Upload
varden
View
106
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Session 11. Wireless Security. Session 12 – Contents. Types of Wireless Networks Wireless Metropolitan Area Networks (WMAN) - WiMax Wireless Local Area Networks (WLAN) / Wi-Fi Wireless Personal Area Network (WPAN) Bluetooth Low-Rate Wireless Personal Area Network (LR-WPAN) Zigbee. - PowerPoint PPT Presentation
Citation preview
Cryptography and Security Services: Mechanisms and Applications
Manuel [email protected]
M. Mogollon – 1
Session 11Wireless Security
M. Mogollon – 2Wireless WIMAX Wi-Fi Bluetooth
Session 12 – Contents
• Types of Wireless Networks— Wireless Metropolitan Area Networks (WMAN) - WiMax— Wireless Local Area Networks (WLAN) / Wi-Fi— Wireless Personal Area Network (WPAN)
– Bluetooth— Low-Rate Wireless Personal Area Network (LR-WPAN)
– Zigbee
M. Mogollon – 3Wireless WIMAX Wi-Fi Bluetooth
Out
side
Cam
pus
Fixed
Walk
Vehicle
With
in C
ampu
s
Fixed/Desktop
Walk Leve
l of M
obili
ty CD
MA
20003XR
T
WIM
AX
(MIM
O) LAN
802.11n(M
IMO
)
The Wireless Landscape
Wireless Wide Area Network (WWAN)
• Metro/Geographical area• “Always On” Services• Ubiquitous public connectivity
with private virtual networks
Wireless Personal Area Network (WPLAN)
• Small form factor, low-cost, short range, low power, radio technology.
• Developed to link portable devices without cables.
• Non-licensed spectrum
4G
Mbps2 54 2000.1
Bluetooth
CD
MA
2000 1XRT
Wireless Local Area Nework (WLAN), and
Wireless Metropolitan Area Network (WMAN),
• Public or Private Site or Campus• Enterprise.• Non-licensed spectrum
78 1000
Zigbee
0.25
Low-Rate Wireless Personal Area Network (LR-WPAN)
• General-purpose, inexpensive, self-organizing mesh network.
• Low data rates and low power consumption; a year or two with a single alkaline battery.
M. Mogollon – 4Wireless WIMAX Wi-Fi Bluetooth
Wireless Networks
250 KbpsApproximately 150 feet radius
IEEE 802.15.4LR-WPAN (Low-Rate Wireless Personal Area Networks) – Zigbee
1, 2, or 3 Mbps
Approximately 30 feet radius
IEEE 802.15WPAN (Wireless Personnal Area Network) – Bluetooth
54 MbpsApproximately 300 feet radius
EEE 802.11WLAN (Wireless Local Area Network) – WiFi
78 MbpsApproximately 30 miles radius
IEEE 802.16IWMAN (Wireless Metropolitan Area Network) - WIMAX
Data RateRangeStandardNetwork
M. Mogollon – 5Wireless WIMAX Wi-Fi Bluetooth
WIMAX• WIMAX is very similar to a Wi-Fi but it operates at higher speeds, over greater
distances, and for a greater number of users. • From the point of view of the infrastructure, a WiMAX network is similar to a cellular
network.— A based station covers a very large area and can simultaneously operate as a subscriber station
and as a base station in a full mesh network using a line-of-sight link. — A subscriber station, which could be a small WIMAX receiver box, or a mobile station.
• WIMAX operates in two primary bands, the 10-66 GHz band used where line-of sight is necessary, and the licensed and un-licensed frequencies of 2 – 11 GHz for those physical environments where line-of-sight is not necessary.
• WIMAX also supports subscriber stations moving at vehicular speeds.— The spectrum at 2.5 GHz and below (2.5 GHz, 1.5GHz, 700MHz, etc.) is used because it has
better characteristics for full mobility deployment. • WIMAX throughput is around 38 Mbit/sec when using orthogonal frequency division
multiplexing (OFDM), and 78 Mbit/sec when OFDM is combined with multiple-input multiple-output (MIMO) antenna processing technology.
• WiMAX expands the availability of broadband service to residences, businesses and other locations with a high cost of wire deployment.— Low-density rural locations in developed countries— Emerging markets where user connectivity is sporadic.
M. Mogollon – 6Wireless WIMAX Wi-Fi Bluetooth
WIMAX Network
Base Station 2
Base Station 1
Subscriber Station
Subscriber Station
Subscriber Station
Subscriber Station
CarrierBase Station 1 is acting as client to Base Station 2
Line of sight, 10 – 66 GHz band, 38 to 78
Mbit/sec
Fiber Optics
M. Mogollon – 7Wireless WIMAX Wi-Fi Bluetooth
WIMAX Security
• WIMAX provides subscribers with privacy, authentication, and confidentiality across the broadband wireless network.
• WIMAX security has three component protocols as follows:— Secure encapsulation of the data exchanged.— Authentication for the subscriber station (SS) to obtain authorization
and traffic keying material from the base station (BS); also supports periodic reauthorization and key refresh.
— A privacy key management protocol (PKM) to provide the secure distribution of keying data from the BS to the SS.
M. Mogollon – 8Wireless WIMAX Wi-Fi Bluetooth
WIMAX Key Generation
• The Privacy Key Management authentication protocol establishes a shared secret key, called an Authorization Key (AK), between the SS and the BS.
• Either RSA or EAP methods are used to generate the AK (Slide 8)• The Authorization Key is then used, by both the BS and the SS, to
generate MAC Keys, HMAC Keys and Key Encrypting Keys (KEK). (Slide 9).
• The KEK is used to encrypt keys for transport from the BS to the SS.
• The BS randomly generates the Traffic Encryption Key (TEK), enciphers it using KEK, and sends it to the SS in the TEK exchange. KEK and TEK have 128-bit lengths. The TEK-128 is encrypted with AES Key Wrap. (Slide 10).
M. Mogollon – 9Wireless WIMAX Wi-Fi Bluetooth
WIMAX Key Generation
MSK= Master Session KeyPMK= Pairwise Master KeyAK = Authorization Key
Optional EIK
MSK -512-bit Primary Authorization Key transferred to SS by EAP method during the
authentication exchange
Truncate (MSK, 160)
PAK (160 bits)
Dot16KDF(PMK, SS MAC Address|BSID| AK, 160)
AK
PMK
MSK
Pre-PAK – 256-bit Primary Authorization Key transferred
from BS to SS using RSA during the authorization process
Dot16KDF(PAK, SS MAC Address|BSID| AK, 160)
AK
PAK
Pre-PAK
Dot16KDF(pre-PAK, SS MAC Address|BSID| EIK+PAK, 320)
EIK (160 bits) PAK (160 bits)
EIK
PAK = Primary Authorization KeyEIK = EAP Integrity KeyAK = Authorization Key
M. Mogollon – 10Wireless WIMAX Wi-Fi Bluetooth
WIMAX Key Hierarchy
AK – 160-bit Authentication Key (AK) context
KEK
Dot16KDF(AK, SS MAC Address|BSID| CMAC_KEYS+KEK, 384)
CMAC_KEY_D
CMAC_KEY_U(128 bits)
KEK(64 or 128 bits)
CMAC_KEY_D(128 bits)
CMAC_KEY_U
Dot16KDF(AK, SS MAC Address|BSID| HMAC_KEYS+KEK, 448)
HMAC_KEY_U(160 bits)
KEK(128 bits)
HMAC_KEY_D(160 bits)
KEKHMAC_KEY_DHMAC_KEY_U
MAC Mode
HMACCMAC
MAC = Message Authentication CodeCMAC_KEY_U = Uplink CMAC KeyCMAC_KEY_D = Downlink CMAC KeyKEK = Key Encrypting Key
CMAC = Cipher MAC (MAC based on block cipher)HMAC_KEY_U = Uplink HMAC KeyHMAC_KEY_D = Downlink HMAC KeyKEK = Key Encrypting Key
M. Mogollon – 11Wireless WIMAX Wi-Fi Bluetooth
WIMAX TEK and Group Keys
Derived by the BSKEK
TEKRNG Encryption Send to SS
KEK
GKEKRNG Encryption Send to SS
GKEK
GTEKRNG Encryption Send to SS
RNG = Random Number GeneratorTEK = Traffic Encrypting Key (64 or 128 bits)GKEK = Group Key Encryption KeyGTEK = Group Traffic Encrypting Key
M. Mogollon – 12Wireless WIMAX Wi-Fi Bluetooth
Security Associations
• Security associations in WIMAX are used in the same way and have the same meaning as the security associations used in IPSec, as well as the security capabilities used in TLS and SSL.
• A Security Association (SA) associates the security parameters with the traffic to be protected.
• Once the SA for a specific connection is defined, it is assigned an identifier, the Security Association ID (SAID).
• When a connection is established between a BS and an SS, the two need to agree on, among other things, the following:— The encryption and authentication algorithms.— The crypto keys, the key sizes, and key lifetimes. — How to exchange keys, the initialization values, and other related security
parameters.
M. Mogollon – 13Wireless WIMAX Wi-Fi Bluetooth
WIMAX Authorization and AK Exchange
Subscriber Station
Base StationAuthentication Information
• The authentication information message is strictly informative. It contains the SS X.509 certificate.
• A pre-PAK or MSK encrypted with the SS public key.• A 4-bit sequence number used to distinguish successive
generations of Pre-PAK or MSK.• A key lifetime.• The SAID used by the SS to obtain keying information.
Authorization Request• SS X.509 certificate.• List of crypto suites (security associations’ IDs) supported
by the SS.• SS Connection Identifier (CID).
Authorization Replay
Authentication Key
SS and BS create the PAK or PMK, and from the PAK or PMK derive the 160-bit AK.
Authentication Key
Creating the PAK or PMK and AK)
M. Mogollon – 14Wireless WIMAX Wi-Fi Bluetooth
WIMAX Re-Authentication & TEK Exchange
Subscriber Station
Base Station
Re-Authentication• The SS sends re-authentication request signed by HMAC or
CMAC.
• The BS generates TEK as a random number and enciphers it using a wrapping algorithm keyed with the KEK.
• The BS sends the encrypted TEK to SS.• SS deciphers the encrypted TEK using the wrapping
algorithm keyed with KEK.
Key Request• SS requests a TEK.
Key Replay
SS and BS create CMAC or HMAC and KEK
Creating CMAC or HMAC and KEK
BS and SS are ready to send encrypted information using the data encryption algorithm specified in the cipher suite keyed with TEK.
Exchanged ciphertext messages are authenticated using HMAC or CMAC.
M. Mogollon – 15Wireless WIMAX Wi-Fi Bluetooth
WIMAX Cryptographic Suites
ReservedAll remaining values
AES Key Wrap with 128-bit keyNo data authenticationMBS CTR mode 128 bits AES0x800004
AES ECB mode with 128-bit keyNo data authenticationMBS CTR Mode 128 bits AES0x800003
ECB mode AES with 128-bit keyNo data authenticationCBC-Mode 128-bit AES0x030003
AES Key Wrap with 128-bit keyCCM-ModeCCM-Mode 128bits AES0x020104
ECB mode AES with 128-bit keyCCM-Mode, 128-bitCCM-Mode 128-bit AES0x020103
RSA, 1024No data authenticationCBC-Mode 56-bit DES0x010002
RSA, 1024No data authenticationNo data encryption0x000002
3-DES, 128No data authenticationCBC-Mode 56-bit DES0x010001
3-DES, 128No data authenticationNo data encryption0x000001
TEK ExchangeData AuthenticationData EncryptionValue
M. Mogollon – 16Wireless WIMAX Wi-Fi Bluetooth
WIMAX AES Residual Termination Block Processing
EK EK DK DK
Cn-1Pn-1
Pn-1
++
++
Cn-1
Pn Ö
cn-2Cn Ö
Pn CCn Ö
Cn C
Pn = Last plaintext block Pn-1 = Next to last plaintext blockCn = Last ciphertext block Cn-1 = Next to last ciphertext blockEK = Encryption with key K DK = Decryption with key K
b = Block size a = Number of bits in Pn
Ö = Padded bits C = Ciphertext of Ö
(b – a) bitsa bits
cn-2
b bits
M. Mogollon – 17Wireless WIMAX Wi-Fi Bluetooth
Wireless LAN (WLAN) - WiFi
WLAN – AP
Subnet “B”
Roam From One tothe other
Subnet “A”
WLAN Security Switch
TerminalWLAN Mobile
Adaptor
TerminalPDA
WLAN – APWLAN – AP
WLAN – AP
WLAN Mobile Adaptor
PDA
M. Mogollon – 18Wireless WIMAX Wi-Fi Bluetooth
IEEE 802.11 Standards
ESS Mesh NetworkingIEEE 802.11s
WAVE - Wireless Access for the Vehicular Environment (such as ambulances and passenger cars)
IEEE 802.11p
802.11n builds upon previous 802.11 standards by adding MIMO (multiple-input multiple-output) and orthogonal frequency-division multiplexing (OFDM). MIMO uses multiple transmitter and receiver antennas to allow for increased data throughput.
IEEE 802.11n
Enhanced security (2004)IEEE 802.11i
Spectrum Managed 802.11a (5 GHz) for European compatibility (2004)IEEE 802.11h
54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003)IEEE 802.11g
Enhancements: QoS, including packet bursting (2005)IEEE 802.11e
International (country-to-country) roaming extensions (2001)IEEE 802.11d
Bridge operation procedures; included in the IEEE 802.1D standard (2001)IEEE 802.11c
Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999)IEEE 802.11b
54 Mbit/s, 5 GHz standard (2001)IEEE 802.11a
The original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and IR standard (1999)IEEE 802.11
M. Mogollon – 19Wireless WIMAX Wi-Fi Bluetooth
IEEE 802.11 Security Services
• Authentication— Open System— Shared Key
• Confidentiality— WEP
• Access control in conjunction with layer management.• Secure Roaming
M. Mogollon – 20Wireless WIMAX Wi-Fi Bluetooth
WEP Encapsulation
RC4Initialization Vector (IV)
Secret Key (40, 104, 128)||
Header Payload
CRC-32Integrity Check Value
(ICV)
||
Keystream
Header IV Key Number Encrypted Payload ICV
WEP Frame
+ Encrypted Payload ICV
802.11 Frame
M. Mogollon – 21Wireless WIMAX Wi-Fi Bluetooth
IEEE 802.11i• Several reports were written revealing 802.11 security weaknesses. • In June 2004, the IEEE Standards Association approved the IEEE 802.11i a
security enhancement amendment to the original IEEE 802.11 specification.• The IEEE 802.11i amendment added stronger encryption, authentication,
and key management strategies for wireless data and system security.• The amendment proposed two new data-confidentiality upgrades:
— An interim software upgrade solution that didn’t need hardware upgrades– The Temporal Key Integrity Protocol (TKIP)
— A final solution with different hardware and, therefore, not compatible with the previous version of WEP.– CTR [counter mode] with CBC-MAC [cipherblock chaining (CBC) with a message
authentication code (MAC)] Protocol (CCMP), and IEEE 802.1X's to control access to the network.
• The 802.11i amendment also provided improvement for the following security issues: — Key management— Data origin authenticity— Replay detection
M. Mogollon – 22Wireless WIMAX Wi-Fi Bluetooth
EAP-TLS EAP-TTLSEAP-MD5PEAP
Auth
entic
atio
n Plus others such as EAP-SIM, EAP-FAST and LEAP
EAP Implementations
Encr
yptio
n &
Inte
grity
EAP
Port Control
TKIP
802.1X
RC4
CCMP
802.1X
AESEncryption Cipher
802.1X
WEP
RC4
802.11IEEE 802.11i (RSN)
WPA/WPA2
802.11i (RSN)
WPA2WI-FI Alliance
Encryption Algorithm
Enterprise
RADIUS Servers Cisco ACS, Microsoft IAS, FreeRADIUS, Juniper SBR
User Credentials EitherCertificates Username/Password EitherEither
WPA2 released: 09/2004 802.11i ratified: 06/2004WPA released: 04/2003802.11 ratified: 06/1997
WPA2 cipher suite is indicated in the Robust Security Network (RSN) Information Element.
Also, supported by WPA but not certified in, as CCMP(AES). Hence some vendors implement WPA with AES.
Integrity Algorithm MIC
802.11 Security Framework
PSK PersonalWI-FI Alliance Modes:
M. Mogollon – 23Wireless WIMAX Wi-Fi Bluetooth
TKIP Encapsulation
TATK
TSC
TTAK
DA + SA + Priority + Plaintext MSDU Data
MIC Key MichaelPlaintext MSDU + MIC
Fragment(s) (if
necessary)
Phase 1 Key
Mixing Phase 2 Key
Mixing
WEP SeedIV
RC4 Key RC4(128 bits)
Ciphertext MPDU
TA = Transmitter Address TK = Temporary KeyTSC = TKIP Sequence Counter MIC = Message Integrity CodeDA = Destination Address SA = Source Address
M. Mogollon – 24Wireless WIMAX Wi-Fi Bluetooth
CBC – MAC Authentication
+
Input Block 1
CIPHK
Output Block 1
B0
Formatting Encoding Function
+
Input Block 2
CIPHK
Output Block 2
B1
+
Input Block r
CIPHK
Output Block r
Br
Y0 = CIPHK(B0) Y1 = CIPHK(Y0 XOR B1) Yr = CIPHK(Yr -1 XOR Br)
Input Data (N, A, P) Output Data (B0, B1, B2, ……, Br)
r = The number of blocks in the formatted input data (N, A, P).Yr = The CBC-MAC resultMSBs(X) = The bit string consisting of the s left-most bits of the bit string
X.T = The MAC that is generated as an internal variable in the
CCM processes.Tlen = The bit length of the MAC.
T = MSBTlen(Yr)
M. Mogollon – 25Wireless WIMAX Wi-Fi Bluetooth
CtrmCtr1Ctr0
Counter (CTR) Mode Encryption
Input Block 1
CIPHK
Output Block 1
Flag, N, Counter 1
Enc
rypt Input Block 2
CIPHK
Output Block 2
Input Block m
CIPHK
Output Block m
Flag, N, Counter 2
Flag, N, Counter m
S0 = CIPHK(Ctr0). S1 = CIPHK(Ctr1). Sm = CIPHK(Ctrm).
m = The number of blocks in the formatted payload, equal to Plen/128.Plen = The bit length of the payload.MSBs(X) = The bit string consisting of the s left-most bits of the bit string X.T = The MAC that is generated as an internal variable in the CCM
processes.Tlen = The bit length of the MAC.
S = S1 || S2 || …….|| Sm
||
Confidentiality Authentication
))(( SMSBPC Plen ))( 0SMSBT Tlen
M. Mogollon – 26Wireless WIMAX Wi-Fi Bluetooth
IEEE 802.1X EAP Authentication
802.1X EAP Request
Supplicant(Station)
Authenticator (Access Point)
Authentication Server (Radius)
802.1X EAP ResponseAccess Request (EAP Request)
EAP Authentication Access Protocol (Exchange PMK)
Accept / EAP Success / Key Material (PMK)
802.1X EAP Success
802.1X EAP Start
At this moment the 802.1X Controlled Port is still blocked to
the station
M. Mogollon – 27Wireless WIMAX Wi-Fi Bluetooth
4-Way HandshakeSupplicant
(Peer, Client)Authenticator (Access Point)
PMK is known-generate SNonce
Message 1 EAPOL – Key (ANonce, Unicast)
PMK is known-generate ANonce
Message 2 EAPOL – Key (SNonce, Unicast, MIC)
Message 3 EAPOL – Key (Install PTK, Unicast, MIC, Encrypted GTK)
Message 4 EAPOL – Key (Unicast, MIC)
Derive PTK
Install PTK and GTK Install PTK
Derive PTK. If needed, generate
GTK.
M. Mogollon – 28Wireless WIMAX Wi-Fi Bluetooth
Pairwise and Group Key Hierarchy
Pairwise Master Key (PMK)
Pairwise Transient Key (PTK)TKIP 512 bitsCCM 384 bits
EAPOL-Key Key Confirmation Key
(KCK) L(PTK 0-127)
EAPOL-Key Key Encryption Key
(KEK)L(PTK 128-255)
Temporal KeyTKIP L(PTK 256-511)CCMP L(PTK 256-383
PRF- X(PMK, Pairwise key expansion, AA, SPA, ANonce, SNonce)
AA = Authenticator AddressSPA = Supplicant AddressANonce = Authenticator’s NonceSNonce = Supplicant’s NonceGNonce = Group’s Nonce
M. Mogollon – 29Wireless WIMAX Wi-Fi Bluetooth
Pairwise and Group Key Hierarchy
Group Master Key (GMK)
Group Temporal Key (GTK)(X bits)
Temporal KeyTKIP L(PTK 0-255)CCMP L(PTK 0-127
PRF- X(GMK, “Group key expansion”, AA || GNonce)
AA = Authenticator AddressSPA = Supplicant AddressANonce = Authenticator’s NonceSNonce = Supplicant’s NonceGNonce = Group’s Nonce
M. Mogollon – 30Wireless WIMAX Wi-Fi Bluetooth
Securing WLAN
• Use Wireless Security Switches• Use Strong Encryption• Turn Off SSID Broadcasting• Change the Default Administrative Password and SSID• Turn Off the System• Use MAC Filtering• Control the Wireless Signal Output• Use VPN• Use WLAN Audits
M. Mogollon – 31Wireless WIMAX Wi-Fi Bluetooth
Bluetooth• Conceived as a low-cost, low-profile, low-power, short-range radio
technology, open standard.• Designed to create small wireless networks for interconnecting
devices such as wireless headsets, printers, keyboards, and mice.• Used to enhance wireless connectivity by connecting almost any
device to any other device.• Works as an ad-hoc network, typically created on a temporary and
random basis.• Consists of up to eight Bluetooth devices in a network, called a
piconet, working in a master-slave relationship, with one device designated as master and the rest as slaves.
• Employs a dynamic topology in which the master controls and reconfigures the changing network topologies.
• Creates a chain of piconets, referred to as a scatter-net, in which a slave from one piconet acts as the master of another piconet.
M. Mogollon – 32Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Frequency and Power Operation
Less than 30 feetN/A1 mW3
Up to 30 feet1 mW2.5 mW2
Up to 300 feet1 mW100 mW1
RangeMin Output PowerMax Output PowerPower Class
• Bluetooth operates in the 2.4 GHz industrial, scientific, and medical (ISM) non-license spectrum.
• The system uses frequency-hopping, spread spectrum (FHSS) transmission.
• Devices in a piconet use a specific hopping pattern of 79 frequencies in the ISM band that changes frequency about 1,600 times per second.
• The master device controls and sets up the network’s pseudo-random, frequency-hopping sequence, and the slaves synchronize to the master.
M. Mogollon – 33Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Security
128 bitsRandom number
8 – 128 bitsPrivate user key, encryption configurable length (byte-wise)
128 bitsPrivate user key (Link Key), authentication
48 bitsBluetooth device address
Bit LengthVariable
• Provides confidentiality and authentication for peer-to-peer communications over short distances.
• Four variables are used for security:— Bluetooth device address— Two secret keys— A pseudo-random number that is regenerated for each new transaction.
M. Mogollon – 34Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Key Generation
Key Generator Function E2
BD_ADDR, PIN, PIN length, IN_RAND
Kinit
Key Generator Function E2
BD_ADDR, RAND
KA CA
Key Generator Function E2
BD_ADDR, PIN, PIN length, IN_RAND
Kinit
Key Generator Function E2
BD_ADDR, RAND
KBCB
initBB KCK initAA KCK
BAAB KKK BAAB KKK
Key Generator Function E3
EN_RAND, COF, Link Key (KAB)
KC
Key Generator Function E3
EN_RAND, COF, Link Key (KAB)
KC
KAB = Link Key
KC = Encryption Key
Bluetooth Device 1 Bluetooth Device 2
++
M. Mogollon – 35Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Authentication
Random Number Generator (RNG)
Abort Connection
Allow Connection
Bluetooth Device 1(Claimant)
Bluetooth Device 2(Verifier)
Address BD_ADDR
Link Key(Kab)
Link Key (Kab)
E1 Encryption Algorithm
E1 Encryption Algorithm
Same?No
Yes
ACOSRES
SRESACO
96 bits 32 bits 96 bits32 bits
AU_RAND
ACO = Authentication Ciphering OffsetLink Key = Link Key (128 bits)AU_RAND = Authentication Random Number (128 bits)BD_ADDR = Bluetooth Device 1 (Claimant) Address (48 bits)
M. Mogollon – 36Wireless WIMAX Wi-Fi Bluetooth
KC (128 bits)
KC (128 bits)
Bluetooth Encryption
Ciphertext (Packet)
EN_RANDA
ClockA = Master Real-Time Clock (26 bits)EN_RAND = Encryption Random Number (128 bits)BD_ADDR = Bluetooth Device A (Master) Address (48 bits)K’C = Encryption Key (128 bits)Constant = 111000 (6 bits)
Key Generator
Function (E3)
E0 Encryption Algorithm
Link Key
COF
Bluetooth Device A(Master)
Random Number Generator (RNG)
Key Generator
Function (E3)
E0 Encryption Algorithm
Link Key
COF
BD_ADDRA
Bluetooth Device B(Slave)
ClockA ClockA
Plaintext (Packet) + Plaintext
(Packet)+
111001111001
Key Reduction Expansion Function
K’C
(128 bits)
Key Reduction Expansion Function
K’C(128 bits)
M. Mogollon – 37Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Encryption Engine
LFSR1
LFSR2
LFSR3
LFSR4
c0t
x4t
x3t
x2t
x1t
x4t
x3t
x2t
x1t
XOR
++
T1
T2
XOR
Yt
Ct
Ct + 1
Z-1
Z-1
St + 1
1bit
3 bits
2 bits
2 bits
2 bits
2 bit
3 bits
2 bits
2 bits/2
Encryption Stream Zt
(1 bit)
Summation Combiner Logic
Initi
al V
alue
Blend
M. Mogollon – 38Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Encryption Engine Initialization
33 - 39
31 X1t
+36
+28
+4
+
33
31 X4t
+24
+28
+4
+
25 - 31
24 X3t
+16
+24
+12
+
25
24 X2t
+8
+20
+12
+ADR[2] CL[1] K’C[12] K’C[8] K’C[4] K’C[0] CL24
ADR[3] ADR[0] K’C[13] K’C[9] K’C[5] K’C[1] CL[0]L 001
ADR[4] CL[2] K’C[14] K’C[10] K’C[6] K’C[2] CL25
ADR[5] ADR[1] K’C[15] K’C[11] K’C[7] K’C[3] CL[0]u 111
CL[0]L = CL3 CL2 CL1 CL0 (4 bits)
CL[0]u = CL7 CL6 CL5 CL4 (4 bits)ADR[n], CL[n], K’c[n] have 8 bitsCLn has 1 bit
M. Mogollon – 39Wireless WIMAX Wi-Fi Bluetooth
Bluetooth Encryption Engine Run-up
Z[3] Z[7] Z[11] Z[14] Z[15] 7 - 1
31 X1t
+36
+28
+4
+
Z[2] Z[6] Z[10] Z[13]
31 X4t
+24
+28
+4
+
Z[1] Z[5] Z[9] Z[12]7- 1
24 X3t
+16
+24
+12
+
Z[0] Z[4] Z[8]
24 X2t
+8
+20
+12
+
Z[15]0
Z[12]0
M. Mogollon – 40Wireless WIMAX Wi-Fi Bluetooth
To Probe Further• Bluetooth Special Interest Group (SIG) – 2004, “Specification of the Bluetooth System V2.” Retrieved on
December 19, 2005, from https://www.bluetooth.org/spec/• Dworkin, M (December 2001). Recommendation for Block Cipher Modes of Operation Methods and Techniques.
NIST Special Publication 800-38A. Natl. Inst. Stand. Technol. Retrieved December 19, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
• Dworkin, M (May 2005). Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
• Dworkin, M (May 2004). Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
• Fluher, S., Mantin, I., and Shamir, A. (2001). Weaknesses in the Key Scheduling Algorithm of RC4. 8th Annual Workshop Selected areas in Cryptography. August 2001.
• IEEE Std 802.16e – 2005, “Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems .”• IEEE Std 802.15.1 – 2005, “Part 15.1: Wireless medium access control (MAC) and physical layer (PHY)
specifications for wireless personal area networks (WPANs).”• IEEE Std 802.11i – 2004, “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)
specifications Amendment 6: Medium Access Control (MAC) Security Enhancements.”• Karygiannis, T, Owens L. (2002). Wireless Network Security, 802.11. Bluetooth and Handheld Devices. NIST
Special Publication. Downloaded on November 15, 2004, from http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
• Shinder, D. (2005). 10 Ways to Wireless Security. Tech Republic. Retrieved October 10, 2005, from http://insight.zdnet.co.uk
• Wi-Fi Security – Addressing Concerns. Hewlett Packer. Downloaded on October 10, 2003 from http://h50012.www5.hp.com/createuse/learning/ITguide_planning.asp