蓝牙通信安全性的研究

上海交通大学硕士学位论文蓝牙通信安全性的研究姓名：杨磊申请学位级别：硕士专业：软件工程指导教师：夏雨人20070501iiiBluetoothTechnologyPINPIN,VisualC++PINBrute-ForceivDDoSPINDiffie-HellmanIDEAPKIIDEAPINDiffie-HellmanIDEAvRESEARCHOFBLUETOOTHCOMMUNICATIONSECURITYABSTRACTAlongwiththewideusageofBluetoothtechnologyinallkindsofimportantdomainssuchaseBuisness,thesecurityproblemhasstartedtodrawmoreandmoreattentions.OnesideduetothefactBluetoothsecurityismainlybasedonthestrengthofPINcode,thereexistseveralattackstowardsPIN.OntheotherhandwiththelackofdeviceidentitycertificationinBluetoothsystem,malicioususerscantakeadvantageofre-pairingtoattack.TheBluetoothencryptionenginecomesfromtheimprovementofstreamcipheralgorithm.Itisinevitabletogetattackedintentionallylikecorrelationattackevenifitbearsthesuperiorityofbeingsimpleandeasytoimplement.ThethesisgivesadeepintroductiontoBluetoothsecuritysystemaswellastherootcauseofpotentialproblems,andcomesupwithcorrespondingsolutions.viTheessayfirstbriefsthesecuritymechanismofwholeBluetoothsystemanditsessentialelements,whichconsistsofdeviceidentityandsecretkeytypesaswellasthewaystogeneratethem.AfterthattheessayelaboratesseveralsecurityrelatedBluetoothcommunicationprocesses,describesthewayofinitialization,authenticationandencryption,andstatesdifferentalgorithmsgeneratingmainBluetoothsecretkeysandinputparameters,whichconsistsofinitializationkey,combinationkeyandencryptionkey.Basedonstudyofinternalstructureforencryptionengine,VisualC++isusedtosimulatetheimplementationofthealgorithm.Finallyasummaryismadeforthetestresult.TheessaythendetailspotentialsecurityproblemsinBluetoothsystem.ItemphasizestheimpactfromPINcodelengthandthenanalyzesBrute-Forceattackaswellasitsoptimiszedversionandre-pairingattack.Masqueradeanddistributeddenialofservice(DDoS)attacksalongwiththeattackatencryptionprocessandcorrelationattackarealsomentioned.Attheend,theessaybringsupaproposaltoimproveBluetoothmainsecuritydefects.IthighlightsthePINcodelengthincrementcanleadtolineargrowthofattackersviicalculationandsuggestsusingDiffie-HellmanagreementtogetherwithIDEAalgorithmtoencryptplaintextsdataduringtransmission.TosolvetheproblemthatdeviceidentityauthenticationislackinBluetooth,thisessayproposestousePublicKeyInfrastructure(PKI)asasolution.Italsoprovidestwokindsofmethodtostrengthentheencryptionalgorithm.Oneisbasedoncurrentarchitectureandchangethestructureofencryptionengine,whichischaracterizedbylowcostandsimplification.Butitstilltakestheriskofcorrelationattack.TheothersolutionreplacesthestandardBluetoothencryptionwithIDEAalgorithm.Thoughitgreatlyimprovessecurity,butbearstheproblemofcompatibility.Eventually,theessaycomparesthetwoproposalswithoriginalsystemandpointsouttheresearchfocusanddirectionfornextstep.KEYWORDSBluetooth,security,PINcode,encryptionalgorithm,Diffie-Hellman,IDEAiii11.1PINPersonalIdentificationNumberPINPINE0128LFSRLinearFeedbackShiftRegisterIDEA1.2PIN2Brute-Force1.PIN2.PKI3.Diffie-HellmanIDEA4.1.3PINDiffie-HellmanIDEA32.12.4GHzFrequencyHoppingSpreadSpectrumFHSS791Mbps2Mbps721Kbps2.2piconet8masterslave2-1MSSSSSSLLLLLLM:MasterS:SlaveL:BluetoothLink2-1Figure2-1Bluetoothpiconettopology42.32.3.1•BD_ADDRMACIEEE48inquiry•128•8~128•RAND1282.3.2linkkeyencryptionkey199140UnitkeyKACombinationkeyKABTemporarykeyKmasterInitializationkeyKinitKC1.2.3.54.PIN•2.0[1][12]•PINPINPIN02.41.pairing2.2-26Linkkeyexist?StartBluetoothcommunicationAuthenticationProcedureGenerateandexchangeKinitNYAuthenticationsuccessful?NDatatransmissionwithencryptionYCommunicationfailedCommunicationsuccessful2-2Figure2-2Bluetoothcommunicationprocedure2.4.11.2.3.4.PINLinkManager2.4.2Kinit1282-3Kinit72-3KinitFigure2-3InitializationkeyKinitcreationprocedureMasterASlaveB128E22E221.BD_ADDRKinitBD_ADDR2.PINPINPIN3.128IN_RANDPINPINPINPINPININ_RANDPINE22KinitBD_ADDRPINPIN2.4.3KABLK_RANDALK_RANDBE21LK_KALK_KB8()()BBBAAAADDRBDRANDLKEKLKADDRBDRANDLKEKLK_,___,__2121==LK_RANDKAKLK_RANDABBKLK_RANDBAK=KintLK_RANDBD_ADDRE21LK_KLK_KKAB2-42-4KABFigure2-4CombinationkeyKABcreationprocedure2.4.4E1E1SAFERSAFER64SAFER-SK128-challenge-response[14]verifierAU_RANDAclaimantE1BD_ADDR9KSRESE1SRES’PIN2-5SRESSRES’E1ACOAuthenticatedCipheringOffset2-5-Figure2-5Challenge-responsebasedBluetoothauthenticationprocedure2.4.5payloadE0•payloadkeyLFSR•MasseyRueppel10•2-62-6E0Figure2-6BluetoothstreamciphersystemwithE0algorithm2.4.62-7Figure2-7Bluetoothencryptionengine2-72-6LinearFeedbackShiftRegisters,LFSRsSummationCombinerLogicblendK’C48BD_ARRD11CLK26-1128RANDCLK26-1CLK26-12.4.7.1KcKCE396COFCipheringOFfnumber128128COF∪=ACOADDRBDADDRBDCOF__2-1masterkeyCOFACO2-8KC2-8Figure2-8Generationofencryptionkey2.4.7.2K’cKCE0K’CE31281281281~16L()()()()()()()xgxKxgxKLCLC12'mod=2-2g1g2LxgLxgLL8128))(deg(8))(deg()(2)(1−≤=2-3[1]2.4.7.3LFSR1LFSR4162-7LFSRLFSR()001111xgxgxgxgnfnnnn++++=−−…2-4gi10LFSR5LFSR253133392-12-1LFSR12518122025++++tttt5231112162431++++tttt533314242833++++tttt543914283639++++tttt5LFSRLFSR2-9132-9LFSRFigure2-9Type1LFSRstructuregraphLFSR02.4.7.41.LFSR1LFSR4t2.LFSR1LFSR4t2t+1LFSRT1T2Z-1tt-1t+1t+1LFSR200128LFSR2.5Windows2000MicrosoftVisualStudio.NE