from the bluetooth standard to standard compliant 0 days
play

From the Bluetooth Standard to Standard-Compliant 0-days Daniele - PowerPoint PPT Presentation

Jan 30, 2023 •503 likes •876 views

Hardwear.io Virtual Con 2020 From the Bluetooth Standard to Standard-Compliant 0-days Daniele Antonioli and Mathias Payer Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days 1

  1. Hardwear.io Virtual Con 2020 From the Bluetooth Standard to Standard-Compliant 0-days Daniele Antonioli and Mathias Payer Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days 1

  2. Who We Are • Daniele Antonioli ◮ Security researcher, Postdoc at EPFL ◮ @francozappa ◮ More: https://francozappa.github.io • Mathias Payer ◮ Security researcher, Professor at EPFL ◮ @gannimo ◮ More: https://nebelwelt.net/ • We are researchers in the HexHive group ◮ System security topics ◮ More: https://hexhive.epfl.ch/ Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bio 2

  3. Bluetooth Standard • Bluetooth Standard ◮ Complex document (Bluetooth Core v5.2, 3.256 pages) ◮ Specifies Bluetooth Classic (BT) and Bluetooth Low Energy (BLE) https://www.bluetooth.com/specifications/bluetooth-core-specification/ Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Cover 3

  4. Standard-Compliant 0-days • Standard-compliant 0-day (security vulnerability) ◮ Unknown and/or unaddressed ◮ Agnostic to hardware, and software implementation details ◮ Very effective (1 vuln = all standard-compliant devices are exploitable) ◮ Difficult to patch (firmware upgrades, device recall) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Cover 4

  5. Key Negotiation of Bluetooth (KNOB) Attacks • KNOB attacks on Bluetooth Low Energy (BLE) and Bluetooth Classic (BT) ◮ Exploiting standard-compliant 0-days in Bluetooth key negotiation • Related work (cc: Nils Tippenhauer and Kasper Rasmussen) ◮ “The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR” [SEC19] ◮ “Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy” [TOPS20] Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Cover 5

  6. Bluetooth Security Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 6

  7. Bluetooth Security Overview • Pairing ◮ Establish a long term key (SSP based on ECDH) • Secure session establishment ◮ Establish a session key (derived from pairing key) • Security mechanisms ◮ Association: protect against man-in-the-middle attacks ◮ Key negotiation : negotiate a key with variable entropy (strength) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 7

  8. Bluetooth Threat Model Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 8

  9. Bluetooth Threat Model Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 8

  10. Bluetooth Threat Model Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 8

  11. Bluetooth Threat Model Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Bluetooth Security 8

  12. KNOB attack on BLE Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 9

  13. BLE Pairing: Overview Alice (master) Bob (slave) A B Phase 1: Feature exchange (including key negotation) Phase 2: key establishment and optional authentication Phase 3: key distribution (over encrypted link) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 10

  14. BLE Pairing: Key Negotiation Alice (master) Bob (slave) A B Phase 1: Feature exchange (including key negotation) Pairing Request: IO, AuthReq, KeySize, InitKey, RespKey Pairing Response: IO, AuthReq, KeySize, InitKey, RespKey • Key negotiation issues (standard-compliant 0-days) ◮ KeySize negotiation is not protected , i.e. no integrity, no encryption ◮ KeySize values between 7 bytes and 16 bytes Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 11

  15. KNOB Attack on BLE Feature Exchange Alice (master) Charlie (attacker) Bob (slave) A C B Phase 1: Feature exchange (including key negotiation) IO, AuthReq, KeySize: 16, InitKeys, RespKeys IO, AuthReq, KeySize: 7 , InitKeys, RespKeys IO, AuthReq, KeySize: 7 , InitKeys, RespKeys IO, AuthReq, KeySize: 16, InitKeys, RespKeys Phase 2: Key establishment and optional authentication Phase 3: Key distribution over encrypted link • KNOB attack on BLE pairing ◮ Attacker downgrades KeySize to 7 bytes ◮ Victims’ pairing and session keys have 7 bytes of entropy ◮ Attacker brute-forces the low-entropy keys Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 12

  16. Implementation of KNOB Attack on BLE • Security Manager Protocol (SMP) manipulation ◮ Implemented in the BLE host (OS) • Custom Linux kernel ◮ net/bluetooth/smp.c : SMP_DEV(hdev)->max_key_size = 7 • Custom user-space BLE stack ◮ Based on PyBT ( https://github.com/mikeryan/PyBT ) ◮ That is based on scapy ( https://scapy.net ) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 13

  17. Evaluation of BLE KNOB Attack (19 devices, from Oct 2019) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BLE 14

  18. KNOB attack on BT Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 15

  19. BT Pairing • Alice and Bob ◮ Securely paired over BT in absence of Charlie ◮ Share a strong pairing key (16 bytes of entropy) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 16

  20. BT Session Establishment: Overview Alice (master) Bob (slave) A B Phase 1: Pairing key authentication Phase 2: Session key negotation Phase 3: Start encryption Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 17

  21. BT Session Establishment: Session Key Negotiation Alice (master) Bob (slave) A B Phase 2: Session key negotation Key entropy: 16 Key entropy: 15 Accept • Key negotiation issues (standard-compliant 0-days) ◮ Key entropy negotiation is not protected , i.e. no integrity, no encryption ◮ Key entropy values between 1 byte and 16 bytes Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 18

  22. KNOB Attack on BT Session Key Negotiation Alice (master) Charlie (attacker) Bob (slave) A C B Phase 1: Pairing key authentication Phase 2: Session key negotation Key entropy: 16 Key entropy: 1 Key entropy: 1 Accept Accept Phase 3: Start encryption • KNOB attack on BT secure session establishment ◮ Attacker downgrades key entropy to 1 bytes ◮ Attacker brute-forces the low-entropy key Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 19

  23. Implementation of KNOB Attack on BT • Link Manager Protocol (LMP) manipulation ◮ Implemented in the BT controller (firmware) • Custom version of internalblue ◮ RE Nexus 5 BT firmware ◮ Write ARM patches for LMP ◮ Patch Nexus 5 at runtime Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 20

  24. Evaluation of BT KNOB Attack (38 devices, from Jun 2019) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 21

  25. Evaluation of BT KNOB Attack (38 devices, from Jun 2019) Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days KNOB BT 21

  26. KNOB Attacks Countermeasures Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Countermeasures 22

  27. Our countermeasures for BT and BLE • Legacy-compliant ◮ Set minimum entropy value to 16 bytes ◮ Enforce key entropy of 16 bytes • Non legacy-compliant ◮ Integrity protect key negotiation ◮ Remove entropy negotiation feature Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Countermeasures 23

  28. Bluetooth SIG amended the standard (2019-08-13) • Erratum 11838: Encryption Key Size Updates ◮ BT minimum entropy value now is 7 bytes, BLE stays the same ◮ Mandatory for Bluetooth versions: 4.2, 5.0, 5.1, 5.2 https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=470741 Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days Countermeasures 24

Recommend

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth Today Bluetooth Special Interests Group Compatible with a multitude of devices Widespread IEEE Standard Secure

230 views • 7 slides
and more... The standard library is the collection of functions and types that is supplied with

and more... The standard library is the collection of functions and types that is supplied with

Containers, algorithms and more... The standard library is the collection of functions and types that is supplied with every standard-compliant C++ compiler What should be in the standard library? And equally important: what should not

929 views • 38 slides
Reading Strand and Ideas Standard Statement 9 Range of Reading and Standard Statement 10 Level

Reading Strand and Ideas Standard Statement 9 Range of Reading and Standard Statement 10 Level

Standard Statement 1 Standard Statement 2 Key Ideas and Details Standard Statement 3 Reading: Literature Standard Statement 4 Standard Statement 5 Craft and Structure Standard Statement 6 Standard Statement 7 Integration of Knowledge

391 views • 16 slides
The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h

The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h

The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h printf, scanf, puts, gets, open, close, read, write, fprintf, fscanf, fseek, Memory and string operations string.h memcpy, memcmp, memset,

1.02k views • 54 slides
Standard 3. Accreditation and Assessment Standard 8. Compliance Standard 9. Virginia Index of

Standard 3. Accreditation and Assessment Standard 8. Compliance Standard 9. Virginia Index of

The Standards of Quality (SOQ) Standard 3. Accreditation and Assessment Standard 8. Compliance Standard 9. Virginia Index of Performance Recognition Program Dr. Cynthia A. Cave Assistant Superintendent for Policy and Communications

626 views • 31 slides
Standard Seven: The blood standard quality improvement cycle Philippa Kirkpatrick The NSQHS

Standard Seven: The blood standard quality improvement cycle Philippa Kirkpatrick The NSQHS

Standard Seven: The blood standard quality improvement cycle Philippa Kirkpatrick The NSQHS Standards Standard 1 Standard 2 Governance for Safety and Partnering with Quality in Health Consumers Service Organisations Standard 3 Healthcare

649 views • 32 slides
Standard Error & Confidence Interval Standard Error A particular kind of standard

Standard Error & Confidence Interval Standard Error A particular kind of standard

Standard Error & Confidence Interval Standard Error A particular kind of standard deviation Standard Error := standard deviation of the sampling distribution of a statistic Statistic := a function of a dataset (e.g., mean, median,

578 views • 33 slides
Nature provides no standard of length Nature provides no standard of volume Nature provides no

Nature provides no standard of length Nature provides no standard of volume Nature provides no

THE PENDULUM AND THREE STANDARDS THAT MEASURED THE ANCIENT WORLD And the Mystery of the Parthenon revealed Nature provides no standard of length Nature provides no standard of volume Nature provides no standard of weight Nature provides three

567 views • 23 slides
THE STANDARD C LIBRARY THE STANDARD C LIBRARY Common functions we dont need to write

THE STANDARD C LIBRARY THE STANDARD C LIBRARY Common functions we dont need to write

THE STANDARD C LIBRARY THE STANDARD C LIBRARY Common functions we dont need to write ourselves Provides a portable interface to many system calls Analogous to class libraries in Java or C++ Function prototypes declared in standard

641 views • 40 slides
Oklahoma Standard @OP OPSRead eadines ess okschoolrea eadines ess.org Oklahoma Standard

Oklahoma Standard @OP OPSRead eadines ess okschoolrea eadines ess.org Oklahoma Standard

Oklahoma Standard @OP OPSRead eadines ess okschoolrea eadines ess.org Oklahoma Standard Origins Project HOPE Hopeful Futures COVID-19 Oklahoma Standard Story Gathering OTTAWA WOODS ALFALFA WASHINGTON KAY NOWATA HARPER

383 views • 10 slides
APT TECHNICAL CPD - MAF STANDARD COSTING Standard Costing Nicholas Riemer

APT TECHNICAL CPD - MAF STANDARD COSTING Standard Costing Nicholas Riemer

APT TECHNICAL CPD - MAF STANDARD COSTING Standard Costing Nicholas Riemer Nicholas.Riemer@firstrand.co.za Agenda Workflow to understanding standard costing What is standard costing? Generic Problem Industry considerations? What

808 views • 50 slides
Standard Introduction of the new Standard to key Stakeholders Welcome to the Builders Merchants

Standard Introduction of the new Standard to key Stakeholders Welcome to the Builders Merchants

Trade Supplier Level 2 Apprenticeship Standard Introduction of the new Standard to key Stakeholders Welcome to the Builders Merchants Federation (BMF) John Newcomb Chief Executive, BMF 2 Welcome and Introductions Margaret Fitzsimons

1.2k views • 84 slides
Standard Drilling Standard Drilling Company Presentation June 2012 PURPOSE S.D. Standard Drilling

Standard Drilling Standard Drilling Company Presentation June 2012 PURPOSE S.D. Standard Drilling

Standard Drilling Standard Drilling Company Presentation June 2012 PURPOSE S.D. Standard Drilling was established for the purpose of creating shareholder value by building a premium oilfield services company through superior assets, systems and

673 views • 33 slides
SQL Structured Query Language Standard for relational db systems History:

SQL Structured Query Language Standard for relational db systems History:

SQL Structured Query Language Standard for relational db systems History: Developed at IBM in late 70s First standard: SQL-86 Second standard: SQL-92 Third standard: SQL-99 or SQL3, well over 1000 pages! The nice things

320 views • 27 slides
PHILIPPINE AGRICULTURAL ENGINEERING STANDARD PAES 102 : 2000 Foreword This standard is a

PHILIPPINE AGRICULTURAL ENGINEERING STANDARD PAES 102 : 2000 Foreword This standard is a

PHILIPPINE AGRICULTURAL ENGINEERING STANDARD PAES 102 : 2000 Foreword This standard is a revision of the Standard Administrative Order (SAO) 399:1980 Operator Manuals and Technical Publications for Agricultural Tractors and

411 views • 15 slides
BIAS: Bluetooth Impersonation AttackS Daniele Antonioli (EPFL), Nils Tippenhauer (CISPA), Kasper

BIAS: Bluetooth Impersonation AttackS Daniele Antonioli (EPFL), Nils Tippenhauer (CISPA), Kasper

IEEE S&P 2020 BIAS: Bluetooth Impersonation AttackS Daniele Antonioli (EPFL), Nils Tippenhauer (CISPA), Kasper Rasmussen (Oxford Univ.) Daniele Antonioli ( @francozappa ) BIAS: Bluetooth Impersonation AttackS 1 Bluetooth standard

923 views • 34 slides
The Canadian Cairn Terrier Standard History The Cairn Terrier standard initially fell under the

The Canadian Cairn Terrier Standard History The Cairn Terrier standard initially fell under the

The Canadian Cairn Terrier Standard History The Cairn Terrier standard initially fell under the country of origin standard (U.K. Kennel club standard), when Cairns were first imported to Canada and the USA . 1921- the first Canadian and American

715 views • 25 slides
EPA Update on Air Quality Standard for Ozone: Designations/Implementation for 2008 Standard Five

EPA Update on Air Quality Standard for Ozone: Designations/Implementation for 2008 Standard Five

EPA Update on Air Quality Standard for Ozone: Designations/Implementation for 2008 Standard Five Year Review of the Standard Carl Young U.S. EPA Region 6 December 5, 2011 1997 8-Hour Ozone Standards 0.08 parts per million (ppm) or 84 parts

361 views • 10 slides
OAuth 2.0 Ein Standard wird erwachsen Uwe Friedrichsen (codecentric AG) Berlin Expert Days

OAuth 2.0 Ein Standard wird erwachsen Uwe Friedrichsen (codecentric AG) Berlin Expert Days

OAuth 2.0 Ein Standard wird erwachsen Uwe Friedrichsen (codecentric AG) Berlin Expert Days 2013 4. April 2013 Uwe Friedrichsen @ufried <session> <no-code> <motivation /> <history /> <solution />

1.03k views • 44 slides
SQL SQL SQL = Structured Query Language Standard query language for relational

SQL SQL SQL = Structured Query Language Standard query language for relational

SQL SQL SQL = Structured Query Language Standard query language for relational DBMSs History: Developed at IBM in late 70s 1 st standard: SQL-86 2 nd standard: SQL-92 3 rd standard: SQL-99 or SQL3, well over 1000 pages

643 views • 22 slides
Employ oyee T ee Training DOLI Emergency Standard DOLI Standard 16 VAC 25-220, Emergency

Employ oyee T ee Training DOLI Emergency Standard DOLI Standard 16 VAC 25-220, Emergency

Employ oyee T ee Training DOLI Emergency Standard DOLI Standard 16 VAC 25-220, Emergency Temporary Standard Infectious Disease Prevention: SARS-CoV-2 Virus That Causes COVID-19 Training Requirements The Standard Requirements

817 views • 42 slides
Uniform 2015/16 Raising the Standard Improved Standards Maintaining the Standard Much has been

Uniform 2015/16 Raising the Standard Improved Standards Maintaining the Standard Much has been

Uniform 2015/16 Raising the Standard Improved Standards Maintaining the Standard Much has been achieved in the last few years to improve the standard of uniform and we thank all parents for their support with this. We encourage you to

484 views • 19 slides
Uniform Raising the Standard Improved Standards Maintaining the Standard Much has been achieved

Uniform Raising the Standard Improved Standards Maintaining the Standard Much has been achieved

Uniform Raising the Standard Improved Standards Maintaining the Standard Much has been achieved in the last few years to improve the standard of uniform and we thank all parents for their support with this. We encourage you to continue to

593 views • 19 slides
Sensors in 3D UI 7/12/2011 The Wiimote Device Wiimote features Uses Bluetooth for

Sensors in 3D UI 7/12/2011 The Wiimote Device Wiimote features Uses Bluetooth for

Sensors in 3D UI 7/12/2011 The Wiimote Device Wiimote features Uses Bluetooth for communication Senses acceleration along 3 axes Optical sensor for pointing (uses sensor bar) Provides audio and rumble feedback Standard

500 views • 10 slides

More recommend