2.

explain logical link l2cap

Explain Bluetooth Security .
Bluetooth security issues are an important factor with any Bluetooth device or
system. As with any device these days that provide connectivity, security is an
important issue.
There are a number of Bluetooth security measures that can be incorporated into
Bluetooth devices to prevent various security threats that can be posed.
Bluetooth security supports authentication and encryption. Authentication verifies who is
at the other end of the link. Encryption ensures confidentiality of data. Even if a third
party hacks the data, it is in encrypted form and not in original form.
i. Pairing: When two devices communicate for the first time, there is a pairing procedure.
In this procedure, a secret key is generated. This key is shared by both the devices. It is
stored in each device. When the devices want to communicate in future, there is no
pairing procedure.
ii. Security modes of a device: There are three security modes to a device.

 Non-secure: A device will not initiate any security procedure.

 Service level enforced security: A device does not initiate security procedures
before channel establishment at the L2CAP level.
 Link level enforced security: A device initiates security procedures before link set
up at LMP is completed.
 Bluetooth Security Architecture

There are three basic means of providing Bluetooth security:

 Authentication: In this process the identity of the communicating devices

are verified. User authentication is not part of the main Bluetooth security
elements of the specification.
 Confidentiality: This process prevents information being eavesdropped by
ensuring that only authorised devices can access and view the data.
 Authorisation: This process prevents access by ensuring that a device is
authorised to use a service before enabling it to do so.

Security measures provided by the Bluetooth specifications

The various versions of the specifications detail four Bluetooth security modes. Each
Bluetooth device must operate in one of four modes:

 Bluetooth Security Mode 1: This mode is non-secure. The authentication

and encryption functionality is bypassed and the device is susceptible to
hacking. Bluetooth devices operation in Bluetooth Security Mode 1. Devices
operating like this do not employ any mechanisms to prevent other Bluetooth-
enabled devices from establishing connections. While it is easy to make
connections, security is an issue. It may be applicable to short range devices
operating in an area where other devices may not be present. Security Mode
1 is only supported up to Bluetooth 2.0 + EDR and not beyond.
 Bluetooth Security Mode 2: For this Bluetooth security mode, a centralised
security manager controls access to specific services and devices. The
Bluetooth security manager maintains policies for access control and
interfaces with other protocols and device users.

It is possible to apply varying trust levels and policies to restrict access for
applications with different security requirements, even when they operate in
parallel. It is possible to grant access to some services without providing
access to other services. The concept of authorisation is introduced in
Bluetooth security mode 2. Using this it is possible to determine if a specific
device is allowed to have access to a specific service.

Although authentication and encryption mechanisms are applicable to

Bluetooth Security Mode 2, they are implemented at the LMP layer (below
L2CAP).
 All Bluetooth devices can support Bluetooth Security Mode 2; however, v2.1
+ EDR devices can only support it for backward compatibility for earlier
devices.

 Bluetooth Security Mode 3: In Bluetooth Security Mode 3, the Bluetooth

device initiates security procedures before any physical link is established. In
this mode, authentication and encryption are used for all connections to and
from the device.

The authentication and encryption processes use a separate secret link key that
is shared by paired devices, once the pairing has been established.

Bluetooth Security Mode 3 is only supported in devices that conform to

Bluetooth 2.0 + EDR or earlier.

 Bluetooth Security Mode 4: Bluetooth Security Mode 4 was introduced at

Bluetooth v2.1 + EDR.

In Bluetooth Security Mode 4 the security procedures are initiated after link
setup. Secure Simple Pairing uses what are termed Elliptic Curve Diffie
Hellman (ECDH) techniques for key exchange and link key generation.

The algorithms for device authentication and encryption algorithms are the
same as those defined in Bluetooth v2.0 + EDR.

The security requirements for services protected by Security Mode 4 are as

follows:

o Authenticated link key required

o Unauthenticated link key required
o No security required

Whether or not a link key is authenticated depends on the Secure Simple

Pairing association model used. Bluetooth Security Mode 4 is mandatory for
communication between v2.1 + EDR devices.

Common Bluetooth security issues

There are a number of ways in which Bluetooth security can be penetrated, often
because there is little security in place. The major forms of Bluetooth security
problems fall into the following categories:

 Bluejacking: Bluejacking is often not a major malicious security problem,

although there can be issues with it, especially as it enables someone to get
their data onto another person's phone, etc. Bluejacking involves the sending
of a vCard message via Bluetooth to other Bluetooth users within the locality
- typically 10 metres. The aim is that the recipient will not realise what the
message is and allow it into their address book. Thereafter messages might be
automatically opened because they have come from a supposedly known
contact
 Bluebugging: This more of an issue. This form of Bluetooth security issue
allows hackers to remotely access a phone and use its features. This may
include placing calls and sending text messages while the owner does not
realise that the phone has been taken over.
 Car Whispering: This involves the use of software that allows hackers to
send and receive audio to and from a Bluetooth enabled car stereo system
In order to protect against these and other forms of vulnerability, the manufacturers
of Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth
security lapses do not arise with their products.

3. Explain Bluetooth Profile :

Profiles are definitions of possible applications and specify general behaviors

that Bluetooth® enabled devices use to communicate with other Bluetooth devices.
Profiles build on the Bluetooth standard to more clearly define what kind of data a
Bluetooth module is transmitting. The device’s application determines which
profiles it must support, from hands-free capabilities to heart rate sensors to alerts
and more.
For two Bluetooth devices to be compatible, they must support the same profiles.
And while profiles generally describe the same use case behaviors, they are
different for Bluetooth BR/EDR and Bluetooth Low Energy (LE) implementations.
Compatibility between Bluetooth BR/EDR and Bluetooth LE implementations
requires a dual-mode controller on at least one. For BR/EDR, a wide range of
adopted Bluetooth profiles describe many different, commonly used types of
applications or use cases for devices. For Bluetooth LE, developers can use a
comprehensive set of adopted profiles, or they can use Generic Attribute Profile
(GATT) to create new profiles. This flexibility helps support innovative new
applications that maintain interoperability with other Bluetooth devices.
Bluetooth profiles typically contain information such as dependencies on other
profiles and suggested user interface formats. For BR/EDR, the profile will also
specify the particular options and parameters at each layer of the Bluetooth
protocol stack used to perform its task. This may include, if appropriate, an outline
of the required service record.

• Represent default solutions for a certain usage model

• Vertical slice through the protocol stack
• Basis for interoperability
• Generic Access Profile
• Service Discovery Application Profile
• Cordless Telephony Profile
• Intercom Profile
• Serial Port Profile
• Headset Profile
• Dial-up Networking Profile
• Fax Profile
• LAN Access Profile
• Generic Object Exchange Profile
• Object Push Profile
• File Transfer Profile
• Synchronization Profile
• Advanced Audio Distribution
• PAN
• Audio Video Remote Control
• Basic Printing
• Basic Imaging
• Extended Service Discovery
• Generic Audio Video Distribution
• Hands Free
• Hardcopy Cable Replacement