This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The aim of this analysis is on various security issues and solution of Mobile Bluetooth technology. As this is relatively new technology as compared to other wireless technologies and has more popular practical application.
Personal Area Networks, Asynchronous connection Link, Ultra Wide Band, Special Interest group, Bluetooth Technology, piconet, scatternet
Bluetooth is an open wireless technology for data exchanging in shorter distances for mobile phones with some levels of security. This was initially introduced by Ericsson telecoms vendor in 1994. This was named after a Danish Viking and King, Harald Blåtand who lived in the latter part of the 10th century who united and controlled Denmark and Norway .It was initially prepared as a wireless alternative to RS-232. It can connect several devices, without synchronization problems. Bluetooth is now managed by the Bluetooth Special Interest Group.
Bluetooth Specification Protocol Stack:
A Protocol stack is Software/ Hardware implementation of the actual protocols specified within a standard which enables the devices based on that standard communicate with each other. The Bluetooth protocol stack is as shown in Figure
Diagram of Bluetooth Protocol stack
Baseband Layer: This layer is performing the functions of frequency hopping for interference mitigation, medium access control and data packetization. The packets are alternated by TDD (Time division duplex) between the transmission and reception.
Link Protocols: Link Manager Protocol (LMP) and Logical Link Control and Adaptation Protocol (L2CAP) are two protocols which enable establishment of links and their control correspondingly.
Service Discovery Protocol: The service discovery protocol (SDP) defines which services are available in the RF proximity and to determine the characteristic of those available services.
RFCOMM : is a transport protocol used to emulate the RS 232 serial ports
Bluetooth communication is made possible by establishing a master device and one or more slave devices. Any device can be a master or a slave. It is this property which makes Bluetooth useful for creating ad-hoc networks. One of the most important features of Bluetooth is that unlike WLAN any Bluetooth device can communicate with other device in range by simply establish one of them as the master and rest as slaves. The master device determines the frequency hopping pattern based on its address. There are two different topologies through which
Bluetooth communication occurs.
Pico net - is ad-hock network in which all the devices have the same frequency hopping synchronization. Each Pico net has one master and one or more than one slave devices.
Scatter net - is the overlapping areas among multiple piconets. A master can leave its Pico net and can join another Pico net as a slave. Scatter net is used to optimize the use of the available spectrum.
Slow Transfer Rate The rate of data transfer between Bluetooth devices is about three megabits per second. This is significantly lower than Wi-Fi, Bluetooth is also too slow to stream music or video
Distance Limitations Mobile devices runs on battery power have a range of about 10 meters, or around 30 feet to pair a devise. However it can handle more distance but the range limitations are meant to avoid the quick depletion of the battery.
Interference Mobile devices work with the 2.4 GHz radio band is the unlicensed frequency used by many other wireless devices. If many devices in the same area are all using the same stretch of bandwidth, it can lead to overall network problems, as the signals collide and information has to be resent
Bluetooth common issues:
Bluetooth Pairing Issues For Bluetooth devices to connect to each other they need to be paired. Pairing or bonding means that the two devices are exchanging their passkeys. Once paired, all of the data that is sent between the two devices is encrypted, meaning that any device that is not paired with the other two is unable to translate the data. However, there are occasions when pairing is not necessary, such as exchanging business cards.
Device Cannot Be Found an error message that you may come across is that devices "cannot be found". This is normally because the device you are trying to connect to either is off, or is not in "discoverable mode".
Pairing Unsuccessful means that the two devices attempted to pair but failed to do so. The reason for this is that due to usage of PIN.
Paired but Not Talking reason is that the devices do not share the same profile.
Bluetooth Security Problems:
In this section presents my analysis of the security issues in Bluetooth. Bluetooth wireless technology is being deployed on many cell phones, laptops, digital cameras, palm tops was initially accepted as a cable replacement to enable information exchanging among devices. User can be exposed to spammers, hackers and attackers while transmitting or receiving information. Service discovery property of Bluetooth technology makes anonymous attackers very aggressive. The possible levels of security issues are:
Channel Level Security:- Bluetooth networks can be illegitimately accessed although not very easily. Bluetooth is based on ad-hoc networks. In ad-hoc networks, devices can connect to each other rather than going through central access point. So they are not having any centralized security mechanism thus exposes important information to others on Bluetooth networks. Now newer versions of Bluetooth devices like 3.0v has more than 100 meters range thus enabling more invisible users to hack your device.
Connection Level Security:- if a device is configured to be in visible mode, other devices in range send signals indicating that it is available in its vicinity and ready for pairing. This is because of the Service discovery property. This property is used by miscreants to discover devices left unattended in car parks, restaurants and other places and to eventually steal them. Attackers connect to the targeted device without alerting the target device and hence have great access to secured information and data.
Applications Level Security:- When Bluetooth devices are connected in a trusted mode then one device attempts to access services on another device since a trusted device has unrestricted access to all services on the other device. Although uncommon, a breach of this trust results in loss of valuable information owing to this privileged access. Off lately Bluetooth enabled devices like PDAs; cell phones are becoming the next target for viruses. Now there are worms which use Bluetooth technology and infect some cell phones which use symbian operating systems. Spamming is always a big problem networks applications like email web browsing etc. Hackers may approach to sensitive applications related to encryption algorithms leads to another problem. Another severe problem is using the clients services in which attacker simply creates a serial profile connection to the device and gets complete access to the device and causing problems to the users and creating annoying situations for the users.
Data Level Security: Data security has great importance and a user demands that his information be sent and received safely. But it may happen every time. Sometimes in pairing, attackers are able to go into a hidden mode after attacking the device, In this issue unless the user gives precise consideration to his device he can't capture the bug. Another Issue is miscreant is primarily concerned about the victims most important data like phone books, calendars, messages, images, business cards, bank account details, property details and some credit cards secrets.
Bluetooth hacks are categorised broadly among:
Blue jacking The hacker uses it by making an attempt to send a phone contact or business card to another nearby phone. The 'name' field of the contact can be misused by replacing it with a suggestive text so that the target device reads it as a part of intimation query displayed on its screen. This may be thought of as equivalent to spam e-mail since both are unsolicited messages displayed on recipients' end without consent, and by exploiting the inherent nature of communication.
Blue snarfing goes a step further and actually accesses or steals data like messages, calendar, phone book etc., from the target device in an unauthorised manner which includes bypassing the usual paring requirement. Here, the problem is bigger since there have been reports of the tools that use methods such as device address guessing and brute force in order to break-in, even when device is configured as 'invisible'.
Blue bugging where the victim device is controlled by the attacker who sends commands to perform actions as if having physical access to the device this is functionality analogous to Trojans. The tools for Blue bugging include ones that run off the PCs, which means laptops with high range Bluetooth connectivity, which makes things even worse.
Bluetoothing typically means social networking in short range, and possibility of harassment from the security point of view. Then there are programmes for Bluetooth PIN code cracking as well.
Security Solution Model:
A security model is dependent on determining the invasion mechanism, detection of attacks, protections against data corruption and retaliation to threats with enhanced measures. The most generic requirement is Authentication. Network integration is itself a big security issue. Due to non centralized security issue in ad-hoc networks the security is becoming a main concern
Some time people forget to switch off device when they are offline, so to enhance security in Bluetooth devices users should be educated and informed about the security threats and usage guidelines.
Application software using Bluetooth connection should warn the users if the devices are in idle mode.
Blue jacking, blusnarfing, bluebag, backdoors attacks can be solved with high end encryption algorithms.
Following is assumpted security model which may fulfill some of the basics requirements of reliable security against the vulnerabilities. This presents the prototype by dividing the connection, application and data level securities to the Networks, authentications and the encryption/digital signatures respectively.
Bluetooth Sample Model
N/W level visibility
Data Level Encryption
Authentication at Link Level
Application Level (Digital Signatures)
By analyzing the topic I will conclude that Bluetooth is a cheapest wireless technology to replace data cables between communication devices for simpler requirements of users and a good choice for Wireless Personal Area Networks. But there is lot of security issues to be addressed in the newer versions v3.0 and lot of user awareness of proper usage of technology is required. If the security issues were addressed Bluetooth will replace all the wireless technologies on the mobile phones which are available high end mobiles.