C. Rakesh S.

VIJAY SANDEEP
CSE (3/4), CSE (3/4)
GMRIT, GMRIT,
RAJAM. RAJAM.
Email id:rakesh_0517@yahoo.co.in svijaysandeep@gmail.com
 ABSTRACT

As the technology becomes more sophisticated, the need for facile wireless
communication has led the human brain to renovate the orthodoxy bottlenecked
conventions being used. Computing will inevitably be indispensable and ubiquitous – a
scenario that has no place for wires. Bluetooth provides several irksome issues that have
plagued implementation of wireless technology handling both data and voice
transmissions, allowing such capabilities as a mobile hands-free head set for voice calls
and print-to-fax, laptop and cell phone address book applications. More than just a
replacement for Proprietory cables, Blue tooth wireless technology provides a Universal
bridge to existing data networks LAN’s, mobile phone network and the internet for a host
of home applications and portable hand-held interfaces.
Bluetooth enabled electronic devices connect and communicate wirelessly
via short-range, ad-hoc networks called ‘Piconets’. Each unit can simultaneously
communicate with up to seven other units in a piconet. These piconets are established
dynamically and automatically as blue tooth devices enter and leave the radio proximity.
To replace messy wires, make information transfer automatic without synchronization
cradles and introduced many applications Bluetooth excels at connecting devices
irrespective of their locations and can even talk through walls
This paper elucidates what is Blue tooth? And the concept behind the Blue
tooth and the Bluetooth architecture, network topology, and mainly presents about blue
tooth security architecture, flowcharts for authentication and authorisation, hacking
concepts ,advantages ,drawbacks and its applications. With potential like that it’s no
wonder that Bluetooth is set to become the fastest adopted technology in history.
 INTRODUCTION
 What is Bluetooth?
Bluetooth is the global defacto standard for wireless connectivity based on
low-cost, short-range radio link that resides on a micro chip. Bluetooth wireless
technology is a system solution comprising hardware, software and Interoperability
requirements. Bluetooth is a standard for a small, cheap radio chip to be plugged in to
computers, printers, mobile phones etc. Bluetooth wireless technology eliminates the
need for numerous, often Proprietary, cable attachments for connection of practically
any kind of communication device.
 Concept behind Bluetooth:
The basic concept behind the Bluetooth is to provide a universal short
range wireless capability. It operates in free Industrial Scientific Medical(ISM) band from
2.400 GHz to 2.483GHz, available globally for unlicensed low-power uses. Two
Bluetooth devices within 10m of each other can share up to 720kbps of capability. It has
the transmission power of 1mW. Bluetooth is intended to support an open-ended list of
applications, including data, audio, graphics and even video. For e.g. Audio devices can
include headsets, cordless and standard phones, home stereos, and digital MP3 players.
Bluetooth can provide consumers with the ability to
Make calls from wireless headset connected remotely to a cell phone.
Eliminate cables linking computers to printers, keyboards, and the mouse.
Hook up MP3 players wirelessly to other machines to download music.
Set up home networks so that a couch potato can remotely monitor air
conditioning, the oven, and internet surfing.
Call home from a remote location to turn appliances on and off, set the alarm, and
Monitor activity
A device equipped with a Bluetooth radio establishes instant
connection to another Bluetooth radio as soon as it comes into range. Bluetooth device
supports both point-to-point and point-to-multipoint connections.
Architecture overview:
A block diagram of the Bluetooth protocol architecture is shown in Figure.

Figure 1: Bluetooth Architecture

The ‘core protocols’ form a five-layer stack consisting of the following elements:
Radio: Specifies details of the air interface, including frequency, the use of
frequency hopping, modulation scheme, and transmit power.
Baseband: Concerned with connection establishment within a Pico net, addressing,
packet format, timing, and power control.
Link manager: responsible for link setup between Bluetooth devices and on going
link management. This includes security aspects such as authentication and
encryption, plus the control and negotiation of base band packet sizes.
Logical link control and adaptation protocol (L2CAP): adapts upper-layer
protocols to the base band layer.L2CAP provides both connectionless and connection-
oriented services.
Services discovery protocol (SDP): is device information, services, and the
characteristics of the services can be queried to enable the establishment of a
connection between two or more Bluetooth devices.
RFCOMM is the cable replacement protocol included in the Bluetooth specification.
RFCOMM presents a virtual serial port that is designed to make replacement of cable
technologies as transparent as possible. Serial ports are one of the most common types of
communication interfaces used with computing and communications devices. Hence,
RFCOMM enables the replacement of serial port cables with the minimum of
modification of existing devices. RFCOMM provides for binary data transport and
emulates EIA-232 control signals over the Bluetooth base band layer.EIA-232 is a widely
used serial port interface standard.
Bluetooth specifies a telephony control protocol.TCS BIN (telephony
control specification-binary) is a bit –oriented protocol that defines the call control
signaling for the establishment of speech and data calls between Bluetooth devices. The
host controller layer interfaces the Bluetooth hardware to the upper Logical Link
Control and Adaptation Protocol (L2CAP). The L2CAP is followed by applications.

HOW DOES IT WORK?

There are four basic parts to any Bluetooth system: Radio (RF) that
receives and transmits data and voice, a Base band or link control unit that processes the
transmitted and received data, link management software that manages the transmission
and supporting application software.
Bluetooth radio:
The Bluetooth radio is a short distance, low power radio operating in the
unlicensed spectrum of 2.4 GHz and using a nominal antenna power of 0 dBm (range
10mts) Optionally a range of 100 meters (about 328 feet) may be achieved by using an
antenna power of 20 dBm. Data is transmitted at the rate of up to 1Mbps maximum. But
communication protocol overhead limits the practical data rate to a little over 721 Kbps.
Radio communication is subjected to noise and interference, as the 2.4 GHz frequencies
is shared between all devices in Pico nets. So the Bluetooth specification has solved this
problem by employing what is called as spectrum spreading, in which the Bluetooth
radio hops among different frequencies very quickly. There are 79 hops starting at 2.402
GHz; and stopping at 2.1.80GHz, each of which is displaced by 1 MHz. Frequency
hoping also provides data security because two packets of data is never sent over the
same frequency consecutively and the changing frequency is unpredictable.
Base band:
In wireless communication the baseband is the hardware that turns the
radio signals (transmit/ received) into a digital form that can be processed by the host
 application. In other words it can convert the digital or voice data into a form that can be
transmitted using a radio signal, according to a protocol that allows. Virtually all wireless
communication accomplishes this feat by putting the data into Packets. It also contains
information on how the data was compressed. When the data is received it is checked for
accuracy, un-packetized, reassembled, de-composed & possibly filtered in some way .
The baseband processor handles all the tasks & in Bluetooth it is called as Link
Controller.
Links:
The Bluetooth link is the method of data transmission which supports two
link types: Synchronous Connection Oriented (SCO) used primarily for voice
communications and Asynchronous Connection Less (ACL) links for packet data. Each
link type support sixteen different packet types that are used based on the application.
Link Controller& Link manager:
It a supervisory function that handles all the Bluetooth baseband functions and
supports the Link manager. It sends &. Receives data, requests the identification of the
sending device authenticates the link, sets up the type of link, determines what type of
frame to use on a packet by packet basis, directs how devices will listen for transmissions
from other devices or puts them on hold. It is software that runs on a microprocessor and
manages the communication between. Bluetooth devices .Each Bluetooth device has its
own Link Manager that discovers other remote Link Manager, & communicates with
them to handle link setup, authentication, configuration & other protocols.
Network Topology
 Bluetooth devices are generally organized into groups of two to eight
devices called Piconets, consisting of a single master device and one or more slave
devices. A device may additionally belong to more than one piconet, either as a slave in
both or as a master of one piconet and a slave in another. These bridge devices effectively
connect piconets into a scatternet. A diagram of a Bluetooth scatternet is shown in figure
above. Bluetooth operates in the unlicensed ISM frequency band that is generally
cluttered with signals from other devices-garage door openers, baby monitors, and
microwave ovens, to name just a few. This pattern, moving through 1,600 different
frequencies per second, is unique to the particular piconet. Each frequency “hop” is a
time slot during which data packets are transferred. A packet may actually span up to five
time slots, in which case the frequency remains constant for the duration of that transfer.
SECURITY ARCHITECTURE:
When wireless connection is used in communication the eavestroping is much
easier. That’s why security and encryption is very important with Bluetooth devices. BT
specifies security on several levels from base band to service level. Base band uses
SAFER+ algorithms for security purposes. BT’s encryption engine requires master nodes
BT address its slot clock and secret key i.e. that is shared by all the participant devices.
The Bluetooth specification includes security features at the link level. It
supports authentication and encryption. These features are based on a secret link key that
is shared by a pair of devices. There are three security modes for a device to be operated:
• Security mode 1(non-secure): A device will not initiate any security
procedure.
• Security mode 2(service-level enforced security): A device does not
initiate security procedures before channel establishment at L2CAP
level. This mode allows different and flexible access policies for
applications, especially running applications with different security
requirements in parallel.
• Security mode 3(link level enforced security): A device initiates
security procedures before the link set-up at the LMP level is
completed.
 The security architecture provide a flexible framework which dictates when to
involve a user and what actions the underlying BT protocol layers follow to support the
desired security check-ups.
The general architecture is shown below:

In the above architecture the security manager is the key component. The main functions
of security manager are:
Store security-related information on services.
• Store security-related information on devices.
• Answer access requests by protocol implementations or applications.
• Enforce authentication and/or encryption before connecting to the
application.
• Initiate pairing and query PIN entry by the user. PIN entry might also be
done by an application.
SECURITY LEVELS:
Authentication: It is the process of verifying ‘who’ is at the other end of the link. In BT
this is achieved by the authentication procedure based on the stored link key or by pairing
(entering a PIN).
Setting PIN codes:
After pairing the data transfer between these equipments is secure. The
instruction to set PIN codes is as follows: The simplest way is to run btsrv on Bluetooth
computers which prompt pairing .If we are not running btsrv command we can manually
set PIN codes by btctl command.
• Use btctl command to find out and list the BT devices around your computer.
• Add pin code btctl addpin<address_of_the_remote_peer><pin_code>
Authorization: It is the process of deciding a device to be allowed to have access for the
services provided by the master.
Device trust level:
Devices are distinguished based upon their trust levels:
• Trusted device: The device has been authenticated and a link key is
stored and it is marked as “Trusted” in the device database.
• Untrusted Device: The device has been authenticated and a link key is
stored but it is not marked as trusted.
• Unknown device: No security information is available for this device.
Security level of services:
The security level of a service is defined by three attributes:
• Authorization Required: Access is granted only to trusted or untrusted
devices after an authorization procedure. Authorization always requires
authentication.
• Authentication required: Before connecting to the application the
remote device must be authenticated.
• Encryption required: The link must be changed to encrypted mode
before access to the service is possible.
INFORMATION FLOW FOR ACCESS TO TRUSTED SERVICE:
The authentication cannot be performed when the ACL is established. The
authentication is performed when a connection request to a service is submitted.
The link manager connects request to L2CAP and this in turn requests access from the
security manager which then look up’s in service database and the device database. If
necessary security manager enforces authentication and encryption and then grants
access. After granting access L2CAP continues to setup the action.
FLOWCHARTFORAUTHORISATION PROCEDURE:
FLOWCHARTFORAUTHENTICATIONPROCEDURE:
HACKING CONCEPTS OF BLUETOOTH:
Bluejacking: This allows phone users to send business cards anonymously using BT
wireless technology which doesn’t remove or alternate any data from device. To carry
this bluejacking also the sending and the receiving devices must be within 10 meters of
one another. Phone owners who receive blue jack messages should refuse to add the
contacts to their address books. The person who does bluejacking is called as
bluejackers. The only way to not to be bluejacked is to disconnect Bluetooth.
Bluebugging: This allows skilled individuals to access the mobile phone commands
using Bluetooth wireless technology without notifying or alerting the phones user. This
vulnerability allows the hacker to initiate phone calls, send and receive text messages,
read and write phone book contacts, eavesdrop one phone conversations, and connect to
the internet.
Bluesnarfing: The information that can be accessed in this manner includes the phone
book, images, calendar and IMEI (International Mobile Equipment Identity). Only
specific folder BT enabled devices are susceptible to bluesnarfing.
General applications:
Data and voice access points: Bluetooth facilities real-time voice and data
transmissions by providing effortless wireless connection of portable and stationary
communications devices.
Cable replacement: Bluetooth eliminates the need for numerous, often
proprietary, cable attachments for connection of practically any kind of
communication device. Connections are instant and are maintained even when
devices are not within line of sight. The range of each radio is approximately 10m,
but can be extended to 100 m with an optional amplifier.
Ad hoc networking: A device equipped with a Bluetooth radio can establish instant
connection to another Bluetooth radio as soon as it comes into range.
Advantages:
A single handset can work as an intercom in the office, as a PSTN phone whenever
an access point to the PSTN is available, and as a mobile.
The Bluetooth link does not need the line-of-sight. So a mobile could connect to a
laptop even while it is in the briefcase and allow access to such facilities as e-mail.
 Seamless connectivity between the user’s PDA, laptop, and mobile allows
applications to automatically update and synchronize schedules and other data when
modifications are made on one device.
Wireless headset allows users to access mobile and audio services even while the
device is in their pocket. Thus hands-free operation is possible.
Hands-free devices allow users to access their phones without letting their hands off
the steering wheel.

Drawbacks:

A major problem that a Bluetooth technology face is that the federal

communication commission (FCC), US are looking at expanding the range of devices
that use the same radio frequencies as Bluetooth devices. That would interfere
communications between Bluetooth enabled devices. There are also concerns about use
of Bluetooth on airplanes. While cell phones and pagers are usually turned off in flight
bluetooth has been designed to maintain uninterrupted connections even while in motion.

Conclusion:

Designed as a cable-replacement technology, Bluetooth wireless technology is

well suited to the connectivity requirements of WPANs composed of portable computers,
PDAs, mobile phones, and printers. It is ideally suited to mobile devices (particularly
PDAs) because of their small size, low power requirements, and applications (mobile
phone wireless WAN connectivity, peer-to-peer business card or calendar exchange, and
wireless synchronization). As the technology matures, implementations increase, and
native operating system support becomes available, interoperability and ease-of-use
issues should diminish. Industries are committed to provide Bluetooth solutions that meet
customer needs, have been thoroughly tested for compliance, and coexist with Wi-Fi
networks. The possibility for new applications is very exciting with this versatile
technology. The Bluetooth communication device will thus be a small, low powered
radio in a chip that will talk to other Bluetooth enabled products. Bluetooth has been
designed to solve a no. of connectivity problems experienced by the mobile workers &
consumers. Thus, this technology helps make the electronic devices more user-friendly.

References:

• “Wireless Communications and Networks “ by William Stallings.

• “Electronics for You” July, 2002 issue & June 2001.
• www.palowireless.com
• www.nokia.com