An Augmented Level of Security for Bluetooth Devices Controlled by Smart Phones and Ubiquitous Handheld Gadgets

Full Text (PDF, 1382KB), PP.58-75

Views: 0 Downloads: 0

Author(s)

Soham Sengupta 1,* Partha pratim Sarkar 2

1. Faculty of Information Technology, JIS College of Engineering, & Research Scholar, DETS, University of Kalyani, India

2. DETS, University of Kalyani, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijieeb.2015.04.08

Received: 2 Mar. 2015 / Revised: 26 Apr. 2015 / Accepted: 2 Jun. 2015 / Published: 8 Jul. 2015

Index Terms

Bluetooth Security Model, Bluetooth Serial port Profile, IEEE 802.15 DUN Profile, Proprietary Security Mechanism, JSR-82.

Abstract

The enormous growth of smartphones was impelled by the idea to make a mobile phone offer more than just cellular telephony. One of the prime factors that initiated the age of smartphones (e.g. iOS, Android, RIM, etc.) was inarguably the capability of wireless sharing of images, music etc. among the users; which was possible due to Bluetooth Technology (IEEE 802.15). Today customers of the cheapest phone in world demand to have an inbuilt Bluetooth stack. Apart from sharing files, especially media, Bluetooth provides us with a lot more functionality, like streaming audio to a home entertainment system, allowing to share an Internet connection over DUN profile, a remote car locking and security system, a few to mention. Though the IEEE 802.15 stack has its own security mechanism, sometimes a system might require an additional security architecture running collaboratively with the in-built security to authorize an inbound pairing request. A simple example of the authorization paradox is that the standard security mechanism cannot help a Bluetooth system that was paired to multiple devices, to decide which of the paired devices to authorize to execute a certain task. For example, a device may be required to allow a smartphone Bluetooth stack to stream audio but restrict it from transferring files. Here need of a profile specific authorization is felt but it is beyond the scope of IEEE 802.15. 
To understand it better, let us assume that a home theater system has a Bluetooth link which allows smart phones to stream audio to it over A2D Audio sharing profile. Such a home theater system (e.g. HT-DZ350 by Sony) can be connected to any smartphone and play the streamed music. Each time a device disconnects, the Bluetooth stack resets itself and identity of the Bluetooth stack on the smartphone is lost. Since Bluetooth radio waves can penetrate walls and windows, it may be possible that a neighbor of mine connected her smartphone to the Home theater system and played an unwanted music. Sometimes this can be fatal in some remote controlled instruments unless proper security mechanisms are installed. 
Proposed in this thesis is a novel, generic and extensible framework to prevent unauthorized access over Bluetooth serial port profile; which is independent of any Cryptographic algorithm or approach. The thesis also suggests different architectures for differently equipped hardware systems, because the performance of the system under an augmented security stack will be different for different devices with varying hardware resources.

Cite This Paper

Soham Sengupta, Partha pratim Sarkar, "An Augmented Level of Security for Bluetooth Devices Controlled by Smart Phones and Ubiquitous Handheld Gadgets", International Journal of Information Engineering and Electronic Business(IJIEEB), vol.7, no.4, pp.58-75, 2015. DOI:10.5815/ijieeb.2015.04.08

Reference

[1]J .Padgette, K.Scarfone, L.Chen "Guide to Bluetooth Security", Computer Security N IST, 2012 http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf

[2]M.L. Das, R. Mukkamala, "Revisit in g Bluetooth Security", ICISS 2008, LNCS 5352 pp. 132-139

[3]Mohammed Mana, Mohammed Feham, and Boucif Amar Bensaber, "A light weight protocol to provide location privacy in wireless body area networks", International Journal of Network Security and its Applications (IJNSA), Vol.3, No.2, March 2011

[4]"Going Around with Bluetooth in Full Safety", International Journal of Distributed and Parallel Systems (IJDPS) Vol.3, No.1, January 2012 

[5]Nateq Be-Nazir Ibn Minar, Mohammed Tarique, "Bluetooth security threats and solutions: a survey", International Journal of Distributed and Parallel Systems (IJDPS) Vol.3, No.1, January 2012 

[6]Zhu Qishen, Zhu Dongmei and Su Xunwen, "Distributed remote temperature monitoring and acquisition system based on CAN bus"; Prognotics and Health Management Conference, 2010, pp-1-4.

[7]"Photovoltaic pumping system based on Intel 80C196KC Microcontroller" IEEE 10th International Conference on Environment and Electrical Engineering, pp. 1-5, May 2011

[8]Md. Khairullah,Md. Habibur Rahman,S. M. Hasanul Banna, "BlueAd: A Location based Service using Bluetooth", International Journal of Computer Applications (0975 – 8887) Volume 43– No.15, April 2012

[9]Vinayak P. Musale,S. S. Apte, "Security Risks in Bluetooth Devices", International Journal of Computer Applications (0975 – 8887) Volume 51– No.1, August 2012

[10]Bruce Potter, Bluetooth security moves, Network Security, Volume 2006, Issue 3, March 2006, Pages 19-20, ISSN 1353-4858, http://dx.doi.org/10.1016/S1353-4858(06)70348-8. 

[11]Heloise Pieterse, Martin S. Olivier, Bluetooth Command and Control channel, Computers & Security, Volume 45, September 2014, Pages 75-83, ISSN 0167-4048,

[12]Adam Laurie, Digital detective – Bluetooth, Digital Investigation, Volume 3, Issue 1, March 2006, Pages 17-19

[13]Bruce Potter, Warchalking and Bluejacking: Myth or reality, Network Security, Volume 2004, Issue 1, January 2004, Pages 4-5, ISSN 1353-4858

[14]Alexander M. Hainen, Stephen M. Remias, Darcy M. Bullock, Fred L. Mannering, A hazard-based analysis of airport security transit times, Journal of Air Transport Management, Volume 32, September 2013, Pages 32-38, ISSN 0969-6997

[15]G. Kabatianskii, B. Smeetsand, T. J ohansson, "On the cardinality of systematic A-codes via error correcting codes", IEEE Transact ion on Information Theory, vol. IT-42, pp. 566-578, 1996.

[16]Trishna Panse,Prashant Panse, "A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication", International Journal of Computer Science and Information Technologies, Vol. 4 (5) , 2013, 741-746

[17]Trishna Panse, Vivek Kapoor,"A Review on Security Mechanism of Bluetooth Communication", International Journal of Computer Science and Information Technologies, Vol. 3 (2) , 2012,3419-3422

[18]Pasquale Stirparo, Jan Löschner, "Secure Bluetooth for Trusted m-Commerce",Int. J. Communications, Network and System Sciences, 2013, 6, 277-288 

[19]Tzu-Chang Yeh, Jian-Ren Peng, Sheng-Shih Wang, and Jun-Ping Hs,"Securing Bluetooth Communications", International Journal of Network Security, Vol.14, No.4, PP.229-235, July 2012

[20]K. Haataja and P. Toivanen, "Two practical man-in- the-middle attacks on Bluetooth secure simple pair-ing and countermeasures," IEEE Transactions onWireless Communications, vol. 9, no. 1, pp. 384-392, Jan. 2010.

[21]Heloise Pieterse, Martin S. Olivier, Bluetooth Command and Control channel, Computers & Security, Volume 45, September 2014, Pages 75-83, ISSN 0167-4048, http://dx.doi.org/10.1016/j.cose.2014.05.007

[22]Wei-Cheng Chu, Kuo-Feng Ssu, Location-free boundary detection in mobile wireless sensor networks with a distributed approach, Computer Networks, Volume 70, 9 September 2014, Pages 96-112, ISSN 1389-1286, http://dx.doi.org/10.1016/j.comnet.2014.05.005

[23]Manar Jammal, Taranpreet Singh, Abdallah Shami, Rasool Asal, Yiming Li, Software defined networking: State of the art and research challenges, Computer Networks, Volume 72, 29 October 2014, Pages 74-98, ISSN 1389-1286

[24]Marica Amadeo, Claudia Campolo, Antonella Molinaro, Giuseppe Ruggeri, Content-centric wireless networking: A survey, Computer Networks, Volume 72, 29 October 2014, Pages 1-13, ISSN 1389-128

[25]Evgeny Khorov, Andrey Lyakhov, Alexander Krotov, Andrey Guschin, A survey on IEEE 802.11ah: An enabling networking technology for smart cities, Computer Communications, Volume 58, 1 March 2015, Pages 53-69, ISSN 0140-3664