Luminita Lebada 1 Copy [619810]

Diploma Project
Experiments for secure communication
with BLE 5.0

Universitatea „Politehnica” Timișoara
Facultatea de Electronică, Telecomunicații și
Tehnologii Informaționale Timișoara
Coordinator:
C&S.l. Dr. Ing. Ioan Jiveț Student: [anonimizat] 3
Chapter 1: Bluetooth Basics ………………………….. ………………………….. ………………………….. ………………….. 4
1.1 Bluetooth Importance ………………………….. ………………………….. ………………………….. ………………….. 4
1.2 A brie f look back in history of Bluetooth ………………………….. ………………………….. …………………… 5
1.3 What is Bluetooth? ………………………….. ………………………….. ………………………….. ………………………. 5
1.4 System architecture ………………………….. ………………………….. ………………………….. …………………….. 6
1.5 Establishing a connection in Bluetooth ………………………….. ………………………….. ……………………. 10
1.6 Bluetooth Security ………………………….. ………………………….. ………………………….. ……………………… 15
Chapter 2: Security Bluetooth Violation ………………………….. ………………………….. ………………………….. 19
2.1 Security Goals ………………………….. ………………………….. ………………………….. ………………………….. .. 19
2.2Security Mechanisms ………………………….. ………………………….. ………………………….. ………………….. 19
2.3 Bluetooth Vulnerabilities ………………………….. ………………………….. ………………………….. ……………. 21
2.4 Attack Experiments ………………………….. ………………………….. ………………………….. …………………… 22
Bibliography ………………………….. ………………………….. ………………………….. ………………………….. ………….. 25

Introduction

This paper work has the purpose of showing the complexity of Bluetooth standard, how
important is in our days and how even this standard seems to be very secure our private
information may be stolen.

Chapter 1: Bluetooth Basics

In this part of paper are presented technical aspects regarding to Bluetooth standard, what
represent this communication standard over all and his system architecture. First will be short
presentation of Bluetooth history and then technical build -up.
1.1 Bluetooth Importance
To know how big the impact of Bluetooth in our days is, it is important to make a short
introduction in IoT. IoT stands for Internet of Things, and an IoT device is any nonstandard
computing device that is able to connect wirelessly to a network and have the ability to transmit
data.
As known there are two kind of Bluetooth devices: one is Bluetooth Classic (used in common
application e.g. headsets or wireless speakers), and the other one is Bluetooth Low Energy
known as BLE. (These t wo are incompatible even they have the same brand.)
Because in our days the tendency is to use more smaller and \or thinner devices, that involves
small battery and so on a need for low power consumption, for IoT systems BLE has become the
more common pro tocol.

Figure 1-Number of Bluetooth devices along the years

In graph presented in Figure[1] we can see the status of devices connected to IoT from 2015 and
a prediction for 2025. It is expected that in six years from now it wil l be around 75.44 billion
devices according statista.com .

1.2 A brief look back in history of Bluetooth

A short answer for the question "Who invented Bluetooth?" is L. M. Ericsson a
telecommunication company from Sweden, but the person who actually originally build this
concept was Dr. Jaap Haartsen in 1994.
Origin of the name comes from a famous king of Den mark who united Denmark and Norway in
the 10th century, Harald Blaatand "Bluetooth" II. [1]
1.3 What is Bluetooth?

We can think at Bluetooth as a cable replacement technology. Bluetooth is a wireless
communication standard protocol used for transmitting and receiving data between fixed and/or
portable electronic devices. This protocol is perfect for short -range data tr ansmission because is
low-power, low -cost and very secure. It's a perfect replacement for serial communication
interfaces.
Originally Bluetooth standard was conceived as a replacement for cable systems that establish
connection between laptops, computers and mobile phones, but quickly it was notice that this
protocol is suitable for many other applications by offering a variety of other services an creating
new usage models.
Building up of Bluetooth protocol was based on wireless system needs: a universal framework
(that give access to information to different devices), user friendly and efficient.

1.4 System architecture
Bluetooth Radio Spectrum
Before entry in technical details about Bluetooth layers and connection is better to understand
about Bluetoot h Radio Spectrum, because it plays an important role in overall system. And there
for to understand how Bluetooth can be used around the world, without the need of licenses,
there will follow a presentation of Frequency Hopping Technique and Time -Division Duplex
Scheme.
Frequency Hopping Technique
Bluetooth uses ISM Band (Industrial, Scientific, and Medical Band), which is globally available,
and this may cause some interference problems because of other equipment s that uses this band.
So, to decrees unwanted interferences effects can be used two methods: suppression and
avoidance. Considering that interference suppression requires more components and circuitry in
Bluetooth system to deal with unwanted frequencies, avoiding interferences remain the best
option. Interferences can be avoided in time or frequency, or in time and frequency.
Frequency avoidance is the most practical solution because ISM band has the ranges between
2400 MHz and 2483.5 MHz which lead to 80 MHz band, and knowing that the most radio
systems have a limited band, the probability to find a part where is no significance interference
increases. So, there we have a band of 80 MHz and starting from 2402 MHz will give us 79 hop
carriers, and each carr ier is spaced by 1 MHz . Frequency hopping can be observed in Figure[1].

Figure 2-Frequency -Hopping Spread Spectrum in action, jumping between 79 different channels in the 2.4GHz radio frequency
spectrum . [2]

Time -Division Duplex Scheme
Time division duplex (TDD) refers to duplex communication where uplink is separated from
downlink by the allocation of different time slots in the same frequency band. [3]
Time -Division Duplex is important because Bluetooth devices works on Time -Division Duplex
(TDD) scheme, channel being divided in consecutive time slots, each of 625 us. The
transmission and receiving is done alternatively, master send packets to the slave on even slots:
f(2k), f(2k+2) and so on, and the slave transmit packets to the master only in the odd slots:
f(2k+1), f(2k+3) and so on.
So, combining frequency hopping and time -division duplex scheme an transmission between
master and slave in a piconet can be observe d in Figure2.

Figure 3-Time -Division Duplex Scheme and Frequency Hopping combined for transmission between master and slave. [1]
The complexity of Bluetooth comes from combining hardware system with software, there come
are formed two layers: lower level that is
hardware -based radio system, and the
upper level that specifies how
communication between layers is done.
Every layer communicates with one layer
above and one layer under. The most
important layers in a Bluetooth
architecture can be observed in Figure [3].

Figure 4- The architecture model of the Bluetooth stack

Hardware layer
Hardware layer, specified as a lower layer before, it consist of three other layers: The Radio
Layer that forms the physical connection; above are Baseband and LMP that have basically the
purpose to establish and control links between devices.
Radio Layer
The lowest defined layer of Bluetooth is the Radio Layer, that defines the requirements a t which
the transceiver operates, around 2.4GHz in the unlicensed ISM band (Industrial, Scientific and
Medical band) and uses spread spectrum, for which is used frequency hopping technique
(transmission band is split into 79 channels and performs fast freq uency hopping, 1600
hops/sec). It deals with modulation and demodulation of data.
Baseband
Baseband has the following responsibilities: controls the radio, provide the frequency hop
sequences, lower level encryption and defines the timing, framing and pack ets handling.
This layer is very important to establish connection between devices.

Link Manager Protocol (LMP)

Main functionalities of LMP are: link setup and release, authentication and encryption.
When we are referring at link setup and release we are referring at the piconet management. A
piconet represent a group of devices that are connected to a common channel. In a piconet it
always has to be a master, usually the device which first initiate th e connection, and from one to
seven slaves, that are actively connected to the master (and many other devices that have a low –
power connection). There are two types of links which establish between master and slaves:
ACL -Asynchronous Connection less, used for data transfer applications; SCO -Synchronous
Connection Oriented, used for synchronous data (usually voice).

Upper Stack Layers
The upper stack consists of building up the services specifics for the device and how they will
communicate with each other during entire connection.
Host Controller Interface
Basically HCI (Host Controller Interface) is the interface between the lower layers, hardware
part, and the upper layers, software part of the system. Provides uniform access method to
baseband and contro ls registers via USB (Universal Serial Bus), PCI (Peripheral Component
Interconnect), UART (Universal Asynchronous Receiver -Transmitter).
For a better understanding it is useful to explain that for many devices the Bluetooth module may
be added as a separa te card (e.g. PCs or laptops). The module added contains the hardware part
and can be added as a PCI or a USB adapter. The data is transfer to LMP and baseband travels
over the physical bus. For the "host" (PC for example) is required a driver for bus, and on the
hardware part is required a "host controller interface" to accept data over the physical bus.
Logical Link Control and Adaptation Protocol -L2CAP
One of the roles of this protocol is to control the communication between upper and lower layers
of the Bluetooth stack, some others which are very important are described below:
1. Multiplexing is present at this level, because multiplexing and demultiplexing are necessary
for multiple access and Baseband Protocol does not support any.
2. Segmentation and Reassembly
Because of limitation of almost 2745 bits impose by the baseband packets, this function of
L2CAP protocol is responsible with segmentation of data in frames, and each frame will contain
data plus information of location in original frame. At th e receiving device this function will
perform the reverse of this process, combining in the proper order the segmented packets.
3. Quality of Service
Between two Bluetooth units may be expected some QoS (quality of service) requirements, like:
peak bandwi dth, latency and delay variation. And L2CAP of each unit must be able to monitor
the resources and to ensures that demand required are honored.

Application layer
The above of L2CAP protocols are not in a precise order but are very important to mention.
Some of them are briefly described below:
• RFCOMM stand for Radio Frequency Communication. This protocol provides emulation
of RS232(a simple form of data transmission) serial ports over the L2CAP, this protocol
can support up to 60 connection, but the impl ementation is specific for BT devices.
• Service Discovery Protocol (SDP) locates services provided by Bluetooth devices, and it
uses a request/response model. Each transaction consists of one request protocol data unit
(PDU) and one response PDU.
• Telephony Control Protocol Specification, for short TCS, is used for establishment at
speech and data calls between Bluetooth devices.

1.5 Establishing a connection in Bluetooth
Any Bluetooth device have multiple states, starts from Standby, then can pass or dire ctly to the
Page state or through Inquiry state and then in Page. After these two states the device pass to
state Connected, Transmit data and again on Standby. From Connected state there are three more
states, which are bidirectional: Park, Hold, Sniff. B ut is very impor tant to know that there are
also some substates.

Figure 5-Bluetooth States

Inquiry Sub -states
Inquiry Scan is a sub -state, in which a device (in this case the device is slave) that want to be
discovered, enter periodically and listen for inquiry packets from other devices in his range area.
From the general inquiry address are calculated the channels and hopping sequence because it
will listen at a single frequency from 16 diff erent frequencies in the inquiry hop sequence. Time
needed for an enquiring device to cover 16 different frequencies, is the minimum time that the
device has to listen. So, the device in Inquiry Scan states will scan frequent enough so that it will
wake up during a 16 -channel train.
Inquiry is the process when one device (in this case the device is master) is searching for all the
access points that he can access in his range are. The Inquiry packet that the device sends is
addressed to the GIAC -General Inquiry Access Code or to the DIAC -Dedicated Inquiry Access
code, last one is referring to a specific cla ss of devices. The device that initiate this process is an
enquiring device, so it will transmit repeatedly inquiry request on 16 frequencies from the
inquiry hop sequence. On the first slot transmission is done, the next one is skipped because is
used for listening purpose and so one till the transmission is done on 16 channels (give us 32 in
total and a total time of 10.24 seconds).
To avoid the collision with another device that is involved in inquiry process, the interval
between successive inquires is random.
Inquiry Response -Having in mind that one device is in Inquiry Scan state and another one is in
Inquiry state, when the inquiry message is received a response that contain device address is
sent, but this packet is not send immediately, is send a fter a random number of slots to avoid
collision, this packet which contain the address is an FHS(Frequency Hopping Sequence) packet.
Even that device receive the response it can continue the inquiry procedure as long as it wants,
only in the moment when t he inquiring device wants to start paging the device that responded
will aboard the current process and start the connection and will use the information received in
response to page.
Page substates
Page -This states it refers to the master device, so maste r device must use the clock information
received during inquiry procedure to estimate when it is possible for the slave to listening in page

scan mode, but this estimation may not be right. DAC – Device Access Code is calculated by the
master from the slave address, using a well -defined procedure.
The transmission of the page message is done in alternated time slots, and it will start with the
frequency estimated.
Page Scan is the state in which a Bluetooth device, that has no connection established, have to
enter periodically in case the master device sends page massages. Slave device activates its
receiver and listening on 32 channels, and on each channel listen for at least 16 time slots.
Page Response substate we can say it is "divided" in two, Page Sl ave Response substate and
Page Master Response substate. In Page Slave Response substate, the slave after receiving the
paging massage from master it will send at the frequency for the next slot its ID packet message
response, that also contain its DAC. Page Master Response it is the state in which the master
enters after receiving ID packet data from slave device. At this point master device send to slave
its FHS packet with the purpose of informing the slave about its clock, master clock. After the
slave receiving this packet will send its ID packet. From now there is a new piconet formed (or a
new device entered in the already formed piconet), and the slave know how to determine the
channel access code using FHS from the master and to calculate the clock offset. For ending
Paging procedure two more packets have to be send, POLL packet is sent at the master
dependent frequency hop and uses channel access code, this message is addressed to the slave
and now it has to respond, no matter what message it sends. After the response is send, the slave
device enters in Connected state. If no response message is sent from slave to master it will be
considered paging failed.

Connected State
After paging is successfully complete now the devices (master and slave) are ready to establish a
link. How a connection link is established will be described below, first of all we need a brief
presentation of the operation modes (Power control modes) in which a Bluetooth device can
enter.

Active Mode – This is a regular mode of connection, in this operating mode the device participate
actively on channel transmission, is receiving and transmitting data. Transmission between a
master and a slave is done in an alternatively way.
Sniff Mode -The idea of this mode is that the slave will have a reduce listening activity and this
occurs a low power mode. Reducing the listen activity is ordered by the master which emitted
the command for the slave to enter in the Sniff mode. So, the slave will listen for transmissions
only at fixed intervals of times, with an offset slot for a specific number of times.
Hold Mode – In this mode the slave, for a particularly amount of time, does not support any ACL
(Asynchronous Con nection less) packets on the channel, but there exists a possibility for SCO
(Synchronous Connection Oriented) links to be supported. This mode is useful because the
capacity can become free and other operations can be done (like scanning, paging, inquiry or
attending a new piconet). During hold mode the slave keeps its AM_ADDR (active member
address). The device which is in hold mode can also enter in low -power sleep mode.
Park Mode – In this mode the slave has a very little activity, and this induce a very low power
mode. The device will give up on his active member address and in return will receive an eight –
bit parked member address and an eight -bit access request address. Active member address is
used by the master to unpark the slave, and the request ad dress is used by the slave to ask the
master to be unparked. During park mode the slave remain synchronized to the channel. If the
master needs to transmit message to the parked slaves is needed for a broadcast channel for this
type of transmission to be d one, also the parked devices must be informed about this
transmission in a beacon channel. Slaves listen regularly for beacon signals, in an ordered way
decided by the become structure. This information is transmitted at the beginning of parking. In
this m ode the device has a low power consumption and beside that this mode allows the master
to have more the seven slaves connected.
Link Establishment
Now considering that two Bluetooth devices are connected link establishment may start, at the
LMP level. For two devices to be connected there are need configuration information, this
information is sent through POLL packets. After that a packet request is sent, and the remote

device responds with its acceptance or not -acceptance message, if the application requested does
not want to respond.
And now, that the link is established the master will use SDP protocol to discover what services
are available on t he slave it paged.
SDP
This protocol is needed in a Bluetooth environment because it changes rapidly, and new services
are available all the time. A Bluetooth device which wants that its services to be discovered runs
an SDP server, and a device which wan t to discover services will run a SDP client. So, the client
sends a request to the server, and the server will respond. All services are put in different classes
of services, but if the device have just a few services they may belong to the same class.
SDP is only in charge with allowing service discovering, to get the access we need other
protocols.
L2CAP link
The purpose of L2CAP is to establish a channel for application, using the information obtained
after LMP link was established and through SDP. The only links that L2CAP is establish are
ACL links. For identification of an L2CAP links is used channel identifier and the device address
to which the link was created. The channel identifier is allocated to the remote device which is
connected through a specific connection for a particular application.
L2CAP links are created only when a device (initiator) request the link establishment.
As said before the role of this protocol is to ensure communication between upper layers and
lower layers. We can expr ess this interaction in terms of events and actions. An event occurs
when a message is received by the L2CAP from one layer above (any application) or under him
(LMP or HCI). And action is response produced for request message.
Security -brief description
In this part will be presented a brief description of Bluetooth security as a part of Connected
state.

For secure the data that is transmitted during a Bluetooth connection, four values are used: the
device address (which can be seen by all Bluetooth devic es), a private authentication key (can't
be obtained by inquiry), private encryption key and a random number .
The security procedure requires an initialization key that is generated using: a PIN that is secret
and is known only by the user, the length of t he PIN, a random number and the device address
which makes more difficult for other devices to establish an unauthorized connection.
Application link
After all the specific links were establish now the data must be transmitted, and this is done over
the ap plication link. If application need other protocols that are over L2CAP, Bluetooth defines
three main protocols:
RFCOMM -This protocol provides emulated RS -232 serial port over wireless links.
SDP-This is used to discover what services are available in the device proximity.
TCS-This protocol is used to control calls and voice signaling of voice channels.
Also, over the L2CAP layer or above the three main protocols can be implemented: TCP -IP,
PPP, IrDA OBEX, WAP and HomeRF this are already existing mechanisms .

1.6 Bluetooth Security

Because of personal and sensiti ve information that are send via a wireless connection, security is
a must. Having in mind that Bluetooth is very popular because is easy to use, and the connection
between two devices can be established with almost no user intervention, there is a need to take
precautions that user to be ensure that no personal information, sen t through signals, are
intercepted. Basically, devices can easily grab radio waves out of air, so there is obviously a need
of high security level.
Generation of the link key

The secret link key is generated in the moment when a PIN known by one of the users is entered
in both devices , this temporary key is called initialization key . The devices use E22 algorithm
(E22 is a custom algorithm based on SAFER+ -Secure And Fast Encryption Routine) to generate
a secret key which is derived from PIN code, length of the PIN, device address a random
number. An aspect of Bluetooth security strength is the fact that the link key is nev er transmitted
outside the device, the link key is used in encryption process to generate matching sequences.

Figure 6-Generation of the Initialization Key by Mode 2 of the E22 algorithm.

As said before the four values are used to generate the link key, the length of PIN used in
algorithm cannot be greater than 16 bytes because algorithm must use some bytes from the
claimant unit address to ensure a higher level of security, plus random num bers. If in the
environment is a device which try to connect with a large number of PINs, and each time
claiming a different address, the application responsibility is to take measures against this threat.
Now that the link key is generated devices may aut henticate using this key. They use E1
algorithm (that is also an algorithm based on SAFER+) in authentication process. This process is
done through a challenge -response scheme which has the purpose to verify if the claiming device
has knowledge of the secr et link key. The procedure is as follow: the claimant sends its unique
device address to the verifier, the verifier requests the claimant device to send a 128 bits
sequence of random numbers, from a random number generator. After that both devices use E1
algorithm on the random sequence together with the device address and the secret key and the 32
bits output result (SRES in Figure [5]) is compared by the verifier, and if the both results match
the verifier authenticates the requesting device.

Figure 7-Authentication using the E1 algorithm.
The link key can be generated using also the unit key. This unit key is generated in the moment
when the device is for the first time in the operation mode and stores it in a non -volatile
memor y. Unit key has a length of 128 bits and is generated using E21 algorithm.

Figure 8-Generation of unit key.
There are two possible ways to generate the link key using the unit key. First case is when one
of the units has a limited memory capacity, and so the link key is a result of encryption process
of the initialization key and the unit key , this generation can be seen in Figure [7] . And then is
the other case when both devi ces can support a key generation from the unit ke y from both
devices. This procedure use E21 algorithm for both devices to generate a 128 bits key. These
keys are encrypted with the initialization key and exchanged. The link key now will be
generated by decrypting the random number received, using his kn owledge about device

address, and the result will be bitwise XORed with its own random number. After the new link
key is generated the initialization key is discarded.

Figure 9-Setting up the link key derived from only one -unit key.

Generation of the encryption key
An encryption key is generated each time the device enters in encryption mode and is changing
for each packet transmitted. From the current link key, the encryption key is generated using E3
algorithm. This encryption key is composed by the COF (Ciphering OFFset number) with length
of 96 bits, and a 128 bits long random number. COF can be determined in two ways, depending
on the type of the current link: OF can be determined form the master device address, if the
curre nt link key is a master key; the other option is to set the value of the ACO (Authenticated
Ciphering Offset), computed during authentication procedure.

Figure 10-Generation of the encryption key.
The role of encryption key is t o generate others encryption keys, using E0 algorithm each time
data packets are transmitted. It is used sender’s clock information to generate a new key each
time.

Figure 11-Figure 12: Encryption of data over a Bluetooth link.

Chapter 2: Security Bluetooth Violation
In this section will be described several technical aspects that are linked directly to the Bluetooth
security vulnerabilities and also have an important role in explaining types of attacks that are
possible.
2.1 Security Goals
Bluetooth standard have to coverage four basic requirements that represent secure transmission
and connection between devices. From Access Control point of view there are Authentication
and Authorization. Authentication ensures that communicat ing devices have a unique Bluetooth
address and authorization ensures that a device can access only the services which is allowed to
use. The remaining three are: Integrity of messages, during a transmission a message should
remain unchanged; Confidentiall y that have to prevent information leakage to unauthorized
devices; and finally Paring/Bonding that refers to the ability of Bluetooth devices to create one or
more secrete keys and store them for future connections.
2.2Security Mechanisms
To implement the above goals Bluetooth standard uses several mechanisms that are described
below.

Bluetooth Device Address
Bluetooth Device Address is a uni que 48-bit number that identify Bluetooth device, in many
papers work Bluetooth Device Address is referred to as BD_ADDR. Bellow can be observed
how BD_ADDR i s organized :

Figure 12-Bluetooth Device Address
First two parts, three byt es long, are reserved to the manufacturer and is publicly available (NAP
and UAP). The last part, also three bytes length, is private.
Pairing
Since Bluetooth version 4.0, the standard use Secure Simple Pairing (SSP). Bluetooth Low
Energy devices before 4 .2 version their uses LE Legacy Pairing and after that utilize LE Secure
Connection protocol, that is like the SSP protocol.
Association Model
This part is very important because Bluetooth security attacks are based on this association s
weakness. Four associations models are implemented for Bluetooth BR/EDR (Basic
Rate/Enhanced Data Rate) SSP and LE Secure Connection protocols.
Numeric Comparison – On both devices’ display is shown a random six -digits number. If this
random number matches on both devices, and the users press "yes" button the paring process
may begin.
Passkey Entry -A PIN of six -digits can be displayed for one user, or can be choose by him, and
the other user must enter the correct six -digits PIN to allow the paring process to start.
Just Works -Devices start the pairing process immediately after request.

Out of Band (OOB) -This method is not such popular because involves other hardware
requirements, for this model must be implemented a different wireless communication (e.g.
NFC-Near Field Communication).

Figure 13-Choices of association model depending on the device profile

2.3 Bluetooth Vulnerabilities
Vulnerability in a Bluetooth networks depends on Bluetooth medium, protocols and parameters.
Also, Bluetooth weakness come from some assumptions, first assumption is that once connection
is established with the key stored, it will remain permanently secure . Second it is considered that
for two devices to be connected is needed for a short -range distance, so this somehow increases
the security level. And another assumption is that all users that use a particular device shall
follow the same security protocol .
Interception Vulnerability
Interception cannot be easily detected because of nature of transmission. Bluetooth transmission
is wireless, so radio waves can be grap out of air. Moreover, if transmission is unencrypted
obviously is more easy for un unauthorized device to see the content of any packets.
Potential Weaknesses
• Encryption Mechanisms – One issue that can affect Bluetooth security is regarding to the
encryption key length. The maximum length of the key is restricted by the device tha t

have the shortest maximum encryption key. In Passkey Entry or JustWorks association
model users have to entry a PIN, and this PIN is used to generate link key. An attacker
can hack this PIN and use it to replicate the link key.
• Association Models of SSP – JustWorks model doesn’t provides any MITM (Man In The
Middle) protection.
• Device Configuration – From security point of view default settings of a Bluetooth device
are very poor, so an attacker can discover the device address when is set as discoverable
and non -secure.

2.4 Attack Experiments
In this part will be presented some experiments which provides proves that with proper devices
and experimental set -up can appear breaches in Bluetooth security.
Active Listening and Interception Attack
As mentioned b efore in association models of SSP, JustWorks model doesn’t provides any
MITM (Man In The Middle) protection. A connection between e cellphone and a set of
headphones that are enable for Bluetooth connectivity, is an example of JustWorks association.
The m aster device in this experiment will be a smartphone with Android system that supports
BLE 4.2, the slave will be obviously the headphones set and MITM device will be a developing
board that support BLE 4.2 technology. The assumption that it’s hard for an attacker to be close
to the victim can be ignored.
When a user connects its smartphone to the headphones first of all turn on the headphones, then
press the button which allows the Bluetooth system to be seen by other devices. Then from the
smartphone enab les the Bluetooth and after a searching process the headphones name will pe
displayed, Name BT -Device. From technical perspective the smartphone sends inquiry requests
to a number of different frequencies and then scanning for a reply on the same frequenci es. If a
device is found some information are provided:
• the name which has no other purpose besides helping the user to identify and select the
device;

• the class is the one which provides the type of icon displayed on the smartphone, at this
point using a developing board, with the right code, can be extract to see that is
corresponding to a multimedia device;
• and the MAC is the most important identifier and is used by the software to track other
devices.
Now will be presented some parts of the total expe riments, that shows that some apparently
private information can be easily stolen:
1. Copy the Identity
Making the proper set -up on developing board setting on
NoInputNoDisplay to enable JustWorks association and changing the device name in Name BT –
Device, in the moment when on smartphone we are checking for available devices will appear
Name BT -Device as a multi -media device. Because the profile isn't created the developing board
the connection ca n’t be established, but the two devices are pa ired now. [4]
2. Extract and copy the services
For extracting the transmitted information is important to be undetectable, so data has to be
stored into attacker device and sent for ward to the headphones. To discover the services are
various methods, like libraries from different programming languages which provide support for
Bluetooth applications. After founding the services provided by the headphones, adding new
code to the devel oping board, which imitate the service, all devices are ready to connect. Final
connection will be smartphone will be connected to the developing board, and developing board
connects with the headphones. [4]
MITM attack for Blu etooth standard V5.0
An MITM attack is possible when SSP is under the passkey entry association model, moreover
vulnerability increase in the moment when the passkey is reused. An MITM device is allowed to
start the attack once he predicts correctly the passkey . [5]

1 Offline attack on passkey
This kind of attack is possible if the two device s are establishing a connection second time,
because the first time the attacker devic e is able to collect the public key from these two devices,
the commitment value and the unique random value from the initiating device, from the public
channel . After collecting all this data, the attacker device can deduce the passkey. And the
assumption is that in the moment when these two devices are trying to reconnect again there will
use the same passkey. Even the devices will change the passkey, the attacker have the possibility
to deduce the new passkey. [5]
2 Online at tack on passkey
This attack applies bit -by-bit strategy and forces devices to start a new SSP session. Attacker
interrupts initiating device during running the passkey entry protocol.
Attacker needs to determine the passkey, this can be done by guessing. When the responding
device start to generate his first unique random number, the attacker also start to choose its first
unique random number, and them responding device start to generate its commitment value, and
at this time is possible that first bit fr om passkey to be determinate by the attacker, if that so the
attacker computes his first bit from commitment number using passkey determinate, otherwise
will use an 0. The attacker will send the first determinate commitment number (that should be
commitmen t number of initiating device) and the first chosen random number end send it to the
responding device, if responding device terminates his protocol and initiating device is starting a
new session, that means that the first bit was deduced correctly, and t hese steps may repeat until
the all passkey is detected. Otherwise the first bit of passkey was not determined correctly, and
being a bit with only to possible options, the only thing that attacker has to do is to negate first
bit found. [5]
Using less words, the attacker can guess the passkey only by analyzing the responding device
response , because attacker can always compute the commitment number without knowing the
passkey. [5]

Chapter 3: Bluetooth 5.0
In this part of paper will be presented Bluetooth V5.0 standard, even V5.1 was release this year.
This presentation will contain new technical aspect of Bluetooth standard and the advantages that
comes with the new (but old, sinc e V5.1 was release) version.

Figure 14-Bluetooth 5.0 with its advantages
3.1 History of Bluetooth Low Energy

First version of Bluetooth Low Energy was released in 2013, the author of this version was
Bluetooth SIG (Bluetooth Special Interest Group). For the following versions a new name
appears near author label: Martin Wooley, from de second release, version 2.0 .0, until the latest
version 5.1.0,that was release in 28th March 2019.

Bibliography

[1] A. Kansal, "Bluetooth Primer," -, p. 5, -.
[2] "cdt21," Circuit Desing , INC , [Online]. Available: https://www.cdt21.com. [Accessed 05 06 2019].
[3] "thefastmode," thefastmode, [Online]. Available: https://www.thefastmode.com. [Accessed 27 05
2019].

[4] D. Filizzola, S. Fraser and N. Samsonau, "Security Analysis of Bluetooth Technology," [Online].
Available: https://courses.csail.mit.edu/6.857 /2018/project/Filizzola -Fraser -Samsonau –
Bluetooth.pdf. [Accessed 29 05 2019].
[5] D.-Z. Sun and Y. M. W. Susilo, "Man -in-the-middle attacks on Secure Simple Pairing in Bluetooth
standard V5.0 and its countermeasure," University of Wollongong , Wollongong , 2017.
[6] -, "thefastmode," [Online]. Available: https://www.thefastmode.com/wiki -networking/5586 -time –
division -duplexing -tdd. [Accessed 9 06 2019].