SECURITY & AUTHENTICATION COURSE MINI-PROJECT
In Our Daily Life Security is a vital issue. Everyone wants their personal details to remain secure and private, whether it is their property, money and all other belongings. Likewise when exchanging information over a communication medium one wants the information to remain secure and not be seen or heard by anyone. While exchanging information over the web, we are concerned about of not being hacked by someone, but hacking is not only limited to computers, even mobile phones are hacked. Bluetooth is one of the ways of communicating with different devices over a short range wireless medium, and it is important to keep this medium secure like all other mediums and this is point that I have emphasized in my course-work essay i.e. Bluetooth Security.
The topic that I would be describing about is Bluetooth security. As we are aware of the fact that all the communication technologies are facing the issue of security and privacy and Bluetooth is also one of them. The information that we exchange over a communication medium is highly important to us and hence we want this information to remain secure. Every user understands the need of security when he is writing an email or using any other networks. Same is the case with Bluetooth communication. Bluetooth is also needed to be as secure as the other networking and communication technologies are. Today Bluetooth security is becoming an issue all over the world. Some people are causing fear into the minds of the people regarding security of Bluetooth communication, but the fact is different. The reality is that all these issues regarding Bluetooth security for e.g. hacking into someone's phone using Bluetooth technology (Blue jacking), can easily be dealt with and there are number of security measures already available in order to provide secure Bluetooth connection. If some users complains of issues like hacking it means that they did not take the necessary security precautions to secure their device .
In order to go into the detail of the topic I should first explain the fundamentals regarding Bluetooth technology and its security. As we know that Bluetooth provides short range wireless communication between different devices. One of the basic ways two devices communicate with each other is pairing. Pairing is a procedure by which a communication channel is established between two devices. In this process both the devices indentify each other by the help of a PIN. It is essential for both users to enter the same PIN in order to communicate with one another. If the PIN is not same then there is no communication between the two. One the two devices have entered the same PIN and they get to communicate with each other, they are considered to be entirely secure. Bluetooth technology uses an algorithm that guarantees security of the two paired devices . There are various states involved in establishing a Bluetooth connection between two devices, these states are explained very briefly as follows:-
Inquiry: A device that wants to discover other Bluetooth devices enters into an enquiry state.
Paging: The page state is used by the master to connect to the slave .
Active state: In this state the connection established and the communication session takes place, it has got its own low power states that are park, hold and sniff .
Various Protocols are used for Bluetooth Security. Bluetooth SIG (a trade organization) defines the Core protocols. Further protocols have been offered by the other standards bodies. In this part we will discuss the overview of the core protocols and those standard protocols that are widely used for Bluetooth security.
Mainly The Bluetooth protocol is split in two parts: a "controller stack" containing the critical timing radio interface, and a "host stack" dealing with high power level data. Generally the controller stack is implemented in a low cost silicon device containing a microprocessor and the Bluetooth radio. The host stack is implemented as part of an operating system. Only for integrated devices, the controller stack and host stack can be run on the same microprocessor to reduce mass production costs; this is known as a hostless system. 
Bluetooth Security Fundamentals:-
Bluetooth provide three basic security services authentication authorization and confidentiality.
Authentication: Authentication involves recognizing the identity of the communicating devices .
Confidentiality: It involves checking and making sure that only authorize persons are using the information and that there is no leakage .
Authorization: It is the process of making sure that the device which is authorized is using the information and that is permitted .
The companies who provide Bluetooth service have the option of selecting the type of security they intend to provide to their users. There are three security modes available:-
- Security mode 1(unsecure)
- Security mode 2( Security level enforced security)
- Security mode 3( Link level enforced security)
- Security mode 4(Secure simple pairing)
Security Mode 1:-
Security mode 1 is non-secure are the security functionality is bypasses. Leaving the Bluetooth device open to the hackers. In this mode there is no security mechanism followed by the devices and they are left open for the other Bluetooth devices .
Security mode 2:-
Security mode 2 is the security level enforced security mode. In this security mode a security manager keeps the access to the specific applications and devices. The security manager contains policies for access controls with other devices. In this mode a certain device may be allowed to use one service and denied the other. Different security policies may be defined for services using different security levels 
Security mode 3:-
This mode is link level enforced security mode. In this mode a Bluetooth device initiates the security procedure even before the physical link is established. This mode supports the authentication and encryption procedures. This authentication and encryption is bases on the secret key that is shared by the common devices during the communication .
Security mode 4:-
This mode is also called as secure simple pairing. It simplifies the process of pairing by providing different types of models keeping in mind the capability of the device. It also provides protection from passive leakage of information and man in the middle attacks .
Bluetooth Key Generation:-
In security mode 2 and 3 devices derive the keys during the initialization process, when they enter the same PIN. The whole process of key generation i.e. entering of PIN, key derivation are elaborated in the diagram on the next page, also keep in mind that if the key is less than 16 bytes then the BD_ADDR is used to supplement the PIN. The Ex boxes in the diagram show the encryption algorithms used in key derivation and device communication .
As the initialization process is completed the devices then transparently communicate over the encrypted wireless link. PIN size can be varied between 0 and 16 bytes. PIN size varies according to the security level required. 4 digits PIN is sufficient where there is smaller risk, however longer PIN is essential for secured applications where the risk factor is higher .
Security mode 4 requires Bluetooth applications to mandate a secured authenticated key or unauthenticated key or no key at all.
Below is the diagram showing how a link key is established in secure simple pairing. This diagram shows how ECDH uses public and private key pairs rather than generating a PIN symmetrically.
Recommendation for Bluetooth Key Management:-
A handset does not contain a man machine interface (MMI). Hence keeping a fixed key for pairing is a reasonable practice. However it is possible to change the settings of the handset by connecting it with another device for e.g. a laptop. A handset implemented key generation method is also possible over an encrypted and authenticated network. This has encouraged the manufacturers to assign Bluetooth pass key values that are fixed for each handset. If the Bluetooth pass key is changed it can allow access to other user to reset the handset to factory default settings, but still the user can continue to use his handset as after the handset is reset it goes to factory default settings that provides the factory default pass key.
As it is known that exchanging keys in a non encrypted environment is not secure it is recommended that the users to exchange their keys in a secured and private place where they are sure that unknown devices are not present. The maximum length of the key is 128 bits. In order to obtain highest level of security long passkeys must be used. A handset must use different combinations for its connections .
Bluetooth Security threats:-
After having seen the methods of how to make the Bluetooth communication secure, the question arises does that make Bluetooth communication secure? As discussed in the earlier part of my essay that there have been news of mobile phone been hacked into by the hacker. It is for all of us to realize that in order to get a secure communication one should not completely rely on the technology but also make their own efforts to make their communication secure by using the necessary precautions.
According to Bluetooth Specialist Interest Group a hacker needs to go through a certain procedure to hack someone's handset. A hacker should first break the existing connection, steal the packets then resend the PIN also it is important for the hacker to be in the range of the Bluetooth device 
The above mentioned details for a hacker might sound as if Bluetooth is easier to hack; actually it's not as easy. The SIG is constantly making efforts to make Bluetooth communication more and more secure. The history of Bluetooth communication tells us that it was created and utilized only because it provided secure data exchange which is one of its core principles. All of this tells us that Bluetooth is indeed secure and it is, but still keeping in mind the advancement in technology there has emerged a Bluetooth specialist group within SIG to monitor any flaws in Bluetooth security if there are any .
In this course work essay I have tried to emphasize on every aspect of Bluetooth regarding security, its application and its management. In my opinion Bluetooth provides a much secured medium of communication between various devices. It is understandable that there are threats but my study tells me that these threats have more to do with the carelessness of the user then the technology itself. Using short PINs is not recommended in this type to communication. To avoid risk, a user should use more number of keys to make his communication secure and risk free. As per the study carried out by the SIG the Bluetooth security threats have been isolated to Bluetooth cell phones, but even this problem does not go unattended. The Bluetooth SIG takes immediate action to discover and inspect the problem. If there is a problem due to Bluetooth specification then the SIG deals with is directly, but if the problem is with the use of Bluetooth technology then the SIG coordinated with their specific members to prevent the problems from reoccurring .
 SP Commerce LLC, Bluetooth Security. Retrieved 1st January 2009 from the website: http://www.bluetomorrow.com
 Christian Gehrmann, Bluetooth Security White Paper. Published on 2002-04-19Retrieved 1st January 2009 from the website: http://grouper.ieee.org/groups/1451/5/Comparison%20of%20PHY/Bluetooth_24Security_Pa per.pdf
 Karen Scarfone and John Padgette, Computer Security. Published by, National Institute of Standards and Technology on September 2008. Retrieved on 2nd January 2009 from the website: http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
 Hager, C.T. Midkiff, S.F, An analysis of Bluetooth security vulnerabilities Bradley Dept. of Electr. & Comput. Eng, Virginia Polytech. Inst., Blacksburg, VA, USA; Published on March 2003 Retrieved on 3rd January 2009 from the website: http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1200664
 Bluetooth Protocol from Wikipedia the Free Encyclopedia Website: http://en.wikipedia.org/wiki/Bluetooth_protocol