Saturday, January 1, 2011

【 Weak current College 】 Bluetooth information security and key algorithm improved 】

Summary: the focus of a Bluetooth security mechanisms, on the part of the algorithm and implementation steps are discussed in detail. And on the existing Bluetooth specification made certain security assessments, on the basis of its deficiencies raised by DES algorithm construction of a new security mechanisms that can meet the security requirements for higher Bluetooth applications.

Keywords: Bluetooth passkey DES algorithm security mechanisms
Bluetooth as a new kind of short-range wireless communication technology is already widely used in various areas, it provides low-cost, low power, short-range wireless communications, fixed and mobile communication environments, personal network, makes various information within close distance to achieve seamless sharing of resources.
Because of Bluetooth communication standard is based on the radio as a medium, a third party may intercept the information easily, Bluetooth technology must take certain security mechanisms, especially in electronic trading applications. In order to provide information on the use of security and reliability, the system must be at the application layer and link layer provides security measures.
This article focuses on the Bluetooth information security principles and the relevant algorithm posed, and noted that its security shortcomings and problems. Because for most needs to be kept secret in the first place to consider the application of existing standards for Bluetooth for data security is not enough. The current specification Bluetooth 128-bit key length encryption sequence in some cases can be cracked. This article also presents a Bluetooth security improvement programmes, using DES encryption system in building robust and key algorithms to compute the cryptographic algorithms on is safe and reliable.
1 Bluetooth security
Bluetooth security mechanism applies to peer-to-peer communication, both in the same way for authentication and encryption procedures. Link layerusing four entities provide security: an open Bluetooth device address, length 48bit; authentication key length 128bit; an encryption key length is 8 ~ 128bit; random number, length 128bit. The following focus on Bluetooth security mechanism of the composition and related algorithms.
1.1 random number generator
Random number generator in the Bluetooth standard has important applications, for example, generate authentication key and an encryption key and query-response programme. Generate random numbers for the ideal approach is to use a random physical characteristics of a true random number generator ·, such as some electronic devices, such as thermal noise, but in practice is usually implemented using software-based pseudo random number generator. The Bluetooth system for random number generation is "random" and "non-repetitive". "Random" is not possible to clear the probability is greater than zero (for length l bit of Bluetooth encryption key, the probability is greater than 1/2L) estimates a random value.
At present in many types of pseudo random number generator, linear congruential generator (LinearCongruentialGenerator) is the most widely studied and used. Its expression is:
-Α and c is a constant, m is the modulus, are positive integers. Α X n + c on a modulo m after Xn + 1. Beginning in some way give a seed number X0; then use the previous random integer Xn generates the next random integer Xn + 1, the resulting integer random numbers column {Xn}.
1.2 key management
Bluetooth unit key length cannot be preset by cell maker, cannot be set by the user. Bluetooth baseband standard provisions do not receive the high-level software gives the encryption key to prevent users full control of the key length.
1.2.1 key type
Link key is a 128-bit random number, a communication between two or more parties shared temporary or permanent key. -Permanent link-key can be used for sharing the link unit between several successive certification process. Temporary keys are typical applications: in point-to-multipoint communication, the same information needs to be securely sent to more than one receiver, using the main unit to replace the current link key key. Bluetooth standard defines four types of link key: ① ② KAB joint key;; ③ cell key KA Kmoster temporary keys; ④ Kinit to initialize the key. It also defines the encryption key Kc, represented by the current link key generation. On Bluetooth unit, the unit KA in A key element in generating, depend on this unit, with little change. United keys KAB. By unit A, B build together. Temporary keys Kmoster only in the current session, also known as the main cell key. Initialize the key Kinit is Bluetooth used during initialization of the link key. The key consists of a random number, a typically decimal pin and initiate cell Bluetooth device address generated BD_ADDR. PIN codes can be used by the user to select or with Bluetooth with a fixed number. Currently, most applications PIN to 4-digit octal number, unable to provide for higher security. Bluetooth baseband standard PIN length is 1 ~ 16-bit, so it is recommended that you try to use longer PIN codes for enhanced security.
1.2.2 key generation and initialization
Each pair to implement authentication and encryption of Bluetooth unit to perform the initialization process, the process consists of:
(1) generate initialization key Kinit: the initialization process for temporary use of link key. The key from E22 algorithm and related parameters generated, generate a schematic diagram shown in Figure 1. E22 output of 128-bit initialization key Kinit to link key Exchange distribution process. If the applicant and proved not exchanged link key, then Kinit to the certification process, otherwise no longer in use. The procedures must guarantee to protect against certain attacks, such as the attacker uses a lot of fake Bluetooth address to test a large number of PIN BD_ADDR, etc, if the deviceaddress fixed each time the test PIN to wait interval should be increased by index.
(2) certification: If two modules have been communication links, is used to initialize the key as a link key. Each certification procedures, are releasing a newAU_RANDA random parameters. In mutual authentication, the first in one direction to perform authentication for, and then reverses after successful authentication. Certification success will be a secondary parameters ACO, authenticated encryption offset. It will be used to generate the encryption key.
(3) generate unit keys: key in the Bluetooth module for the first time, generated at run time, depending on the algorithm for generating and almost E21 does not change. Initializes the parties typically use a memory capacity of fewer units in key as link key.
(4) build joint key: joint key is in A unit and B unit generated a combination of the two numbers. The build process is: each module generates random numbers, with Lk_RANDB LK_RANDA E21 algorithms and their random number, Bluetooth address respectively generate another random number LK_KA and LK_KB, and through other actions after two modules that combine key. Then begin the process of mutual authentication to verify that the interactive process was successful. Joint key exchange assignment is successful will abandon the use of the original link key.
(5) to generate an encryption key: encryption key algorithm under E3 Kc, represented by the current link key, encrypted offset number 96bit "COF" and a random number export 128bit.
(6) point to multipoint configuration: in fact, several master unit notification from the unit uses a common link key broadcasting an encrypted message, in the majority of applications in the common link key is an ephemeral key, recorded as Kmoster. Kmoster was once from the modules receive it replaces the original link available keys of generate process for Kmoster: first 2 128bit RAND1 and random number generation new link key RAND2 Kmoster: Kmoster = E22 (RAND1, RAND2, 16). Then the third random number RANO destined from the cell, the master, slave unit under the E22, current link key and RAND calculated 128bit disrupt code overlay, the overlay will be the main unit and the new link key bitwise exclusive-or "results" and send to from the cell, and then calculate the Kmoster. At the back of the certification process to compute a new ACO value.
1.3 encryption specification
On the payload encrypted stream cipher algorithms, stream cipher and payload synchronization, encryption principle diagram shown in Figure 2. Stream cipher system consists of three parts: the implementation of the initialize, generate the key stream bit, perform encryption or decryption. Payload key generator will enter the bit stream in a proper order portfolio and move renmiyao stream generator using four LFSR linear feedback shift register. The second part is the main part of the key stream bit based Massey and generated by Rueppel, the method after a certain amount of analysis and research that have high encryption properties, but this method could be related attacks, the improvement of the methods described in detail later in this article.
1.3.1 agreed an encryption key length and encryption mode
Implementation of the Bluetooth baseband standard equipment you need to define the maximum allowed length of Lmax key bytes, 1 ≤ Lmax = 16. Before you generate the encryption key, the unit must agree on the actual length of the key. Main unit will propose values L (M) the sug sent to from the unit. If L (S) min ≤ min L (M) and from unit to support the proposed value, from the unit on this confirmation, L (M) min become link encryption key length value. If you do not meet the above conditions, from the main unit to the unit will send a new proposed values L (S) min page〈 L (M) the sug, the main unit. Repeat this procedure until you reach an agreement or a party to give up.
1.3.2 encryption algorithm
Encryption specification for the use of stream cipher encryption. Encryption system uses a linear feedback shift register (LFSRs), register the system output with 16 State of finite state machines, state machine combination or sequence key stream output, or the initialization phase of a random initial value. Encryption algorithm needs to provide the encryption key, 48bit Bluetooth address, main unit clock bit and 128bit random number RAND, encryption algorithm theory as shown in Figure 3.
Among them, there are four LFSR (LFSR1, ... , LFSR4), bit-length L1 = 25 respectively, L2 = 31, L3 = L4 = 33, 39, feedback polynomial (tap polynomial, characteristic polynomial). 4 the sum of the lengths of each register is 128bit.
The polynomials are primitive polynomial, Hamming weight of 5, you can combine to generate the series has a good statistical characteristics and reduce hardware implementation need exclusive-or gate number two requirements.
Orders moment output LFSRit xit represents state bits, the tuple (x1t, ... Yt x4t) have, to:
, Type integer, in Yt to evaluate to 0, 1, 2, 3 or 4. Add generator output is given by the following equation:

Type, T1 and T2 [.] [.] is GF (4) on two different linear double shot.
Key stream generator to work before the need is 4 LFSR (total 128bit) mount the initial value and determine C0 and C-14bit value, these initial values using the key stream 132bit generator by the amount of input, the input quantity exported were key Kc, 48bit Bluetooth address and the primary unit clock 26bit CLK26-1. Encryption algorithm initialization process: (1) the encryption key by 128bit Kc generate a valid encryption key, note for c K ', L (1 ≤ L ≤ 16) in order to use the number represents 8bit group effective key length, the K ' c (x) = g2 (L) (x) (Kc (x) modg1 (L) (x)). (2) the k ' c, Bluetooth address, clock and 6bit constant 111001 moved into an LFSR. Encryption algorithm when initialization is complete, the output from the additive combinationkey stream is used to encrypt/decrypt.
1.3.2 certification
Bluetooth technology certification entity using the so-called identification-response programme. Through the "two-step" Protocol, the applicant is aware of the secret key usedThe symmetric key to confirm. This means that a correct applicant/proved right, in the inspection-response scenarios will share the same key Kc, proved that the applicant is able to authentication algorithm AU_RANDA K1 certification number and returns the authentication result from inspection of SERS,. The authentication and encryption key generation functions can refer to the related information here. 
2 Bluetooth security improvement programme
An existing Bluetooth security mechanism exists in two major problems. One is the use of the unit keys: in the authentication and encryption process, because of the unit keys does not change, the third parties use this key to steal information. 128-bit key length encryption E0 sequence in some cases can be very complex methods of cracking. The other is a Bluetooth module provides a personal identification number (PIN) of insecurity: since most applications in the PIN code is a 4-digit decimal number, so the use of brute force method is very easy to attack successfully.
Overcome these security problems in addition to increasing PIN length, the key is to take a more robust encryption algorithm, such as digital encryption standard DES encryption algorithm instead of the sequence. DES is a block encryption, the encryption process is carried out for each data block. The DES algorithm, the original information is divided into 64-bit fixed-length data block, and then use 56-bit encryption keys and combinations with replacement method to generate a 64-bit encryption information. And Bluetooth serial encryption algorithms, mathematical proof block encryption algorithm is completely safe. DES block cipher is highly nonlinear stochastic and the resulting ciphertext and clear and the key ofeach related. DES encryption keys available on the number of very large, applied to each key express information are from the large number of randomly generated key. DES algorithm has been widely used and very reliable. Use DES encryption algorithm of Bluetooth technology can be applied to the security of Bluetooth applications, such as electronic financial transactions, ATM, etc.
2.1DES algorithm
1977 United States National Bureau published the Federal data encryption standard DES. Due to des algorithm strong, yet no workable crack method, DES was widely used. DES is a block cipher system, it will clear the 64-bit group into several groups, a 56-bit key length. The basic idea is to use a combination of iterative and transformation, in the plaintext into ciphertext group group.
In DES systems, product transformation is the core of the encryption process, continuous operation for 16 times, each time you update a set of keys. Shift shift b is A transposition of the inverse transformation. Figure 4 system for DES encryption process, the right of the graph represents the DES key generation process. The initial key is a string of 64 random sequence. After repeated displacement transform, produce 16 Group sub key (K1-K16), each child key for a product of the transformation. The so-called original rearrangements (IP) is seeking input bits are grouped in the original order, rearrange, and arrangement are fixed.
A multiplication DES transform operation steps: (1) to enter code 64bit into left groups, each group of 32-bit, respectively Li-1 and Ri-1 representative. Which I represent the ith product transformation, I = 1 to 16. (2) the same product transform input group the right set of 32-bit into output group left group of 32-bit, i.e., Li = Ri-1. (3) enter the group the right set of 32-bit extended operation into 48 bit than tema group. (4) extensions transform the output of the 48-bit bit and 48-bit key Ki bit press die 2 together, the output of the 48-bit bitis divided into eight groups of six. (5) to each group of 6-bit bit for dense table (S-box), 4-bit result. Enter the 6 digit bit 1, 6 2 bit density in the number of rows you want to select, the remaining 4 bit dense number of columns in the table. (6) 8 groups of dense table output into a 32-bit, and then enter this product transforms left group Ci-1 bitwise die 2 together, you can get the I-time product transform right 32 bit output Ri.
2.2DES algorithm features
DES algorithm has the following characteristics:
(1) DES confidentiality only depends on key secrecy, algorithm publicly.
(2) in the current level, do not know the keys but within a certain time to decipher (i.e. resolve key k, or plaintext) is not possible, at least to establish a 256 or 264 items table, this is not possible with existing resources.
(3) since the "avalanche effect", cannot divide-and-break, a change will cause several changes at the same time.
To sum up, the DES algorithm construction of Bluetooth security mechanism is secure, using brute force attacks is not realistic. Suppose you have a completed per second a DES encryption machine with nearly 1000 years to crack the password.
The above algorithm can keep the data encrypted with the Bluetooth standard required parameters of consistency, it produces a algorithm with Bluetooth cell key in time for the same number of levels, in line with the Bluetooth specification requirements.
This article first focused on the mechanisms of Bluetooth information security, its all part of the algorithm and implementation steps are described in detail. And then on the existing Bluetooth specification security do some evaluation and presented in accordance with its insufficient by the DES algorithm to build a new security solution, capable to Bluetooth in the security requirements for higher application provides an improved security design.

No comments:

Post a Comment