Wireless protocol security

Bluetooth

Description: Bluetooth is an open standard for exchanging data, securely, over short
distances to establish wireless personal area networks (WPANs) between up to seven
devices. It is often used to connect devices on a body or within a vehicle.

Several Bluetooth versions are currently in use in commercial devices, of which Bluetooth
4.0 is the most prevalent. The most recent versions are Bluetooth 4.1, which improved the
strengths of the Basic Rate/Enhanced Data Rate (BR/EDR) technology cryptographic key,
device authentication, and encryption. Bluetooth 4.2 improved the strength of the low energy
technology cryptographic key and provided means to convert BR/EDR technology keys to
low energy technology keys and vice versa. The main difference between ver 4. 1 and 4.2 is
that low energy pairing results in the generation of a Long-Term Key and not a Link Key.

Analysis: Bluetooth wireless technology are vulnerable to wireless networking threats, such
as denial of service (DoS) attacks, eavesdropping, man-in-the-middle (MITM) attacks,
message modification, and resource misappropriation.

Bluetooth operation takes place in two stages. In the “pairing" stage, two Bluetooth devices
agree on a pair of keys. First an initialisation key used for mutual authentication is
established via a challenge response protocol based on HMAC-SHA-256. After successful
authentication, the devices also agree on a key for encrypting the traffic. In Bluetooth 2.1
and later this stage is implemented with Elliptic Curve Diffie-Hellman (ECDH) key
agreement.

The encryption mechanism used in Encryption Modes 2 and 3 can be based on either the E0
stream cipher or AES-CCM.

Recommendation: Based on NIST SP800-121r2 (NIST, 2017) it is recommended for

Bluetooth 4.1 devices to use Security Mode 4, Level 4 because it uses authenticated pairing
and 128-bit AES encryption. For Bluetooth 2.1 to 4.0 devices, Security Mode 4, Level 3 is
the most secure. For Bluetooth 2.0 and older devices Security Mode 3 is recommended.
Security Mode 1 devices never initiate security and therefore should never be used.

NIST SP800-121r2 also recommends that for the low energy feature of Bluetooth, Security
Mode 1 Level 4 is the strongest mode. This mode requires authenticated low energy Secure
Connections pairing with Elliptic Curve Diffie-Hellman (ECDH) based encryption. Security
Mode 1 Level 3 requires authenticated pairing and encryption. It does not use ECDH-based
cryptography and thus provides limited eavesdropping protection due to weak encryption.

Organizations should use the strongest Bluetooth security mode that is available for
their Bluetooth devices.

UMTS/LTE

Description: The GSM, UMTS and LTE protocols are designed to secure communications
between a mobile phone and the operator’s base station. The goal being to provide
confidentiality services for the user and authentication services for the mobile phone
operator. The protocols provide a limited form of anonymization of the user, by preventing a
passive eavesdropper from linking one communication with another from the same phone.

The Universal Mobile Telecommunication System (UMTS) and its latest version called Long-
Term Evolution (LTE) are standards for wireless communication in mobile phones and data
terminals. The standards are developed by the 3rd Generation Partnership Project (3GPP)
and the protocols are intended as a replacement for GSM.

In comparison to circuit switched cellular networks of the past, LTE networks utilize packet
switching. An LTE network provides consistent Internet Protocol (IP) connectivity between
an end user's mobile device and IP services on the data network.

Analysis: The protocol operates in two phases, a key-establishment and authentication

phase, and a data transmission phase. The key establishment and authentication are
obtained via symmetric as opposed to public key techniques.

UMTS/LTE replaces the one-way authentication protocol used in GSM with a stronger
protocol called Authentication and Key Agreement (AKA). This is a three party protocol that
involves a mobile station (MS) a serving network (SN) and the home environment (HE).
Upon a successful execution of the protocol MS and SN have confirmed that they
communicate with valid partners and establish a shared key. An additional design goal for
the protocol is to protect the identity of the mobile station.

The key shared between MS and SN is used to implement a bi-directional secure channel
between the two parties. Integrity and confidentiality are implemented via algorithms UEA
(UMTS Encryption Algorithm) and UIA (UMTS Integrity Algorithm). UEA1 is a 128-bit block
cipher called KASUMI. UIA1 is a message authentication code (MAC) based on KASUMI.
UEA2 is a stream cipher related to SNOW 3G, and UIA2 computes a MAC based on SNOW
(ETSI, 2009).

LTE introduced a new set of cryptographic algorithms and a significantly different key
structure than that of GSM and UMTS. There are three sets of cryptographic algorithms for
both confidentiality and integrity called EPS Encryption Algorithms (EEA) and EPS Integrity
Algorithms (EIA). EEA1 and EIA1 are based on SNOW 3G. EEA2 and EIA2 are based on
the AES with EEA2 defined by AES in CTR mode and EIA2 defined by AES-CMAC. EEA3
and EIA3 are both based on the Chinese cipher ZUC (3GPP, 2014).

Recommendation: Compared to previous cellular networks, the security capabilities

provided by LTE are more robust. The additions of mutual authentication between the
cellular network and the phone is a big step forward in improving the security of cellular
networks. The enhanced key separation introduced into the LTE and the mandatory integrity
protection also improves security to a great extent.

WEP/WPA

Description: The WEP/WPA protocols are used to protect communication in wireless

networks by securing the communication between a laptop and the wireless router to which
it connects. A key requirement is to ensure that an eavesdropper is unable to break the
confidentiality of the messages being sent.

WEP (Wired Equivalent Privacy) is specified in the IEEE 802.11 standard. The protocol is
intended to offer confidential and authenticated communication. WPA (Wi-Fi Protected
Access) is a successor of WEP. The WPA2 (IEEE 802.11-2012) is the current version of the
protocol suite most widely used. In January 2018, the Wi-Fi Alliance announced WPA3 as a
replacement to WPA2. The new standard uses 128-bit encryption in WPA3-Personal mode
(192-bit in WPA3-Enterprise).

Analysis: The WEP protocol is symmetric key based and employs RC4 for confidentiality
and CRC32 for authentication. Practical key-recovery attacks against the WEP protocols
have been devised and the protocol is considered completely broken and should not be
used.

WPA (Wi-Fi Protected Access) is a successor of WEP. It employs the Temporal Key Integrity
Protocol (TKIP) with a stronger set of encryption and authentication algorithms. The protocol
fixes some of the design problems in WEP, but some attacks against TKIP have been found
that breaks the basic WPA protocol.

The protocol WPA2 implements the Counter Cipher mode with Message Authentication
Code Protocol (CCMP). This is an encryption scheme that uses AES in CCM mode and
offers both message confidentiality and message authentication.

Recommendation: WEP and WPA should not be used. Users should move to WPA2 as a
matter of urgency.

References

(NIST, 2017) NIST SP800-121r2 Guide to Bluetooth security, National Institute of

Standards and Technology, 2017.

(3GPP, 2014) 3rd Generation Partnership Project, System Architecture Evolution (SAE): Security Architectur
3GPP TS 33.401 V12.12, 2014. http://www.3gpp.org/DynaReport/33401.htm

(ETSI, 2009) ETSI/SAGE, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2.
Document 1: UEA2 and UIA2 Specification, Version 2.1, March 16, 2009.
https://www.gsma.com/aboutus/wp-content/uploads/2014/12/uea2uia2d1v21.pdf

IEEE 802.11-2012 (Revision of IEEE 802.11-2007). Wireless LAN medium access control
MAC and physical layer PHY specifications. Institute of Electrical and Electronics
Engineers Standard, 2012.