kuo bluetooth pairing
Post on 05-Apr-2018
238 Views
Preview:
TRANSCRIPT
-
7/31/2019 Kuo Bluetooth Pairing
1/36
1
Low-cost Manufacturing, Usability, and Security:
An Analysis of Bluetooth Simple Pairing andWi-Fi Protected Setup
Cynthia Kuo Carnegie Mellon University
Jesse Walker Intel Corporation
Adrian Perrig Carnegie Mellon University
-
7/31/2019 Kuo Bluetooth Pairing
2/36
2
Device Introduction
Goal: Establish authenticationcredentials between two devices that
have not yet done so Terminology
Introduction = setup = pairing
-
7/31/2019 Kuo Bluetooth Pairing
3/36
3
Device Introduction
Bluetooth Wi-Fi
Pair two devices in amaster/slave relationship
Enroll one device intoan existing network,assuming initial network
setup completed
-
7/31/2019 Kuo Bluetooth Pairing
4/36
4
Overview
Define secure and usable deviceintroduction
Summarize setup methods in BluetoothSimple Pairing and Wi-Fi ProtectedSetup
Discuss potential causes of poorsecurity and usability
Recommend improvements
-
7/31/2019 Kuo Bluetooth Pairing
5/36
5
Device 1
Device 2
Secure Introduction Criteria
1. Conforms to standard model
In-band
Channel
Active Attacker
Out-of-band Channel
(e.g., Cable, NFC)
-
7/31/2019 Kuo Bluetooth Pairing
6/36
6
Secure Introduction Criteria
1. Conforms to standard model
Accepted by cryptographers
2. Provides high level of security No more than 2-30 probability of success 280 cryptographic operations required through 2010
Assume attackers can perform 250 operations
3. Preserves simplicity Easier to find and correct vulnerabilities in
simpler systems
-
7/31/2019 Kuo Bluetooth Pairing
7/367
Usable Introduction Criteria
1. Verifies in-band connection betweendevices
2. Handles errors User experience interoperability better
application design and better support
3. Maintains a consistent userexperience across devices
Learning
-
7/31/2019 Kuo Bluetooth Pairing
8/368
Overview
Define secure and usable deviceintroduction
Summarize setup methods in BluetoothSimple Pairing and Wi-Fi ProtectedSetup
Discuss potential causes of poorsecurity and usability
Recommend improvements
-
7/31/2019 Kuo Bluetooth Pairing
9/369
Setup Methods
Bluetooth Wi-Fi
Copy Passkey Entry PIN
Compare NumericComparison
-
Auto Just Works Push ButtonConfiguration
Out-of-band Out-of-band Out-of-band
-
7/31/2019 Kuo Bluetooth Pairing
10/3610
Evaluating Each Setup Model
Secure
Usable
[Overall]3. Simplicity
Probability of attack success2. Security
Out-of-band channel1. Standard model
[Overall]3. Consistent UX
Error handling2. Error handling
Connection verification1. Connection verification
-
7/31/2019 Kuo Bluetooth Pairing
11/3611
Copy Setup Methods
Out-of-band channel Visual & Human
Probability of attack success > 2-20 (6) / > 2-14 (4); > 2-27 (8)
Connection verification ? (Implementation issue)
Error handling Start over / ?
-
7/31/2019 Kuo Bluetooth Pairing
12/3612
Compare Setup Method
Out-of-band channel Visual & Human
Probability of attack success > 2-20
Connection verification ?
Error handling Start over
Bluetooth only
-
7/31/2019 Kuo Bluetooth Pairing
13/3613
Auto Setup Methods
Out-of-band channel None
Probability of attack success Very likely
Connection verification ?
Error handling Start over / ?
-
7/31/2019 Kuo Bluetooth Pairing
14/3614
Out-of-Band Setup Method
Out-of-band channel Out-of-band channel
Probability of attack success Depends on channel
Connection verification ?
Error handling Start over / ?
-
7/31/2019 Kuo Bluetooth Pairing
15/3615
Overview
Define secure and usable deviceintroduction
Summarize setup methods in BluetoothSimple Pairing and Wi-Fi ProtectedSetup
Discuss causes of poor security andusability
Recommend improvements
-
7/31/2019 Kuo Bluetooth Pairing
16/3616
Evaluating Each Setup Model
Secure
Usable
[Overall]3. Simplicity
Probability of attack success2. Security
Out-of-band channel1. Standard model
[Overall]3. Consistent UX
Error handling2. Error handling
Connection verification1. Connection verification
[Overall]
Probability of attack success
Out-of-band channel
[Overall]
Error handling
Connection verification
-
7/31/2019 Kuo Bluetooth Pairing
17/3617
Preserving Simplicity
Complex systems harder to fullyanalyze for vulnerabilities
Each setup mode has its own issues
Multiple setup modes per device leadsto many possible setup combinations
-
7/31/2019 Kuo Bluetooth Pairing
18/3618
Combinations of Setup Methods
Bluetooth Wi-Fi
Possiblecombinationsbetween any twodevices
120
Possiblecombinations perdevice
15
Pairing models4 3 Pairing models
7 Possiblecombinations perdevice
28 Possiblecombinationsbetween any twodevices
-
7/31/2019 Kuo Bluetooth Pairing
19/3619
Interactive Complexity
Difficult to consider all the potentialsystem states during design,
implementation, and evaluation Difficult to handle so many different
possible situations (especially a rare
situation or error)
-
7/31/2019 Kuo Bluetooth Pairing
20/3620
Reducing Complexity
Reduce number of combinations byprioritizing setup models
Reduce number of setup models
-
7/31/2019 Kuo Bluetooth Pairing
21/3621
Auto Setup Methods
Works if No other devices in setup mode
in wireless range
No errors
Never secure againstmalicious device within range Active attacker must be
physically present
Bluetooth Just Works andWi-Fi Push Button Configurationsupported for low-cost manufacturing
Devices withno screens
-
7/31/2019 Kuo Bluetooth Pairing
22/36
22
Combinations of Setup Methods
Bluetooth Wi-Fi
Possiblecombinationsbetween any twodevices
120
Possiblecombinations perdevice
15
Pairing models4 3 Pairing models
7 Possiblecombinations perdevice
28 Possiblecombinationsbetween any twodevices
3 Pairing models
7 Possiblecombinations perdevice
28 Possiblecombinationsbetween any twodevices
2 Pairing models
3 Possiblecombinations perdevice
6 Possiblecombinationsbetween any twodevices
-
7/31/2019 Kuo Bluetooth Pairing
23/36
23
Evaluating Each Setup Model
Secure
Usable
[Overall]3. Simplicity
Probability of attack success2. Security
Out-of-band channel1. Standard model
[Overall]3. Consistent UX
Error handling2. Error handling
Connection verification1. Connection verification
[Overall]
Probability of attack success
Out-of-band channel
[Overall]
Error handling
Connection verification
-
7/31/2019 Kuo Bluetooth Pairing
24/36
24
Issues in UX Consistency
Wording
User interaction flow Setup initiation Device or user?
Entering and exitingsetup mode
Basic checks Wireless enabled?
Timeout values forPINs
Prioritization of setupmethods
Connectionverification
Error handling Recovery
Messages Technical support
Documentation
Absent from specifications:
-
7/31/2019 Kuo Bluetooth Pairing
25/36
25
Importance of Consistency
Fewer setup methods improvesconsistency
Rewards learning
Raises quality of error handling,documentation, and technical support Cross-vendor, cross-product
Reduces confusion about level of securityassurance
Minimizes implementation work
-
7/31/2019 Kuo Bluetooth Pairing
26/36
26
Overview
Define secure and usable deviceintroduction
Summarize setup methods in BluetoothSimple Pairing and Wi-Fi ProtectedSetup
Discuss causes of poor security andusability
Recommend improvements
-
7/31/2019 Kuo Bluetooth Pairing
27/36
27
In-band Setup Copy: Bluetooth Passkey Entry or Wi-Fi PIN Static Copy: PIN entry using a PIN on a sticker Compare: Bluetooth Numeric Comparison Auto: Bluetooth Just Works or Wi-Fi Push Button Configuration
Copy orCompare
Copy orCompare
Copy orCompare
Copy Static Copy Static Copy
Compare Compare Copy Auto Auto
Auto Copy Auto Auto
Static Copy Static Copy Static Copy
Auto Auto
Auto
-
7/31/2019 Kuo Bluetooth Pairing
28/36
28
P(Attack Success): In-band
2-14 2-27
First time only (2-20 2-27)No real security (no out-of-band channel)
At least 2 buttonsOut-of-band capability (visual & human)
-
7/31/2019 Kuo Bluetooth Pairing
29/36
29
P(Attack Success): Out-of-band
Only mode capable of attack success probability ~ 2-30
Assumes that selected out-of-band method is a good one Assumes same setup mode can be used for all devices
-
7/31/2019 Kuo Bluetooth Pairing
30/36
30
Recommendations
1. Common denominator of hardware features At least 2 buttons
Out-of-band capability
-
7/31/2019 Kuo Bluetooth Pairing
31/36
31
Usability: Feedback Capability
Screens used to confirm setup ordisplay error messages
Applies to in-band and out-of-band
Good
Passable
None
-
7/31/2019 Kuo Bluetooth Pairing
32/36
32
Example: LED / One Button
Plantronics Discovery 640 Bluetooth Headset User Guide
-
7/31/2019 Kuo Bluetooth Pairing
33/36
33
Recommendations
1. Common denominator of hardware features At least 2 buttons
Out-of-band capability
Screen on at least one device (both preferable)2. Common user experience
Common menu options, wording, userinteraction flow, error logging
Promotes Consistency across devices and protocols
Interoperability of user interfaces
Error handling and recovery
-
7/31/2019 Kuo Bluetooth Pairing
34/36
34
Selected Related Work
Usability evaluation of different pairingschemes (Uzun et al.)
Setup in HomePlug (Newman et al.)
Interactive complexity (Leveson) Importance of consistency (Endsley et al.)
Schemes for exchanging authentication
credentials using demonstrative identification Resurrecting Duckling (Stajano et al.) Talking to Strangers (Balfanz et al.)
Seeing-Is-Believing (McCune et al.)
-
7/31/2019 Kuo Bluetooth Pairing
35/36
35
Conclusion
Networking relies on interoperability
For security applications, UI should not
be product differentiator Standardization of certain UX aspects
can benefit technology in the same way
as protocol standardization
-
7/31/2019 Kuo Bluetooth Pairing
36/36
Thank you!
Questions? Comments?
cykuo@cmu.edu
mailto:cykuo@cmu.edumailto:cykuo@cmu.edu
top related