1/17

Bluetooth SecurityBluetooth Security

Ain Shams UniversityFaculty of Engineering

Integrated Circuits Lab

Presented byPresented by::

Mohammed Abdelsattar IsmailMohammed Abdelsattar IsmailSameh Talal Magd-El-DinSameh Talal Magd-El-DinSameh Assem IbrahimSameh Assem IbrahimAhmed Abdelhamid SalehAhmed Abdelhamid Saleh

2/17Bluetooth Security5-February-2001

-Overview-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

EncryptionAuthentication

•Challenge-Response Scheme•SAFER+•Needed for encryption

•Optional•Symmetric Stream Cipher•Negotiable Key Size (8-128 bits)

3/17Bluetooth Security5-February-2001

E21E22E2

PIN or Random Number Random number

Kinit or Kmaster Kunit or KcombinationLink Keys

E0

E3

E1 Authentication

KcKcipher

Encryption

-Overview-Overview -Blocks used-Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

4/17Bluetooth Security5-February-2001

•PIN Number

•Initialization Key

•Unit Key

•User Tracking

-Overview-Overview -Blocks used -Weakness-Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

5/17Bluetooth Security5-February-2001

Challenge-Response Scheme:-Overview -Blocks used -Weakness-Authentication-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

6/17Bluetooth Security5-February-2001

The authentication function E1:-Overview -Blocks used -Weakness-Authentication-Authentication -E-E11algorithmalgorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

7/17Bluetooth Security5-February-2001

E3-Key generation function for encryption:

-Overview -Blocks used -Weakness-Authentication -E1algorithm

-Key handling-Key handling -E-E33 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

8/17Bluetooth Security5-February-2001

E2-Key generation function for authentication:

1)E21 mode:

#Utilized when creating unit key and combination key.#It uses the function A’r .

It has two modes of operation:

2)E22 mode:

#Utilized when creating initialization key and master key.#It also uses the function A’r .

-Overview -Blocks used -Weakness-Authentication -E1algorithm

-Key handling-Key handling -E3

-E-E22

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

9/17Bluetooth Security5-February-2001

Secure and Fast Encryption Routine•SAFER K-64 (1993) - Cylink Corporation •James L. Massay of ETH Zurich•SAFER+ was submitted as one of the candidates to AES 1998•Block size = 128 bits, key size = 128 , 192 or 256 bits•Bluetooth: Ar & Ar‘•128 bits block, 128 bits key, 8 rounds, Encryption only

Plaintext Block (16 bytes)

Encryption Round 1

Encryption Round 8

Output Transformation

Ciphertext Block (16 bytes)

2 16-Byte round subkeys

2 16-Byte round subkeys

1 16-Byte subkey

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

10/17Bluetooth Security5-February-2001

ConfusionBit wise XOR – exponential – Addition mod 256Addition mod 256 – logarithmic – Bit wise XOR

e: (45i mod 257) mod 256l: I=e(j)

DiffusionPHT(x,y) = 2x+y mod 256, x+y mod 256)

Ar’PHT

PHT

PHT

PHT

PHT

PHT

PHT

+

e

@@

Declarations

log

@

e

+

e

+

log loge

@ + +

log

PHT

+ @

PHT

+@ @

PHT

+ @

PHT

round_input : (127:0)

e

@ + +

log log

Package List

ieee std_logic_1164 ieee std_logic_arith ieee std_logic_unsigned

e

@

e

@ +

log

+

log

PHT

+ @@

permute

PHT

+ + @@

PHT PHT PHT

PHT PHT PHT

PHT

PHT

PHT

permute

PHT

PHT

permute

PHT

e

@

+

PHT

round_output : (127:0)

PHT PHT PHT PHTPHT PHT

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+-SAFER+ -Round-Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

11/17Bluetooth Security5-February-2001

Bias wordsBp[I]=((45(4517p+I+1 mod 257)mod 257)mod 256)

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+-SAFER+ -Round -Key Schedule-Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

12/17Bluetooth Security5-February-2001

Encryption Round

KEY Scheduler

Controller

Register

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+-SAFER+ -Round -Key Schedule -Implementation-Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG

13/17Bluetooth Security5-February-2001

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption-Encryption -modes-modes -Key Reduction -Engine (E0) -Timing -PRNG

14/17Bluetooth Security5-February-2001

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption-Encryption -modes -Key Reduction-Key Reduction -Engine (E0) -Timing -PRNG

15/17Bluetooth Security5-February-2001

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption-Encryption -modes -Key Reduction -Engine (E-Engine (E00)) -Timing -PRNG

16/17Bluetooth Security5-February-2001

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption-Encryption -modes -Key Reduction -Engine (E0)

-Timing-Timing -PRNG

17/17Bluetooth Security5-February-2001

Pseudo Random Number GeneratorPseudo Random Number Generator

Non Repeating

Randomly Generated

Bluetooth Standard•Software

•Hardware LFSR

•23 hr 18 min•3.2 kHz•28 bits•Serial

•128 bits•Parallel

-Overview -Blocks used -Weakness-Authentication -E1algorithm-Key handling -E3 -E2

-SAFER+ -Round -Key Schedule -Implementation-Encryption -modes -Key Reduction -Engine (E0) -Timing -PRNG-PRNG