PDA and Smartphones – Bluetooth Communications
Bluetooth Communications: Bluetooth is a Personal Area Network (PAN) standard that enables wirelessconnections between electronic devices in the 2.4 GHz range over short distances, as an alternative to cables.
Designed to be power efficient, Bluetooth has become a common feature in cell phones. Since wireless communications is inherently insecure, a number of basic security provisions have been defined for this standard to mitigate the risks involved. The three basic security services are defined by the Bluetooth specifications:
- Authentication – to verify the identity of communicating devices; only devices that properly authenticate can engage in communications.
- Confidentiality – to prevent information exposure from eavesdropping; only authorized devices can view data.
- Authorization – to control access to resources; only authorized devices can use a designated service.
The Bluetooth technical specifications have evolved over the years since their initial release. In mid-2007, version 2.1+Enhanced Data Rate (EDR) was issued, which included substantial improvements to security . In particular, a new security mode that uses Secure Simple Pairing (SSP) was defined as a service level enforced security mode, in which the three basic security services listed above may be instituted after connection establishment occurs.
Pairing is the process that allows two Bluetooth devices to associate themselves with one another by generating a shared link authentication key for use in future communications. SSP supports four association models, some of which can greatly simplify the user interaction required and protect against passive eavesdropping and man-in-the-middle attacks that were a source of concern with earlier versions of the specifications.
With earlier versions, if the pairing and authentication exchanges were monitored and recorded, a brute force algorithm could be used to readily determine the link key . SSP uses the Elliptic Curve form of Diffie-Hellman public key cryptography to generate the link key, which imposes a significantly harder problem for an attacker to solve to derive the key than does the legacy pairing process.
Many existing cell phones and PDAs were produced before the current Bluetooth specifications and do not support the new SSP security mode.
For these devices, three legacy security modes compliant with earlier versions of the specifications are relevant: non-secure mode, where no basic security services are enabled; service level enforced security mode, in which all three basic security services can be instituted after connection establishment occurs and access controls can be defined by policy; and link level enforced security mode, in which authentication (unidirectional or mutual) and encryption services can be instituted before connection establishment. Further details about the new and legacy security modes can be found in the current specifications .
The introduction of SSP affects use of legacy security modes for version 2.1+EDR compliant devices. The new SSP mode is compulsory and the two legacy modes of no security and link level security are excluded for such devices. The remaining legacy mode of service level enforced security is conditional—to be used only for connecting to remote legacy devices that do not support SSP. Devices compliant with earlier versions of the specification have must rely on the legacy security modes for communications among themselves.
3 Responses to “PDA and Smartphones – Bluetooth Communications”
interesting post
Very interesting article.I wait to read more about this subject
a very good article about PDA and Smartphones – Bluetooth Communications