Journal of Networking Technology

DLINE Journals portal

Home

New Journals

Browse Journals

Journal Prices

For Authors

Print ISSN: 0976-898X
Online ISSN: 0976-8998

About JNT
	DLINE Portal Home Home Aims & Scope Editorial Board Current Issue Next Issue Previous Issue Sample Issue Upcoming Conferences Self-archiving policy Alert Services Be a Reviewer Publisher Paper Submission Subscription Contact us

How To Order
	Order Online Price Information Request for Complimentary Print Copy

For Authors
	Guidelines for Contributors Online Submission Call for Papers Author Rights

RELATED JOURNALS

Journal of Digital Information Management (JDIM)

International Journal of Computational Linguistics Research (IJCL)

International Journal of Web Application (IJWA)

Journal of Networking Technology

Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

Ian Lowe, William J Buchanan, Richard Macfarlane, Owen Lo
The Cyber Academy Edinburgh Napier University Edinburgh

Abstract: Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have suggested that the protocol is weak, and prone to a variety of attacks against its authentication, link management and encryption schemes. Key researchers in the field have suggested that reliable passive sniffing of Bluetooth traffic would enable the practical application of a range of currently hypothesised attacks. Restricting BluetoothÃ¢â‚¬â„¢s frequency hopping behaviour by manipulation of the available channels, in order to make brute force attacks more effective has been a frequently proposed avenue of future research from the literature. This paper has evaluated the proposed approach in a series of experiments using the software defined radio tools and custom hardware developed by the Ubertooth project. The work concludes that the mechanism suggested by previous researchers may not deliver the proposed improvements, but describes an as yet undocumented interaction between Bluetooth and Wi-Fi technologies which may provide a Denial of Service attack mechanism.

Keywords: Bluetooth, Channel Usage, Wireless Technology Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

DOI:https://doi.org/10.6025/jnt/2019/10/4/124-155

Full_Text PDF 2.84 MB Download: 380 times

References:

[1] Haartsen, J. C. (2000). The Bluetooth Radio System, IEEE Personal Communications, no. February, p 28–36, 2000. [Online].
Available: http://citeseerx.ist.psu.edu/viewdoc/citations;jsessionid= EC2B8E030D8A95A43A4F0752A1100C74?doi=10.1.1.11.8115
I
[2] Jacobsson, M., Wetzel, S. (2001). Security Weaknesses in Bluetooth, in Topics in Cryptology - CT-RSA 2001. San Francisco:
Springer, 2001, pages 176–191. [Online]. Available: https://link.springer.com/ chapter/10.1007/3-540-45353-9{_}14 I, II-A, II-C, IID,
II-D, V-A
[3] Heffernan, D., Leen, G. (2001). Vehicles without wires, Computing & Control Engineering Journal, 12, (5), p. 205–211, oct
2001. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/ wrapper.htm?arnumber=4062494http://digital
library.theiet.org/content/journals/10.1049/cce{_}20010501 I
[4] Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.
et al. (2011). Comprehensive experimental analyses of automotive attack surfaces. in USENIX Security Symposium. San Francisco,
2011, pages 77–92. I
[5] Cheah, M., Shaikh, S. A., Haas, O., and Ruddle, A. (2017). Towards a systematic security evaluation of the automotive
bluetooth interface, Vehicular Communications, vol. 9, pages 8–18, 2017. I
[6] Shaked, Y., and Wool, A. (2005).“Cracking the Bluetooth PIN,” Proceedings of the 3rd international conference on Mobile
systems, applications, and services - MobiSys ’05, pages 39–50, 2005. [Online]. Available: http:// portal.acm.org/
citation.cfm?doid=1067170.1067176 I, II-C1, II-D, II-D, III, II-D, II-D
[7] Spill, D., and Bittau, A. (2007). BlueSniff: Eve meets Alice and Bluetooth, WOOT ’07 Proceedings of the first USENIX
workshop on Offensive Technologies, p. 10, 2007. [Online]. Available: http://dl.acm.org/citation.cfm?id=1323276.1323281 I, II-A,
II-A1, II-A2, II-A3, II-D1, II-D1, II-D2, III-B, IV-A, IV-C, V-A, V-A
[8] Huang, J., Albazrqaoe, W., and Xing, G. (2014). BlueID: A practical system for Bluetooth device identification, in Proceedings
- IEEE INFOCOM, 2014, pages2849–2857. I, II-A, II-A2, II-D3, III-B, III-G, III-I, IV-C
[9] Dunning, J. P. (2010).“Taming the blue beast: A survey of bluetooth based threats,” IEEE Security and Privacy, vol. 8, no. 2,
pages. 20– 27, 2010. II, I
[10] Haines, B. (2010). “Bluetooth Attacks,” in Seven Deadliest Wireless Technologies Attacks. Elsevier, 2010, ch. 3, pp. 43–55.
[Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/B9781597495417000035 II
[11] Chokshi, R. (2010). “Yes! Wi-Fi and Bluetooth Can Coexist in Handheld Devices,” Marvell Semiconductor, Inc., Tech. Rep.
March, 2010. [Online]. Available: http://www.marvell.com/wireless/assets/ Marvell-WiFi-Bluetooth-Coexistence.pdf II-A, III-F
[12] Pelzl, J., and Wollinger, T. (2006). Security Aspects of Mobile Communication Systems, in Embedded Security in Cars, K.
Lemke, C. Paar, and M. Wolf, Eds. Berlin/Heidelberg: Springer-Verlag, 2006, pp. 167–185. [Online]. Available: http://link.springer.com/
10.1007/3-540-28428-1 II-A, II-A1, II-A1
[13] Ossmann, M., and Spill, D. (2009). Building an All-Channel Bluetooth Monitor, in ShmooCon 09, 2009, p. 102. II-A, II-A, IID2,
II-D3.
[14] Bluetooth SIG, Bluetooth 2.1, Bluetooth Special Interest Group, Tech. Rep. July, 2007. [Online]. Available: https://
www.bluetooth.com/specifications/adopted-specifications/legacy-specifications II-A, II-A2, II-A3, II-C2, II-D1, IV-B
[15] Naggs, T. (2013). Ubertooth Mailing List, 2013. [Online]. Available: https://sourceforge.net/p/ubertooth/mailman/message/
31237673/ II-A, IV-C
[16] Chen, L., Cooper, P., and Liu, Q. (2012). Security in Bluetooth Networks and Communications, in Wireless Network Security,
L. Chen, J. Ji, and Z. Zhang, Eds. Beijing: Springer, 2012, pages 77–94. II-A, II-C1
[17] Albazrqaoe, W., Huang, J., and Xing, G. (2016). Practical Bluetooth Traffic Sniffing : Systems and Privacy Implications, in
MobiSys 16 Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. Singapore:
ACM, 2016, pp. 333–345. [Online]. Available: http://dl.acm.org/citation.cfm? doid=2906388.2906403 II-A, II-D4, II-D4, III-B, III-B,
III-C, III-G, III-G, III-G, IV-A, IV-C, IV-D, V-A, V-A
[18] Ryan, M. (2013). Bluetooth: With Low Energy Comes Low Security, Proceedings of the 7th USENIX Conference on Offensive
Technologies, page 4, 2013. [Online]. Available: http://dl.acm.org/citation.cfm?id=2534748.2534754 II-A1
[19] Albazrqaoe, W. (2011). A Study of Bluetooth Frequency Hopping Sequence: Modeling and a Practical Attack, Masters
Thesis, Michigan State University, 2011. II-A1, II-D3
[20] Hodgdon, C. (2003). Adaptive Frequency Hopping for Reduced Interference between Bluetooth and Wireless LAN, 2003.
[Online]. Available: https://tinyurl.com/y86ztozk II-A2
[21] Popovski, P., Yomo, H., and Prasad, R. (2006). Strategies for adaptive frequency hopping in the unlicensed bands, IEEE
Wireless Communications, vol. 13, no. 6, pages 60–67, 2006. II-A2
[22] Tabassam, A. A., Heiss, S., and Hoing, M. (2007). Bluetooth Device Discovery and Hop Synchronization by the Eavesdropper,
in 2007 International Conference on Emerging Technologies. IEEE, nov 2007, pages 1–5. [Online]. Available: http://
ieeexplore.ieee.org/ document/4516305/ II-A3, 4, 5
[23] Scarfone, K., Padgette, J., Chen, L. (2008). Guide to Bluetooth security, NIST Special Publication, 1 (1). Guide to Bluetooth
Security, p. 121, 2008. [Online]. Available: http://www.mcs. csueastbay.edu/{~}lertaul/BluetoothSECV1.pdf II-A3, II-C1, II
[24] Seri, B., and Vishnepolsky, G. (2017). BlueBorne, Armis Inc., Tech. Rep., 2017. [Online]. Available: http://go.armis.com/
blueborne-technical-paper II-A3, V-A
[25] Spill, D. (2012). Bluetooth Packet Sniffing Using Project Ubertooth, Ruxcon 2012 Proceedings, 2012. [Online]. Available: http:/
/2012. ruxcon.org.au/assets/rux/Spill-Ubertooth.pdf II-B, II-C2, II-D2, III-B, III-G, III-G
[26] Bluetooth SIG, Bluetooth 5.0, Bluetooth Special Interest Group, Tech. Rep. December, 2016. [Online]. Available: https://
www.bluetooth.org/DocMan/handlers/ DownloadDoc.ashx?doc{_}id=421043 II-C
[27] CPU Benchmark, CPU Comparison, 2017. [Online]. Available: https://www.cpubenchmark.net/
compare.php?cmp[]=3092{&}cmp[]=1074 II-D
[28] Rivertz, H. J. (2005). Bluetooth Security, Norwegian Computing Centre, Oslo, Tech. Rep., 2005. [Online]. Available: papers3: /
/publication/uuid/0f81fe0b-3210-4140-80f2-9cb6bfe8ae44 II-D
[29] Chernyshev, M., Valli, C., Johnstone, M. (2017). Revisiting Urban War Nibbling: Mobile Passive Discovery of Classic
Bluetooth Devices Using Ubertooth One, IEEE Transactions on Information Forensics and Security, 12 (7) 1625–1635, 2017.
[Online]. Available: http://ieeexplore.ieee.org/document/7872410/ III-B
[30] Gummadi, R., Wetherall, D., Greenstein, B., and Seshan, S. (2007). Understanding and mitigating the impact of RF interference
on 802.11 networks, ACM SIGCOMM Computer Communication Review, vol. 37, no. 4, p. 385, 2007. [Online]. Available: http://
portal.acm.org/citation.cfm?doid=1282427.1282424 III-B, III-B, III-C, III-G, III-G, III-H, IV-D, V-A, V-A
[31] Muniz, J., and Lakhani, A. (2013). Web Penetration Testing with Kali Linux. Packt Publishing, 2013. III-G
[32] Neumeier, R., Ostermayer, G. (2013). Analyzing coexistence issues in wireless radio networks: Simulation of Bluetooth interfered
by multiple WLANs, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and
Lecture Notes in Bioinformatics), vol. 83, 10 LNCS, p. 128–138, 2013. IV-D

DLINE Journals portal