INSTRUMENTOS Y PROCEDIMIENTO DE RECOLECCIÓN DE DATOS

No matter how good the security functionality a technology specifies, a bad or broken implementation can jeopardize all of it. Of course, Bluetooth is no exception to this rule. The technology is relatively young and quite complex. In general, it is very difficult to test a product in every conceivable setting it may end up being used in. The manufacturers tend to focus their efforts on interoperability issues, which is understandable, as behavioral compliance tests are mandated in the product qualification process. Unfortunately, only the basic security functionality can be verified in the qualification process, such as pairing, authentication, and setting up an encrypted link. Many other aspects that are not mandated in the specification are not tested but do have an impact on the overall security. These aspects include (but are not limited to): security policy enforcement, key database management, user interaction, and memory read/write protection. Clearly, there is a risk that something that seemed to work in the laboratory is released as a product with a security-related flaw in its implementation.

Recently there have been claims of Bluetooth vulnerabilities [24] that can be attributed to broken implementations. The claims have to some extent been confirmed by some mobile phone manufacturers. Three types of attacks with the following properties are mentioned.

Snarf attack. The attacker is able to set up a connection to an (unpaired) vic- tim’s device without alerting the victim or requiring the victim’s consent. After doing this, the attacker is able to access restricted portions of the victim’s per- sonal data, such as the phone book, address book, and calendar.

Backdoor attack. First, the attacker needs to establish a trust relation with the victim’s Bluetooth device. Then, the attacker “erases” the entry of the estab- lished link from the victim’s list of paired devices without erasing it from the vic- tim’s link key database. After this is accomplished, the attacker is able to access the services and data of the target device as before, but without the owner’s knowledge or consent.

Bluejacking. This is a term used for sending unsolicited messages to other Blue- tooth devices [25]. It can be accomplished by sending a business card or phone book entry in which the name field has been filled in with a message rather than a real name. Upon reception, the name field is usually displayed together with an appended question of whether the message should be saved to the contact list or not. Clearly, while this could be annoying, it is not a real threat to security. It is simply another name for theobject pushof the OBEX protocol, which is im- plemented in most Bluetooth-enabled phones, laptops, and PDAs.

While the authenticity of the snarf and backdoor attacks are not fully con- firmed, they do show the importance of implementing and enforcing the security policies correctly. For instance, manufacturers of Bluetooth products must ensure that a remote device is not mistakenly granted access to all services on the local device just because a particular service is opened for it. One way to handle this is by implementing a security manager along the lines discussed in Chapter 6.

References

[1] NIST, “Wireless Network Security 801.11, Bluetooth and Hand Held Devices,” Techni- cal Report Special Publications 800-48, U.S. Department of Commerce/NIST, National Technical Information Service, Springfield, VA, April 2002.

[2] Anderson, R., “Searching for the Optimum Correlation Attack,” in B. Preneel, (ed.),Fast

[3] Meier, W., and O. Staffelbach, “Fast Correlation Attacks on Certain Stream Ciphers,”J.

Cryptology, Vol. 1, 1989, pp. 159–176. (Appeared also in Proc. Eurocrypt 88, No. 330

LNCS, 1988).

[4] Meier, W., and O. Staffelbach, “Correlation Properties of Combiners with Memory in Stream Ciphers,”J. Cryptology, Vol. 5, No. 1, 1992, pp. 67–86.

[5] Hermelin, M., and K. Nyberg, “Correlation Properties of the Bluetooth Summation Combiner,” in J. Song, ed.,Proc. ICISC’99, 1999 International Conf. Information Security

and Cryptography, No. 1787 in LNCS, Berlin: Springer-Verlag, December 2000,

pp. 17–29.

[6] Massey, J. L., and R. A. Rueppel, “Method of, and Apparatus for, Transforming a Digital Sequence into an Encoded Form,” U.S. Patent No. 4,797,922, 1989.

[7] Fluhrer, S., and S. Lucks, “Analysis of the E0Cryptosystem,” in A. M. Youssef S. Vaude- nay, ed.,Proc. Selected Areas in Cryptography 01, No. 2259 in LNCS, Berlin: Springer- Verlag, 2001, pp. 38–48.

[8] Krause, M., “Bdd Based Cryptanalysis of Keystream Generators,”Proc. Eurocrypt 02, No. 2332 in LNCS, Berlin: Springer-Verlag, 2002, pp. 222–237.

[9] Bagini, V., J. Golic, and G. Morgari, “Linear Cryptanalysis of Bluetooth Stream Cipher,” in L. R. Knudsen, (ed.),Proc. Eurocrypt 02, No. 2332 in LNCS, Berlin: Springer-Verlag, 2002, pp. 238–255.

[10] Ekdahl, P., and T. Johansson, “Some Results on Correlations in the Bluetooth Stream Cipher,”Proc. 10th Joint Conf. Communication and Coding, Austria, 2000, p. 16. [11] Ekdahl, P., “On LFSR Based Stream Ciphers,” Ph.D. thesis, Lund University, November

2003.

[12] Armknecht, F., A Linearization Attack on the Bluetooth Key Stream Generator, available at http://eprint.iacr.org/2002/191, accessed November 2002.

[13] Armknecht, F., and M. Krause, “Algebraic Attacks on Combiners with Memory,”Proc.

Crypto 03, No. 2729 in LNCS, Berlin: Springer-Verlag, 2003, pp. 162–176.

[14] Courtois, N., “Fast Algebraic Attacks on Stream Ciphers with Linear Feedback,” Proc.

Crypto 03, No. 2729 in LNCS, Berlin: Springer-Verlag, 2003, pp. 176–194.

[15] Courtois, N., et al., “Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations,”Proc. Eurocrypt 00, No. 1807 in LNCS, Berlin: Springer-Verlag, 2000, pp. 392–407.

[16] Coppersmith, D., and S. Winograd, “Matrix Multiplication via Arithmetic Progressions,”

J. Symbolic Computation, Vol. 9, 1990, pp. 251–280.

[17] Courtois, N., “Higher Order Correlation Attacks, XL Algorithm and Crypt Analysis of Toyocrypt,” in P. J. Lee and C. H. Lim, (eds.),Proc. Information Security and Cryptology, ICISC 2002, No. 2587 in LNCS, Berlin: Springer-Verlag, 2003, pp. 182–199.

[18] Bluetooth Special Interest Group,Specification of the Bluetooth System, Version 1.2, Core

[19] Jakobsson, M., and S. Wetzel, “Security Weaknesses in Bluetooth,” in D. Naccache, ed.,

Proc. RSA Conf. 2001, No. 2020 in LNCS, Berlin: Springer-Verlag.

[20] Vainio, J., “Bluetooth Security,” available at http://www.niksula.cs.hut.fi/~jiitv/blue- sec.html, accessed May 2000.

[21] Kügler, D., “Man in the Middle Attacks on Bluetooth, Revised Papers,” in R. N. Wright, (ed.),Financial Cryptography, 7th International Con., FC 2003, No. 2742 in LNCS, Ber- lin: Springer-Verlag, 2003, pp. 149–61.

[22] Karygiannis, T., and L. Owens, “Wireless Network Security, 802.11, Bluetooth and Handheld Devices,”NIST Special Publication 800-48, November 2002.

[23] Gehrmann, C., ed., “Bluetooth Security White Paper,” White Paper Revision 1.0, Blue- tooth SIG, April 2002.

[24] Laurie, A., and B. Laurie, “Serious Flaws in Bluetooth Security Lead to Disclosure of Per- sonal Data,” available at http://www.bluestumbler.org/, accessed November 2003. [25] bluejackQ with a Q, available at http://www.bluejackQ.com/whatis.htm, accessed