huskarl
Huskarl is the product of a final year B.Sc. project that I have co-supervised.
Dragomir Penev has investigated the past and present attacks against Bluetooth's
authentication and key exchange mechanisms, and has developed an alternative
solution based on public key cryptography.
The new protocol utilizes symmetric and asymmetric cryptography to authenticate
two Bluetooth devices, in a way similar to the very popular Secure Shell (SSH)
protocol. There is no dependency on any kind of shared secrets (e.g. PINs), or
other data exchanged between the devices in plaintext. Symmetric encryption is
used to reduce the load that a purely asymmetric protocol would have.
The detailed message exchanges and a performance analysis of Huskarl can be found in
the published paper. In this post I will discuss the choice behind Huskarl's
underlying security model, as this was my major contribution to the project.
As in the case of the SSH security model, Huskarl avoids reliance on any kind of
infrastructure in order to introduce previously unknown Bluetooth entities by
weakening the traditional threat model that assumes a universal omnipresent
adversary. In Huskarl the bindings between digital identities and public keys are
established by
- assuming that the first time a connection happens no attacker substitutes
a legitimate participant's key with his own, or
- via an out of band channel.
The first approach makes the protocol vulnerable to man-in-the-middle attacks on
the first channel establishment between two communicating Bluetooth entities.
Although initial exchanges constitute a very small percentage of a network's total
traffic, there are no guarantees that they will not be compromised. However, in
the case that an attacker manages to perform a man-in-the-middle attack in an
initial exchange between a pair of Bluetooth devices, he then needs to be present
in every subsequent channel establishment between the specific pair. Otherwise,
the devices will notice that the public key of the other party has changed and
therefore know that either the initial or the current exchange has been
compromised. The devices can then abort the communication and remove the offending
public key from their key database, or act according to some other locally defined
policy.
The second approach, i.e. the existence of an out of band channel, may not be as
far fetched as it initially appears. Near
Field Communication (NFC) is a new very short range wireless connectivity
protocol that evolved from a combination of existing contactless identification
technologies. There are mobile phones currently available on the market that
have NFC capabilities, for example see the
Nokia 6131 NFC. As this, and other
similar technologies, become widely adopted, security protocols operating along
the design choices of Huskarl will be the preferred choice to other costly and
centralized approaches.
Huskarl's prototype implementation was developed on Linux using the BlueZ
Bluetooth protocol stack and OpenSSL. It is published under GPLv2 and is
hosted on SourceForge.