Abstract
We have examined Bluetooth-based Pico-network (Piconet) applications in wireless computing and cellular devices and found an extensive number of “unexpected abuses”, where the security expectations of the device owner can be violated. We have studied the underlying causes of such problems and found that many products lack the controls to administer these devices securely. We also observed cases where explicit security claims from the Bluetooth protocol are not satisfied. We classify a number of abuses and security violations as Bluetooth protocol design flaws, application-layer implementation errors or simply pitfalls in the security management. Using this classification we define a core set of requirements that would improve security significantly.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Nilsson, D.K., Porras, P.A., Jonsson, E.: Analyzing and Securing Bluetooth-based Pico Networks. Technical report, Chalmers University of Technology (2007)
BSI. Bluetooth, Threats and Security Measures. Technical report, BSI (2003)
Gehrmann, C., Nyberg, K.: Enhancements to Bluetooth Baseband Security. In: 6th Nordic Workshop on Secure IT-systems (NordSec) (2001)
Janssens, S.: Preliminary Study: Bluetooth Security. Technical report, Vrije Universiteit Brussel (2005)
Levi, A., Cetintas, E., Aydos, M., et al.: Relay Attacks on Bluetooth Authentication and Solutions. In: Aykanat, C., Dayar, T., Körpeoğlu, İ. (eds.) ISCIS 2004. LNCS, vol. 3280, Springer, Heidelberg (2004)
Ritvanen, K., Nyberg, K.: Upgrade of Bluetooth Encryption and Key Replay Attack. Technical report, Helsinki University of Technology (2004)
Rousseau, L., Arnoux, C., Cardonnel, C.: A Trusted Device to Secure a Bluetooth Piconet. In: Gemplus Developer Conference (2001)
Su, J., Chan, K.K.W., Miklas, A.G., et al.: A preliminary investigation of worm infections in a bluetooth environment. In: 4th ACM workshop on Recurring malcode, ACM Press, New York (2006)
Bluetooth SIG.: Bluetooth Specification Version 2.0 + EDR (2004)
Muller, T.: Bluetooth Security Architecture (1999)
Gehrmann, C., Persson, J., Smeets, B.: Bluetooth Security. Artech House, Inc. (2004)
Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents (1998)
Whitehouse, O.: Bluetooth. In: CanSecWest (2004)
Frontline.: FTS4BT Bluetooth Protocol Analyzer & Packet Sniffer (2005)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)
Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), ACM Press, New York (2005)
Motorola: HS820 Wireless Headset with Bluetooth Technology (2005)
Bluetooth SIG. Bluetooth Security White Paper (2002)
Bluejackq: Bluejacking (August 2005), bluejackq.com
Laurie, A., Holtmann, M., Herfurt, M.: Hacking Bluetooth enabled mobile phones and beyond - Full Disclosure. In: Blackhat Security Briefings (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nilsson, D.K., Porras, P.A., Jonsson, E. (2007). How to Secure Bluetooth-Based Pico Networks. In: Saglietti, F., Oster, N. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2007. Lecture Notes in Computer Science, vol 4680. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75101-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-75101-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75100-7
Online ISBN: 978-3-540-75101-4
eBook Packages: Computer ScienceComputer Science (R0)