 13. Pass Key Entry: This method may be used for the devices with a display and other with the keypad or both devices with at-least numeric keypad. In first case, one device shows the 6-digit number and other receives the 6-digit input from user and in later case both devices receives 6-digit numeric input from the user. On successful authentication devices will be paired and provides MITM protection. Out of Band: Out of band pairing method is adopted by Bluetooth standards for the scenarios where both the devices participating in the communication have enabled out of band communication channel. All secret information’s and cryptographic keys will be exchanged out of the Bluetooth band. With the rapid growth of the NFC technology, NFC has become de-facto technology for Bluetooth OOB communications. Since NFC works at 13.56 MHz, Bluetooth sniffers on 2.4GHz bandwidth can’t listen to the information exchanged in the pairing process. Also, NFC is designed to operate over a very small distance up to 10cm, which makes it more suitable for security critical applications to avoid any MITM attacks. Phase-3 (Transport Specific Key Distribution): After STK generation and encrypting the links, transport specific keys are distributed. Keys to be distributed are determined by the parameters of pairing request and response. Keys exchanged in this phase may include LTK, IRK, the signature key etc. Bonding: Bonding is the process of creating the long term trusted relationship between the devices based on link key generated during pairing process. Long term key’s (LTK) are generated and stored on both the initiator and responder. These LTK’s must be used for all the subsequent communication between the same devices to ensure the data security.
  • 14. Key Generation: Host implements the necessary API’s on LE devices to generate the keys such as STK, LTK, IRK, CSRK etc. Unlike classic Bluetooth, controller is not involved any key generation methods in case of BLE. The host generates Private and Public key pair and secure connection will be created by taking the factors from both the devices participating creating the communication. Master and Slave exchanges Identity resolving Key (IRK) for device Identity and Connection Signature Resolving Key (CSRK) for Authentication of unencrypted data. Encryption: LE controller uses the keys generated by the host and encrypts the messages. Legacy controllers are designed to support to FIPS compliant 128-bit AES. Latest 4.2 LE specifications introduce Elliptic Curve Diffie-Hellman (ECDH) cryptography over earlier 128-bit AES. ECDH initially exchanges the keys over public insecure channel and then enables the secure channel communication between the devices participating in the process. Signed Data: BLE specification supports sending signed data over an unencrypted channel with trusted relationship. Even though devices are not paired, BLE devices can still maintain the privacy of data by signing it. The sender uses CSRK to sign the data and receiver verifies the signature. On successful verification of the signature, the receiver assumes that a message has arrived from a trusted source. Privacy feature: Devices are identified by a 48-bit MAC address compliant to IEEE. It is optional for the devices to implement either or both public address and private address. Public device address is broadcasted by the BLE device and hence increases the risk of security. Bluetooth devices provide the privacy feature to reduce the risk of device tracking based on identifier of the device. In legacy BLE systems, host implements the address generation and resolution. According to BLE 4.2 specification, private address generation and resolution are implemented in the
  • 15. controller. Privacy enabled devices are expected to support at-least one of the static device address or private address. Static device address: The static device address is randomly generated 48-bit address compliant to Bluetooth SIG specifications. Static address will be changed on every power cycle, and hence reduced the risk of tracking over power cycles. But the devices which are not power cycled for the long time, risk of attacker tracing the devices is still higher. Private address: Bluetooth SIG compliant private address is the recommended way of providing security to BLE devices. BLE specification supports resolvable private address and non resolvable private address. Only requirement to have the non resolvable private address is address shall not be equal to public address of the device. Non resolvable private addresses are typically used for beacons. To generate resolvable private address, devices needs to be paired, exchange the private address and IRK during the pairing process. Only paired devices can resolve this random address and thus possibilities of tracking the device over period of time is nullified. Private address is changed periodically based on a timer event and only a trusted device can resolve this address. Directed advertising: In directed advertising devices indicates both MAC address of the advertising device and MAC address of the devices it is advertising to. Advertiser invites the specific trusted device to re-connect, if required. Address used by the advertiser a special private address called as reconnect address. In legacy Bluetooth standards, reconnect address can be changed only based on user actions such as connect, disconnect, device power cycle etc. Latest 4.2 specifications supports timer based update of the reconnect address.
  • 16. Authentication over proximity: Received Signal Strength Indicator (RSSI) is the indication of beacon signal strength observed by the receiver. RSSI is a factor of transmitting power of broadcaster and the distance between broadcaster and receiver. As an additional safety measure for the BLE devices, signal strength monitor can be used to extract the distance between the broadcaster and the receiver and BLE devices with predefined range of RSSI only can be selected for communication. This method will reduce the risk of a being tracked or monitored or misleading by a hacker over a long distance. Since RSSI can vary greatly depending on the usage conditions and environment, this method is specific to the usage conditions and deployment of the products. Hidden MAC: Bluetooth SIG introduced 4.2 standards with improved data exchange rate as well as security. Most of the major security features of the classic Bluetooth are adapted to Low Energy specifications. This specification hides the unique MAC address of the devices. Advertising LE devices need not broadcast their MAC address for identification purpose. Security re-establishment: The device may re-establish the security using previously generated LTK. Master device initiates the encryption. So, security re-establishment can be of two types namely, master initiated or slave requested. In master initiated security re- establishment procedure, there is no security manager signaling is involved. Master initiates link layer encryption only. Slave can also request the master to initiate the security procedures and in response, master implements the Link Layer encryption.
  • 17. Security regulations: US federal security regulations ensure that all Bluetooth devices are capable of exceeding strict government security regulations. Majority of the LE products vendors today ensure that they are compliant to Federal Information Processing Standards (FIPS). These standards are developed and certified by National Institute of Technology (NIST). Conclusion: Compare to Legacy LE standards, 4.2 specifications introduce a new security model along with Secure Simple pairing. Security techniques like MAC address hiding, Elliptic Curve Diffie-Hellman based key exchange and LE secure connections have ensure the industry standards security for the LE device. Thus Bluetooth SIG 4.2 specifications ensured the smarter privacy approaches for the LE devices and now Bluetooth smart is highly secure than ever. Bluetooth Expertise in PathPartner: PathPartner provides wide range of services in Bluetooth and Bluetooth smart technology including platform integration, in house product design and protocol development. We offer stack integration, porting the software across platform and operating systems and in house product development, validation and testing. Having extensive hands-on experience in Bluetooth smart and classic Bluetooth, we have delivered various promising solution to our global customers. Our Industry standard FIPS compliant solution for Bluetooth smart and Bluetooth smart ready are already deployed in various end user premises successfully. References: https://www.bluetooth.org/en-us/specification/adopted-specifications https://developer.bluetooth.org/