Hi Philip,
> Call me paranoid but I would like to know if there is any way to limit
> all types of communication to just several devices by checking with the
> hardware addresses.
>
> I understand that in principle not being discoverable and the pin
> challenge should help you with being secure but to me this is not enough.
>
> I'm currently running 2 class 1 devices to serve my flat with rfcomm for
> dial in and I for sure do not want anyone besides me to get access to
> these com ports.
>
> Is there anything I can do to tighten security and limit all
> communication to just some devices?
>
> I do understand that even this is no guarantee for anything, but I'd for
> sure feel better :)
When assessing your level of security (and evaluating address
filtering), keep in mind that it's not too difficult to masquerade BT
device addresses. You only neeed to look up the Axis OpenBT stack source
code to figure out how to adjust the device address of certain Ericsson
and CSR-based modules.
Clearly, your main line of defense should be a strong BT PIN.
Cheers,
Michael
--
===========================================
Michael Schmidt
-------------------------------------------
Institute for Data Communications Systems
University of Siegen, Germany
===========================================
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
On Friday 27 August 2004 13:02, Steven Singer wrote:
> > Which raises one very minor point -
> > how can one force two devices to re-pair?
>
> This is usually a user interface issue. Look for some option to forget
> about a device.
>
> If all else fails, delete the link key.
I thought of doing this,
but decided that in view of my total ignorance of the subject
it might be a little dangerous - bluetooth might never work again ...
But regarding pairing, I was wondering about the probably mythical future
in which one wanders through a shopping mall
getting info on bargains on one's bluetooth phone.
Will the phone have to pair with all these shops?
Or can one download some info without pairing?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Timothy Murphy wrote:
> Which raises one very minor point -
> how can one force two devices to re-pair?
This is usually a user interface issue. Look for some option to forget
about a device.
If all else fails, delete the link key.
- Steven
--
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
http://www.mimesweeper.com
**********************************************************************
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
On Thursday 26 August 2004 21:20, Steven Singer wrote:
> > I find this PIN business very hard to follow.
> > Is there a simple account somewhere?
> > (Please don't refer me to the Bluetooth Spec
> > which I find more or less unintelligble.)
>
> Every Bluetooth device has a unique address. As has been noted on this
> mailing list, addresses can be faked.
Thanks, I found that very helpful.
> > I have two laptops, martha and william (my grandparents).
> > I first linked to my Nokia 6310 with martha.
> > For some reason the phone thinks william is also martha.
> > Is this something to do with the fact that I always use the same PIN?
>
> More likely it's to do with you using the same dongle for both PCs. The
> phone probably read the name stored in the dongle once and has cached
> it. On subsequent occasions when it sees the same device (that is, when
> it has a connection from the same Bluetooth address), it's not bothering
> to read the name, it's just displaying the cached name.
In fact, these are two almost identical laptops with built-in bluetooth.
They have different BT addresses.
I think what must have happened is that at some point in the past
I copied /etc/bluetooth from one to the other.
(I had to replace the hard disk on one.)
Which raises one very minor point -
how can one force two devices to re-pair?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Timothy Murphy wrote:
> On Thursday 26 August 2004 13:10, Steven Singer wrote:
>> A strong BT PIN [1] should not be your main line of defence, it should
>> be merely your first line of defence.
>
> I find this PIN business very hard to follow.
> Is there a simple account somewhere?
> (Please don't refer me to the Bluetooth Spec
> which I find more or less unintelligble.)
Let's try this:
Every Bluetooth device has a unique address. As has been noted on this
mailing list, addresses can be faked.
A pair of Bluetooth devices may share a link key. A link key is a piece
of information that only those two devices know.
When two paired devices meet again, they ask each other questions to
make sure that the other side knows the link key and is, therefore, the
same device they talked to before.
This process is known as authentication.
This leaves just the problem of how to get the two sides to agree on
a link key without sending it in the clear over the air.
The process to do this is called bonding or pairing.
In this process, the user supplies each device with some information not
known to anyone else - the PIN. The two modules use this information to
securely exchange some information from which they can generate the link
key for future meetings. After this initial exchange the PIN is
discarded (note that the link key does not depend on the PIN at all, if
you pair the same devices several times with the same PIN you will get
different link keys each time).
One slightly interesting issue is that the link key can be stored in the
Bluetooth device, or can be provided by the host (in this case BlueZ).
If it's stored in the device then you're merely authenticating that the
device is correct. If it's stored in the host then you're authenticating
the device-host pair (the device has the address, the host has the link
key).
For systems where the Bluetooth device is firmly integrated with the host
(such as in a phone) this difference is purely academic. For systems
where the Bluetooth device and the host are separable (such as where you
have a USB dongle plugged into a PC) this is an important issue. If the
link key is stored in the dongle then any device that dongle is plugged
into will be equally trustworthy to its paired devices. This might be
convenient but it's also a security risk - if someone steals the dongle
then they can get access to all the devices it's paired with. Also,
there's an HCI command to read out link keys that are stored in the
dongle so someone can 'borrow' your device, read the link keys, return
the device and then snoop all your traffic.
> I have two laptops, martha and william (my grandparents).
> I first linked to my Nokia 6310 with martha.
> For some reason the phone thinks william is also martha.
> Is this something to do with the fact that I always use the same PIN?
More likely it's to do with you using the same dongle for both PCs. The
phone probably read the name stored in the dongle once and has cached
it. On subsequent occasions when it sees the same device (that is, when
it has a connection from the same Bluetooth address), it's not bothering
to read the name, it's just displaying the cached name.
- Steven
--
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
http://www.mimesweeper.com
**********************************************************************
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
On Thursday 26 August 2004 13:10, Steven Singer wrote:
> A strong BT PIN [1] should not be your main line of defence, it should
> be merely your first line of defence.
I find this PIN business very hard to follow.
Is there a simple account somewhere?
(Please don't refer me to the Bluetooth Spec
which I find more or less unintelligble.)
I have two laptops, martha and william (my grandparents).
I first linked to my Nokia 6310 with martha.
For some reason the phone thinks william is also martha.
Is this something to do with the fact that I always use the same PIN?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Michael Schmidt wrote:
> Philip Lawatsch wrote:
>> Call me paranoid but I would like to know if there is any way to limit
>> all types of communication to just several devices by checking with the
>> hardware addresses.
[...]
> When assessing your level of security (and evaluating address
> filtering), keep in mind that it's not too difficult to masquerade BT
> device addresses. You only neeed to look up the Axis OpenBT stack source
> code to figure out how to adjust the device address of certain Ericsson
> and CSR-based modules.
>
> Clearly, your main line of defense should be a strong BT PIN.
Actually, I'd disagree.
A strong BT PIN [1] should not be your main line of defence, it should
be merely your first line of defence.
If you're looking to restrict access to just a few devices then you
should trust just those few devices, not every device that can guess
the PIN. Restriction of access to services to just a few trusted
devices is your main line of defence.
Although, as Michael correctly points out, it's easy to change the
address of a BT device, authentication is designed to prevent this
attack.
The Bluetooth spec talks about various grades of devices: unknown,
known, paired and trusted. The two key points about trust are: firstly,
that it's a manual step whereas all the others may be automatic [2];
and secondly; that it's per service rather than per device.
You need not give all paired devices access to all services.
Note also that trust is granted at the service level, not at the HCI
level. The HCI level can merely authenticate a device - "the device
claiming to have address X is the same device that claimed to have
address X when you paired". Trust is granted above HCI because it's
granted by the user (who sits above HCI) not by the device below HCI.
Also, you should avoid re-pairing devices to avoid spoofing. Ideally,
you'd want a device to become untrusted if it ever re-paired.
Pairing is not a procedure to be performed every time a device wants
to connect. It should be performed once to allow the user to teach the
Bluetooth stack about a device.
If pairing were to be performed without any eavesdroppers (say in a
shielded room) then it wouldn't matter if the PIN were weak. The PIN is
used only during the initial pairing procedure and then discarded [3].
It may be worth cycling link keys occasionally by using the HCI command
Change_Connection_Link_Key. That way if an attacker did know the link
key, if they're not snooping at the time you change the link key,
they'll be locked out.
You probably also want to add application level security. There's a
phrase "defence in depth" - never rely on a single security barrier,
always use many.
I'm not sure how well BlueZ's security model matches the model in the
spec (maybe Marcel can comment). From what other people have said in
this thread, it sounds like BlueZ is missing an application to allow
users easily to grant and deny access to services.
- Steven
[1] The GAP spec mandates that at the user interface level, the
phrase "Bluetooth Passkey" should be used - not Bluetooth PIN.
However, PIN is much easier to type :-)
[2] If you're having to type in a PIN then the pairing step is manual,
but if you're handling it through a script which doesn't prompt
the user then it's automatic.
An individual service may be prepared to allow access from
untrusted devices. For example, vCard exchange could be allowed
with all devices.
In theory you could tell your host to trust all paired devices,
but that'd be silly - why not just reduced the access level of
that service to 'any paired device' instead of 'trusted devices'.
[3] For reference, the PIN is used secure an initial transation during
which two 128 bit random numbers are exchanged. The information
from the PIN is then discarded and the link key is generated from
the random numbers. Weak PINs mean that it's possible to snoop
this initial transaction. However, if the transaction is not
snooped then it doesn't matter how weak the PINs were - the random
numbers are just as random as with a strong PIN.
Each time you pair you're exposing your system.
--
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
http://www.mimesweeper.com
**********************************************************************
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Michael Schmidt wrote:
> Hi Philip,
>
>> Call me paranoid but I would like to know if there is any way to limit
>> all types of communication to just several devices by checking with
>> the hardware addresses.
>> I do understand that even this is no guarantee for anything, but I'd
>> for sure feel better :)
> When assessing your level of security (and evaluating address
> filtering), keep in mind that it's not too difficult to masquerade BT
> device addresses. You only neeed to look up the Axis OpenBT stack source
> code to figure out how to adjust the device address of certain Ericsson
> and CSR-based modules.
>
> Clearly, your main line of defense should be a strong BT PIN.
Of course, I totally agree (and stated that in my previous mails).
However, the last thing I want to see is some sort of warchalking (or
bluechalking?) outside my flat ...
Next thing on the list is using vpn over ppp over bluetooth :)
kind regards Philip
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users