1 Introduction
Bluetooth technology is based on chips and provides short-range wireless frequency hopping communication. It has low power requirements and can be embedded in any digital device. Digital devices with Bluetooth chips, such as portable computers, mobile phones, and PDAs, can communicate through the Bluetooth mobile network. In a few years, Bluetooth will appear in devices such as TVs, Hi-Fis, VCRs, and microwave ovens.
The wireless frequency hopping technology used by Bluetooth has led people to mistakenly believe that the security mechanism of Bluetooth has been solved. But in fact, wireless frequency hopping technology is not a technical obstacle for eavesdroppers and interceptors. Current Bluetooth chips and devices do not have security measures such as data confidentiality, data integrity, and user identity authentication.
Like other wireless communication networks, the Bluetooth network is also an open network. When the Internet was first designed, it did not consider the design of security mechanisms, and it still faces many security issues today. The first generation of mobile communications also did not design security mechanisms, resulting in the first generation of mobile communication devices being imitated and monitored. Although the second generation mobile communication GSM network uses encryption algorithms to identify users, the encryption algorithms are relatively weak and are very easy to be deciphered. Deciphering software can be downloaded on the Internet. There is no effective encryption measure for voice signals, not only on mobile phones, but also between stations.
At present, the Internet, third generation mobile communications and WAP all use PKI technology and a combination of public key algorithms and symmetric key algorithms to ensure identifiability, data integrity and confidentiality, and non-negligibility of communication.
Now, while SIG is discussing Bluetooth protocol version 2.0, the industry has implemented Bluetooth protocol version 1.0 and 1.0B. At present, the protocol stack based on version 1.0B has entered the use stage, and various Bluetooth devices have been launched or are under development.
At the beginning of the birth of Bluetooth technology, its security issues were not considered. Although a 128-bit chip number is now provided as the device authentication number, it can be tampered with and used fraudulently during communication.
SIG has recently begun to pay attention to the security issues of Bluetooth and has initially proposed Bluetooth security modes 1, 2 and 3. Since the detailed security scheme of mode 3 is still under discussion, this article mainly discusses the security of Bluetooth based on mode 2.
2 Bluetooth security structure
Bluetooth technology has become the focus of global telecommunications and electronic technology development. Newly developed products using Bluetooth technology are also emerging in an endless stream. Bluetooth technology is being widely used in computer networks, mobile phones, PDAs and other fields. Bluetooth chips are the basis of Bluetooth devices. Western countries have produced Bluetooth chips based on different technologies (CMOS, silicon on insulator, etc.). The price of Bluetooth chips has been declining and will reach a generally acceptable level in the next two years. A mobile network terminal based on Bluetooth technology can be composed of four parts: Bluetooth chip and embedded hardware devices, Bluetooth core protocol stack, Bluetooth support protocol stack and application layer protocol. A
secure mobile network terminal based on Bluetooth technology also includes a security management system. The system structure of a secure mobile network terminal based on Bluetooth technology is shown in Figure 1.
Some Western companies develop LMP (Link Management Protocol) on chips, while others solidify LMP in chips.
3 Protocol stack and security management system
International standards specify three security modes for Bluetooth devices: Mode 1, most existing Bluetooth-based devices do not use information security management and do not perform security protection and processing; Mode 2, Bluetooth devices use information security management and perform security protection and processing, and this security mechanism is established in L2CAP and the protocols above it; Mode 3, Bluetooth devices use information security management and perform security protection and processing, and this security mechanism is established in chips and LMP (Link Management Protocol).
Given the current status of Bluetooth chips, adopting Mode 3 will require redesigning existing Bluetooth chips and adding and enhancing chip functions, which is not conducive to reducing chip prices. Western Bluetooth technology manufacturers are considering adopting Mode 2.
The security mechanism of Mode 2 allows security to be enhanced on different protocols. L2CAP can enhance Bluetooth security, RFCOMMM can enhance the security of Bluetooth device dial-up Internet access, and OBEX can enhance the security of transmission and synchronization.
Bluetooth's security mechanism supports authentication and encryption. Authentication and verification can be bidirectional, and the key establishment is achieved through a bidirectional link. Authentication and encryption can be implemented in the physical link (for example, at the baseband level) or through the upper layer protocol.
4 Security Technical Implementation
(1) DH Scheme
The DH algorithm is used to establish the key used by both parties to encrypt information. The workflow is as follows.
In the first communication, when the communication state has been established, the sender transmits A to the receiver through a wireless frequency hopping signal.
A = g^x mod p After receiving A, the receiver sends B to the sender.
B = g^y mod p Then, the sender and the receiver perform the following calculation:
key = g^xy mod p Since both parties have key, when the two parties communicate further, they can encrypt the sent file or data M. C = key(M) The receiver can use the same key to obtain the plaintext.
M = key (C)
The DH scheme has its disadvantages, namely, it does not authenticate the user.
(2) RSA scheme
The RSA scheme can effectively solve the user's identity authentication and key establishment. Its workflow is as follows.
A and B are users of Bluetooth wireless communication. A and B obtain their own electronic certificates from the same CA (electronic certificate authority), which include their own public keys and validity. They also have CA's certificate.
When A and B communicate:
the first step is that A sends its certificate to B, and B verifies A's certificate.
The second step is that after confirming A's certificate, B sends its own certificate to A.
The third step is that after A confirms B's certificate, it encrypts it with B's public key. A symmetric key used for data encryption is calculated as follows:
C = (key) PBmodN
,
where N = p. q, p and q are two large prime numbers, N is the modulus, and PB
is
the public key.
Step 4: After B receives C, it performs the following operation:
key = CR
B
mod NR
B
is B's key.
Step 5: After step 4, both parties have key, and the communication between the two parties can be encrypted with key, C = (M) key. Since only A and B know key, only A and B can decrypt the encrypted C.
This protocol stack and security management system can be built on any Bluetooth device based on RFCOMMM. Its goal is to establish a secure Bluetooth communication mechanism.
In the process of identification and authentication, some previous Bluetooth devices can realize device identification. This example can realize user identity authentication, and it has the following other advantages.
1) It can not only authenticate the device, but also the user's identity to prevent impersonation and counterfeiting of devices. In L2CAP or RFCOMMM, call the function MDH (element, root, modenln, VAR1, VAR2, VAR) to establish a shared key between the two parties and implement user authentication.
2) Reliable and secure encryption, flexible encryption method. The encryption function can be implemented by EXBX, RFCOMMM or L2CAP calling the EA (Data, Key, VAR1) of the security management system, and decryption is implemented by CA (Data, Key, VAR1).
3) Data integrity. The system can detect interference and changes in transmission signals. In any level of protocol, by calling MAC (Data, Key, VAR1, VAR2), the interference and changes to the wireless signal can be found.
5 Conclusion
Bluetooth technology is attracting more and more attention, and its applications in industry and home are also increasing. Its security will be valued by users as it is applied, and designing and planning Bluetooth security has become an urgent task. The purpose of this article is to start a discussion and reference by industry experts to develop Bluetooth technology to be more perfect and practical.
Previous article:Bluetooth technology issues, prospects and China's spectrum management strategy
Next article:Bluetooth Technology and Its Current Development
- Popular Resources
- Popular amplifiers
AD746SR- High signal-to-noise ratio MEMS microphone drives artificial intelligence interactionAuthor: Dr. Gunar Lorenz Senior Director of Technology Marketing, Infineon Technologies Proofreader: Ding Yue Chief Engineer, Greater China, Consumer, Computing and Communications Business, Infineon Technologies Introduction At Infineon, I ...
- Advantages of using a differential-to-single-ended RF amplifier in a transmit signal chain designTraditional radio frequency (RF) transmit signal chains typically use a digital-to-analog converter (DAC) to generate a baseband signal. This signal is then up-converted to the desired RF frequency using an RF mixer and a local oscillator. ...
- ON Semiconductor CEO Appears at Munich Electronica Show and Launches Treo PlatformDuring Electronica, ON Semiconductor CEO Hassane El-Khoury was interviewed by Power Electronics News at the exhibition site and gave a detailed introduction to the new products that ON Semiconductor brought to the market. ...
- ON Semiconductor Launches Industry-Leading Analog and Mixed-Signal PlatformThe Treo platform uses a modular architecture that accelerates the development of intelligent power management, sensor interface and communication solutions. The Treo platform is based on 65-nanometer BCD process technology and supports ...
- Analog Devices ADAQ7767-1 μModule DAQ Solution for Rapid Development of Precision Data Acquisition Systems Now Available at MouserMouser Now Stocking Analog Devices ADAQ7767-1 μModule DAQ Solution for Rapid Development of Precision Data Acquisition Systems November 6, 2024 – Offering a broad range of semiconductor and electronics ...
- Domestic high-precision, high-speed ADC chips are on the rise
- Microcontrollers that combine Hi-Fi, intelligence and USB multi-channel features – ushering in a new era of digital audio
- Using capacitive PGA, Naxin Micro launches high-precision multi-channel 24/16-bit Δ-Σ ADC
- Fully Differential Amplifier Provides High Voltage, Low Noise Signals for Precision Data Acquisition Signal Chain
- Innolux's intelligent steer-by-wire solution makes cars smarter and safer
- 8051 MCU - Parity Check
- How to efficiently balance the sensitivity of tactile sensing interfaces
- What should I do if the servo motor shakes? What causes the servo motor to shake quickly?
- 【Brushless Motor】Analysis of three-phase BLDC motor and sharing of two popular development boards
- Midea Industrial Technology's subsidiaries Clou Electronics and Hekang New Energy jointly appeared at the Munich Battery Energy Storage Exhibition and Solar Energy Exhibition
- Guoxin Sichen | Application of ferroelectric memory PB85RS2MC in power battery management, with a capacity of 2M
- Analysis of common faults of frequency converter
- In a head-on competition with Qualcomm, what kind of cockpit products has Intel come up with?
- Dalian Rongke's all-vanadium liquid flow battery energy storage equipment industrialization project has entered the sprint stage before production
- Allegro MicroSystems Introduces Advanced Magnetic and Inductive Position Sensing Solutions at Electronica 2024
- Car key in the left hand, liveness detection radar in the right hand, UWB is imperative for cars!
- After a decade of rapid development, domestic CIS has entered the market
- Aegis Dagger Battery + Thor EM-i Super Hybrid, Geely New Energy has thrown out two "king bombs"
- A brief discussion on functional safety - fault, error, and failure
- In the smart car 2.0 cycle, these core industry chains are facing major opportunities!
- The United States and Japan are developing new batteries. CATL faces challenges? How should China's new energy battery industry respond?
- Murata launches high-precision 6-axis inertial sensor for automobiles
- Ford patents pre-charge alarm to help save costs and respond to emergencies
- New real-time microcontroller system from Texas Instruments enables smarter processing in automotive and industrial applications
- MSP430F5438A
- Could you recommend a replacement chip for PGA280?
- 180,000 for 5 kicks? What kind of screen is this? It's so expensive! Is there gold in the screen?
- Evaluation summary: Xingkong Board Python programming learning control board
- National epidemic statistics in the past 11 days, please pay attention if you are visiting relatives
- Problems encountered during ads2020 installation
- MSP430 MCU Simulation Example 19-D/A Conversion Sine Wave Generator Based on Proteus
- Serial communication based on stm32 code implementation
- RF power testing is that simple when explained thoroughly!
- Some concepts in FPGA
京公网安备 11010802033920号