Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Vulnerability Analysis of Bluetooth Communication based on GNU Radio

GNU Radio 기반 블루투스 통신 취약점 분석

  • Kim, Tae-Yong (Division of Computer Engineering, Dongseo University) ;
  • Lee, Hoon-Jae (Division of Computer Engineering, Dongseo University)
  • Received : 2016.10.30
  • Accepted : 2016.11.08
  • Published : 2016.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

In general, automatic access control management system using smart door-lock must be always exposed to security vulnerability during wireless communication based on Bluetooth. In particular, important information such as a secrete key can be exposed to the attacker when the authentication protocol has been operating in the wireless section. Therefore important information exchanged in the radio section needs to be properly encrypted. In order to analyze security vulnerability for automatic access control management system of public facilities such as subway vent, GNU Radio platform and HackRF device will be considered and experimented. Proposed experimental system to perform software based power analysis attack could be very effectively applied. As a result, important information such as packet type, CRC, length of data, and data value can be easily decoded from wireless packet obtained from HackRF device on GNU Radio platform. Constructed experimental system will be applied to avoid some security problems.

일반적으로 스마트 도어락을 이용한 공공 시설물 관리 시스템은 블루투스 무선 통신 구간에서 항상 보안 취약점을 가지게 된다. 특히 인증 절차 과정에서 비밀키와 같은 중요한 정보를 교환할 때는 주로 무선 구간에서 공격자에 노출될 위험이 높다. 그러므로 무선 구간에서 교환되는 정보는 적절하게 암호화되어 전송될 필요가 있다. 지하철 환기구와 같은 공공 시설물 관리 시스템의 보안 취약점을 분석하기 위해서 GNU Radio 플랫폼과 HackRF 장비의 도입을 통해 소프트웨어적 전력분석 공격이 효율적으로 수행 가능함을 확인하였다. 실험장비를 통해 얻어진 무선 패킷은 패킷 타입, CRC, 데이터 길이 및 데이터 등으로 간단하게 디코딩할 수 있으며 이는 보안취약점 개선에 활용될 예정이다.

Keywords

References

  1. Bluetooth SIG official site. [Internet]. Available: http://www.bluetooth.org/.
  2. GNU Radio site. [Internet]. Available: http://gnuradio.org/.
  3. T. Y. Kim and D. S. Lee, "System design for access to subway vent based bluetooth smart door-lock," in Proceeding of the 40th Annual Conference of KIICE, pp. 63-65, October 2016.
  4. S. T. Bae and J. K. Kim, "IoT development and security paradigm," KISTEP R&D InI, vol. 14, pp. 44-57, 2016.
  5. P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," Advances in Cryptology, CRYPTO'99, LNCS 1666, pp. 388-397, August 1999.
  6. P. Kocher et al., "Introduction to differential power analysis," Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5-27, April 2006. https://doi.org/10.1007/s13389-011-0006-y
  7. Y. G. Park, H. R. Kim, H. J. Lee, D. C. Park, and U. Y. Pak, "A software power analysis countermeasure using secrete intermediate key," Journal of the Korea Institute of Information and Communication Engineering, vol. 17, no. 12, pp.2883-2890, December 2013. https://doi.org/10.6109/jkiice.2013.17.12.2883
  8. T. Y. Kim and H. J. Lee, "Software power analysis countermeasure using GNU Radio antenna," in Proceeding of the 40th Annual Conference of KIICE, pp. 70-71, October 2016.