Page 2 of 2
If you are going to commit your data to a wireless link security has to be a major concern.
As Bluetooth signals can be picked up by anyone within range some sort of cryptography has to be used to make sure that your data remains private. The only advantage that Bluetooth has over other wireless technologies, such as WiFi networking, is that its shorter range means that you should be able to see any potential eavesdroppers!
Bluetooth has three security modes:
- Mode 1 is no security at all. In this mode the device accepts any connections that are offered to it.
- Mode 2 delegates the security to the application. The connection is made and then the application software decides what to do with it.
- Mode 3 is the built-in security offered by Bluetooth. In this mode a device can’t even connect unless it obtains permission. A link key or PIN code is used to authenticate the identity of another device.
Mode 3 authentication is quite a complicated procedure. First the user enters a PIN code on both Bluetooth devices. The PIN code is used to generate a 128-bit link key. The device trying to make the connection then has to transmit its address – every Bluetooth device has a unique 48-bit address assigned when it is manufactured – and the device that is trying to authenticate the connection transmits a 32-bit random “challenge”. Both devices then use the link key generated from the PIN, the 32-bit challenge and the address of the device trying to connect to compute an authenticated response.
As long the same values are used for all of these numbers both machines compute the same Link Key and the device trying to connect transmits this to the authenticating device which checks that they are indeed identical. If they don’t match the connection is refused and, to stop hackers trying to guess the PIN number, the connection cannot be attempted again for a period of time. Notice that the fact that the device address is used in the authentication makes it difficult for a hacker to substitute another device part way through the authentication process.
(click to enlarge)
Bluetooth authentication is just a matter of two devices coming to the same result from the same, shared, data. (Note: the Authenticated Cipher Offset is used as an encryption key if the connection is successful.)
As far as the user is concerned Bluetooth authentication is just a matter of typing in a shared password in the form of a PIN.
If this is too much for the user then devices can be “paired”. This causes both devices to store and reuse the link key to automate connection without the PIN number having to be typed in. Of course you can’t pair devices unless they have first successfully authenticated but after this one true test of identity, paired devices trust one another.
Notice that even paired devices use the link key, device address and a challenge to compute an authentication response – the only difference is that the link key generated from the PIN is reused. Of course devices can be unpaired just as easily and then the PIN is required to make the connection.
As well as authentication, Bluetooth offers three modes of encryption for data being transmitted between devices.
- Mode 1 is to use no encryption
- Mode 2 is to use encryption for communication with specific devices but not for broadcast messages
- Mode 3 encrypts all data
The encryption algorithm makes use of a key generated using the Authenticated Cipher Offset, which is generated as part of the authentication process along with the authentication response.
That is, the authenticated cipher offset is also computed using the link key, device address and 32-bit challenge. The Authenticated Cipher Offset is used again with the link key and challenge to create a key ranging in size from 8 to 128 bits. This key is then used to encrypt the data in each packet being transmitted. There are some refinements to the encryption process that make it difficult to attack by a range of well-known techniques.
Bluetooth security is fairly good and well thought out. It does have some weaknesses that you need to be aware of.
The first is that the PIN code is usually short and this makes them easier to guess than long passwords. You can use longer PIN codes but most users don’t.
Distributing PIN codes in a secure fashion so that devices in an office can connect to each other can be a problem.
There is also a problem with the way that the 32-bit challenges are generated, which can result in a pattern for some PIN numbers. Finally authentication operates only at the device level and not the user level. A paired device will connect even if it has been stolen.
All of these problems pale into insignificance compared to the real weakness of Bluetooth security – most users don’t enable it and don’t even know that they can! As a result most Bluetooth devices are operating in mode 1 for both authentication and encryption.
Bluetooth is just one of a range of wireless technologies and it certainly doesn’t replace WiFi networking, for example. It is ideal for portable devices and for connecting peripherals. It is certainly better than a piece of wire.
The official Bluetooth site: http://www.bluetooth.com/