[ISN] REVIEW: "Bluetooth Security", Christian Gehrmann/Joakim Persson/Ben Smeets

From: InfoSec News (isn@private)
Date: Tue Jul 13 2004 - 01:25:10 PDT

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKBLTSEC.RVW   20040622

"Bluetooth Security", Christian Gehrmann/Joakim Persson/Ben Smeets,
2004, 1-58053-504-6, U$79.00/C$114.95
%A   Christian Gehrmann
%A   Joakim Persson
%A   Ben Smeets
%C   685 Canton St., Norwood, MA   02062
%D   2004
%G   1-58053-504-6
%I   Artech House/Horizon
%O   U$79.00/C$114.95 617-769-9750 artech@artech-house.com
%O  http://www.amazon.com/exec/obidos/ASIN/1580535046/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/1580535046/robsladesin03-20
%P   204 p.
%T  "Bluetooth Security"

Part one presents the basics of Bluetooth security.  Chapter one is an
introduction to the Bluetooth protocol suite (mostly at the packet
level), and also mentions a few security concepts (in a somewhat
haphazard manner).  The overview of Bluetooth security, in chapter
two, could be clearer: some minutia (such as the bit lengths of
various components of key generation) obscure the basic concepts,
while other specifics (such as the algorithms used) are missing where
they could support the text.  Pairings and key management rely on a
considerable amount of alphabet soup, making frequent references to
the list of acronyms a necessity.  The detailed descriptions make the
explanations difficult, but would make cryptographic analysis possible
for the determined reader.  The algorithms are laid out in chapter
four: although most are based on SAFER+ the greatest emphasis is given
to the E(0) stream cipher.  Chapter five looks at the encryption used
in a broadcast to all members of a piconet.  The discussion of
security policy and access control, in chapter six, deals mostly with
the services required, rather than provided.  A lot of time is spent
analysing cryptographic strength of the algorithms, in chapter seven,
only to come to the conclusion that the greatest problem lies in
pairing and tracking.

Part two deals with Bluetooth security enhancements, still in
development.  Chapter eight discusses anonymity, in terms of varying
the device address to avoid tracking, and the requirements for such a
scenario.  Improved key management, using asymmetric encryption or
challenge-response type systems, is considered in chapter nine.  
Chapter ten deliberates on refinement of some standard Bluetooth

Bluetooth security is not well known, despite the proliferation of
Bluetooth enabled devices.  While this book has a number of
shortcomings in terms of writing, the material provides an
introduction to a number of important considerations.

copyright Robert M. Slade, 2004   BKBLTSEC.RVW   20040622

======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
If you can't say anything good about someone, sit right here by
me.                                      - Alice Roosevelt Longworth
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 02:44:11 PDT