Scribd
Upload
156 views2 pages

Bluetooth Security Component and Protocol

The document summarizes the security components and protocols used in Bluetooth. It describes the steps of pairing, authentication using challenge-response, and encryption using keys derived from the link key and random numbers. While Bluetooth offers improvements over WEP encryption in 802.11, it still has some weaknesses like fixed PINs, permanently stored keys, and devices always being discoverable if switched on.

Uploaded by

Krishanu Modak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
156 views2 pages

Bluetooth Security Component and Protocol

The document summarizes the security components and protocols used in Bluetooth. It describes the steps of pairing, authentication using challenge-response, and encryption using keys derived from the link key and random numbers. While Bluetooth offers improvements over WEP encryption in 802.11, it still has some weaknesses like fixed PINs, permanently stored keys, and devices always being discoverable if switched on.

Uploaded by

Krishanu Modak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Bluetooth Security Component and Protocol

1. The main security features offered by Bluetooth include a challenge response


routine for authentication, a stream cipher for encryption, and a session key
generation.

2. Each connection may require a one-way, two-way, or no authentication using


the challenge-response routine.

3. The security algorithms use the public identity of a device, a secret private user
key, and an internally generated random key as input parameters.

4. Fig: Bluetooth security components and protocols

5. Fig above shows several steps in the security architecture of Bluetooth .


6. The first step, called pairing, is necessary if two Bluetooth devices have never
met before.

7. To set up trust between the two devices a user can enter a secret PIN into both
devices. This PIN can have a length of up to 16 byte.

8. Based on the PIN, the device address, and random numbers, several keys can be
computed which can be used as link key for authentication .

9. The authentication is a challenge-response process based on the link key, a


random number generated by a verifier (the device that requests authentication),
and the device address of the claimant (the device that is authenticated).

10.Based on the link key, values generated during the authentication, and again a
random number, an encryption key is generated during the encryption stage of the
security architecture. This key has a maximum size of 128 bits and can be
individually generated for each transmission .

11.Based on the encryption key, the device address and the current clock, a payload
key is generated for ciphering user data. The payload key is a stream of pseudo-
random bits.

12.The ciphering process is a simple XOR of the user data and the payload key.

13.Compared to WEP in 802.11, Bluetooth offers a lot more security. However,


Bluetooth, too, has some weaknesses when it comes to real implementations.

1. The PINs are quite often fixed .

2. Some of the keys are permanently stored on the devices and the quality
of the random number generators has not been specified.

3. If Bluetooth devices are switched on they can be detected unless they


operate in the non-discoverable mode (no answers to inquiry requests).

4. If a lot of people carry Bluetooth devices (mobile phones, PDAs etc.)


this could give, e.g., department stores, a lot of information regarding consumer
behavior.

You might also like