Security by Design

The technologies of computer security are based on logic. There is no universal standard notion of what secure behavior is. "Security" is a concept that is unique to each situation. Security is extraneous to the function of a computer application, rather than ancillary to it, thus security necessarily imposes restrictions on the application's behavior.

There are several approaches to security in computing, sometimes a combination of approaches is valid:

1. Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).
2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).
3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
4. Trust no software but enforce a security policy with trustworthy mechanisms.

Many systems unintentionally result in the first possibility. Approaches one and three lead to failure. Since approach two is expensive and non-deterministic, its use is very limited. Because approach number four is often based on hardware mechanisms and avoid abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of approaches two and four are often used in a layered architecture with thin layers of two and thick layers of four.

There are myriad strategies and techniques used to design security systems. There are few, if any, effective strategies to enhance security after design.

One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the system, fine-grained security ensures that it is just as difficult for them to access the rest.

Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution to security that works well when only a single well-characterized property can be isolated as critical, and that property is also assessable to math. Not surprisingly, it is impractical for generalized correctness, which probably cannot even be defined, much less proven. Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure.

The design should use "defense in depth", where more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. Defense in depth works when the breaching of one security measure does not provide a platform to facilitate subverting another. Also, the cascading principle acknowledges that several low hurdles does not make a high hurdle. So cascading several weak mechanisms does not provide the safety of a single stronger mechanism.

Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.

In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.

Early history of security by Design

The early Multics operating system was notable for its early emphasis on computer security by design, and Multics was possibly the very first operating system to be designed as a secure system from the ground up. In spite of this, Multics' security was broken, not once, but repeatedly. The strategy was known as 'penetrate and test' and has become widely known as a non-terminating process that fails to produce computer security. This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate.

Secure Coding

If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection.

Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.

Recently another bad coding practise has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.

In summary, 'secure coding' can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of 'secure coding.'

Secure Operating Systems

One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is almost inactive today, perhaps because it is complex or not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.

Systems designed with such methodology represent the state of the art of computer security and the capability to produce them is not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information and military secrets. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security capability (as Protection Profile) and assurance levels (as EAL levels.) None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under the Common Criteria.

Computer Security

Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers. The definition of 'secure' varies by application, and is typically defined implicitly or explicitly by a security policy that addresses confidentiality, integrity and availability of electronic information that is processed by or stored on computer systems.

The traditional approach is to create a trusted security kernel that exploits special-purpose hardware mechanisms in the microprocessor to constrain the operating system and the application programs to conform to the security policy. These systems can isolate processes and data to specifier domains and restrict access and privileges of users. This approach avoids trusting most of the operating system and applications.

In addition to restricting actions to a secure subset, a secure system should still permit authorized users to carry out legitimate and useful tasks. It might be possible to secure a computer against misuse using extreme measures:

“

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

”

Eugene H. Spafford, director of the Purdue Center for Education and Research in Information Assurance and Security.

It is important to distinguish the techniques used to increase a system's security from the issue of that system's security status. In particular, systems which contain fundamental flaws in their security designs cannot be made secure without compromising their usability.^{[citation needed]} Most computer systems cannot be made secure even after the application of extensive "computer security" measures. Furthermore, if they are made secure, functionality and ease of use often decreases.

Computer security can also be seen as a subfield of security engineering, which looks at broader security issues in addition to computer security.

Network Tomography

Network tomography is the study of a network's internal characteristics using information derived from end point data. The word tomography is used to link the field, in concept, to other processes that infer the internal characteristics of an object from external observation, as is done in magnetic resonance imaging or positron emission tomography. The field is a recent development in electrical engineering and computer science, founded in 1996. Network tomography advocates that it is possible to map the path data takes through the Internet by examining information from "edge nodes," the computers where data is originated and requested from.

The field is useful for engineers attempting to develop more efficient computer networks. Data derived from network tomography studies can be used to increase quality of service by limiting link packet loss and increasing routing optimiztion.

Internalnet

An internalnet is a computer network composed of devices inside and on the human body. Such a system could be used to link nanochondria, bionic implants, wearable computers, and other devices.

Interfaces and their use in Ambient Network

The ACS (Ambient Control Space) is the internal of an Ambient Network. It has the functions that can be accessed and it is in full control of the resources of the network. The Ambient Networks infrasturcture does not deal with nodes, instead it deals with networks, though at the beginning, all the "networks" might only consist of just one node: these "networks" need to merge in order to form a network in the original sense of the word. A composition establishment consists of the negotiation and then the realization of a Composition Agreement. This merging can happen be fully automatic. The decision to merge or not is decided using pre-configured policies.

There are three interfaces present to communicate with an ACS. These are:

• ANI: Ambient Network Interface. If a network wants to join in, it has to do so through this interface.
• ASI: Ambient Service Interface. If a function needs to be accessed inside the ACS, this Interface is used.
• ARI: Ambient Resource Interface. If a resource inside a network needs to be accessed (e.g. the volume of the traffic), this interface is used.

Interfaces are used in order to hide the internal structures of the underlying network.

If two networks meet, and decide to merge, a new ACS will be formed of the two (though the two networks will have their own ACS along with the interfaces inside this global, new ACS). The newly composed ACS will of course have its own ANI, ASI and ARI, and will use these interfaces in order to merge with other Ambient Networks. Other options for composition are to not merge the two Ambient Networks (Network Interworking) or to establish a new virtual ACS that exercises joint control over a given set of shared resources (Control Sharing).

The Ambient Networks Project

The Ambient Networks is a large-scale collaborative project within the European Union's Sixth Framework Program that investigates future communications systems beyond today's fixed and 3rd generation mobile networks. It is part of the Wireless World Initiative. The project works at a new concept called Ambient Networking, to provide suitable mobile networking technology for the future mobile and wireless communications environment. Ambient Networks aims to provide a unified networking concept that can adapt to the very heterogeneous environment of different radio technologies and service and network environments. Special focus is put on facilitating both competition and cooperation of various market players by defining interfaces, which allow the instant negotiation of agreements. This approach goes clearly beyond interworking of well-defined protocols and is expected to have a long-term effect on the business landscape in the Wireless World. Central to the project is the concept of composition of networks, which is an approach to address the dynamic nature of the target environment. The approach is based on an open framework for network control functionality, which can be extended with new capabilities as well as operating over existing connectivity infrastructure.

• Phase 1 of the project (2004-2005) has laid the conceptual foundations. The Deliverable D1-5 "Ambient Networks Framework Architecture" summarizes the work from phase 1 and provides links to other relevant material.
• Ambient Networks Phase 2 (2006-2007) focuses on validation aspects. One key result of phase 2 is an integrated prototype that will be used to study the feasibility of the Ambient Networks concept for a number of typical network scenarios. The ACS prototype will be used to iteratively test the components developed by the project in a real implementation. In parallel, the top-down work is being continued which will lead to a refined System Specification. This document, referred to as the System Description, is available on the Ambient Networks website. Furthermore, standardization of the composition concept is addressed in 3GPP.

Ambient Network

Ambient Networks is a network integration solution to the modern-day problems of switching from one network to the other in order to keep in contact with the outside world. This project aims to develop a network software-driven infrastructure that will run on top of all current or future network physical infrastructures to provide a way for devices to connect to each other, and through each other to the outside world.

The concept of Ambient Networks comes from the IST Ambient Network project, which is a research project sponsored by the European Commission within the Sixth Framework Programme (FP6).

History of ZigBee

• ZigBee-style networks began to be conceived about 1998, when many installers realized that both WiFi and Bluetooth were going to be unsuitable for many applications. In particular, many engineers saw a need for self-organizing ad-hoc digital radio networks.
• The IEEE 802.15.4 standard was completed in May 2003.
• In the summer of 2003, Philips Semiconductors, a major mesh network supporter, ceased its investment. Philips Lighting has, however, continued Philips' participation, and Philips remains a promoter member on the ZigBee Alliance Board of Directors.
• The ZigBee Alliance announced in October 2004 that its membership had more than doubled in the preceding year and had grown to more than 100 member companies, in 22 countries. By April 2005 membership had grown to more than 150 companies, and by December 2005 membership had passed 200 companies.
• The ZigBee specifications were ratified on 14 December 2004.
• The ZigBee Alliance announces public availability of Specification 1.0 on 13 June 2005, known as ZigBee 2004 Specification.
• The ZigBee Alliance announces the completion and immediate member availability of its enhanced version of the ZigBee Standard in September 2006, known as ZigBee 2006 Specification.

Protocols in ZigBee

The protocols build on recent algorithmic research (Ad-hoc On-demand Distance Vector, neuRFon) to automatically construct a low-speed ad-hoc network of nodes. In most large network instances, the network will be a cluster of clusters. It can also form a mesh or a single cluster. The current profiles derived from the ZigBee protocols support beacon and non-beacon enabled networks.

In non beacon-enabled networks (those whose beacon order is 15), an unslotted CSMA/CA channel access mechanism is used. In this type of network ZigBee Routers typically have their receivers continuously active, requiring a more robust power supply. However, this allows for heterogeneous networks in which some devices receive continuously, while others only transmit when an external stimulus is detected. The typical example of a heterogeneous network is a wireless light switch: the ZigBee node at the lamp may receive constantly, since it's connected to the mains supply, while a battery-powered light switch would remain asleep until the switch is thrown. The switch then wakes up, sends a command to the lamp, receives an acknowledgment, and returns to sleep. In such a network the lamp node will be at least a ZigBee Router, if not the ZigBee Coordinator; the switch node is typically a ZigBee End Device.

In beacon-enabled networks, the special network nodes called ZigBee Routers transmit periodic beacons to confirm their presence to other network nodes. Nodes may sleep between beacons, thus lowering their duty cycle and extending their battery life. Beacon intervals may range from 15.36 milliseconds to 15.36 ms * 2¹⁴ = 251.65824 seconds at 250 kbit/s, from 24 milliseconds to 24 ms * 2¹⁴ = 393.216 seconds at 40 kbit/s and from 48 milliseconds to 48 ms * 2¹⁴ = 786.432 seconds at 20 kbit/s. However, low duty cycle operation with long beacon intervals requires precise timing which can conflict with the need for low product cost.

In general, the ZigBee protocols minimize the time the radio is on so as to reduce power use. In beaconing networks, nodes only need to be active while a beacon is being transmitted. In non-beacon enabled networks, power consumption is decidedly asymmetrical: some devices are always active, while any others present spend most of their time sleeping.

ZigBee devices are required to conform to the IEEE 802.15.4-2003 Low-Rate Wireless Personal Area Network (WPAN) standard. The standard specifies its lower protocol layers—the physical layer (PHY), and the medium access control (MAC) portion of the data link layer (DLL). This standard specifies operation in the unlicensed 2.4 GHz, 915 MHz and 868 MHz ISM bands. In the 2.4 GHz band there are 16 ZigBee channels, with each channel requiring 5 MHz of bandwidth. The center frequency for each channel can be calculated as, F_C = (2405 + 5*(k-11)) MHz, where k = 11, 12, ..., 26.

The radios use direct-sequence spread spectrum coding, which is managed by the digital stream into the modulator. BPSK is used in the 868 and 915 MHz bands, and orthogonal QPSK that transmits two bits per symbol is used in the 2.4 GHz band. The raw, over-the-air data rate is 250 kbit/s per channel in the 2.4 GHz band, 40 kbit/s per channel in the 915 MHz band, and 20 kbit/s in the 868 MHz band. Transmission range is between 10 and 75 meters (33~246 feet), although it is heavily dependent on the particular environment. The maximum output power of the radios is generally 0 dBm (1 mW).

The basic channel access mode specified by IEEE 802.15.4-2003 is "carrier sense, multiple access/collision avoidance" (CSMA/CA). That is, the nodes talk in the same way that people converse; they briefly check to see that no one is talking before they start. There are three notable exceptions to the use of CSMA. Beacons are sent on a fixed timing schedule, and do not use CSMA. Message acknowledgements also do not use CSMA. Finally, devices in Beacon Oriented networks that have low latency real-time requirements may also use Guaranteed Time Slots (GTS) which by definition do not use CSMA.

Device types of ZigBee

There are three different types of ZigBee device:

• ZigBee coordinator(ZC): The most capable device, the coordinator forms the root of the network tree and might bridge to other networks. There is exactly one ZigBee coordinator in each network since it is the device that started the network originally. It is able to store information about the network, including acting as the Trust Centre & repository for security keys.
• ZigBee Router (ZR): As well as running an application function a router can act as an intermediate router, passing data from other devices.
• ZigBee End Device (ZED): Contains just enough functionality to talk to its parent node (either the coordinator or a router); it cannot relay data from other devices. This relationship allows the node to be asleep a significant amount of the time thereby giving you the much quoted long battery life. A ZED requires the least amount of memory, and therefore can be less expensive to manufacture than a ZR or ZC.

Uses of ZigBee

ZigBee protocols are intended for use in embedded applications requiring low data rates and low power consumption. ZigBee's current focus is to define a general-purpose, inexpensive, self-organizing, mesh network that can be used for industrial control, embedded sensing, medical data collection, smoke and intruder warning, building automation, home automation, etc. The resulting network will use very small amounts of power so individual devices might run for a year or two using the originally installed battery.

Overview of ZigBee

The relationship between IEEE 802.15.4-2003 and ZigBee is similar to that between IEEE 802.11 and the Wi-Fi Alliance. The ZigBee 1.0 specification was ratified on December 14, 2004 and is available to members of the ZigBee Alliance. An entry level membership, called Adopter, in the ZigBee Alliance costs US$ 3500 annually and provides access to the specifications and permission to create products for market using the specifications. For non-commercial purposes, the ZigBee specification is available to the general public at the ZigBee Specification Download Request. Most recently, the ZigBee 2006 specification was posted in December 2006.

ZigBee operates in the industrial, scientific and medical (ISM) radio bands; 868 MHz in Europe, 915 MHz in countries such as USA and Australia, and 2.4 GHz in most jurisdictions worldwide. The technology is intended to be simpler and cheaper than other WPANs such as Bluetooth. The most capable ZigBee node type is said to require only about 10% of the software of a typical Bluetooth or Wireless Internet node, while the simplest nodes are about 2%^{[citation needed]}. However, actual code sizes are much higher, closer to 50% of Bluetooth code size^{[citation needed]}. ZigBee chip vendors have announced 128-kilobyte devices.^{[citation needed]}

As of 2006, the retail price of a Zigbee-compliant transceiver is approaching $1, and the price for one radio, processor, memory package is about $3.Comparatively, before Bluetooth was launched (1998) it had a projected price, in high volumes, of $4 - $6^{[citation needed]}; the price of consumer-grade Bluetooth chips is now under $3.

First stack release is now called "Zigbee 2004". The 2nd stack release (today, 26 June 2007, the current public one) is called 2006, and mainly replaces the MSG/KVP structure used in 2004 with a "cluster library". The 2004 stack is now more or less obsolete. The ZigBee Alliance has started work on ZigBee 2007, looking to extend the ZigBee 2006 specification capabilities, the main enhancements are optimising certain network level functionality (such as data aggregation). There are also some new application profiles like Automatic Meter Reading, Commercial building automation and home automation based on the "cluster library principle".

Zigbee 2007 is sometimes called "Pro", but Pro is a stack profile, which defines certain stack settings and mandatory features.

ZigBee 2007 at the network level is not backwards-compatible with ZigBee 2004/2006, although a ZigBee 2004/2006 RFD node can join a 2007 network, and vice-versa. It's not possible to mix 2004/2006 routers with 2007 routers/coordinator.

ZigBee

ZigBee is the name of a specification for a suite of high level communication protocols using small, low-power digital radios based on the IEEE 802.15.4 standard for wireless personal area networks (WPANs), such as wireless headphones connecting with cell phones via short-range radio. The technology is intended to be simpler and cheaper than other WPANs, such as Bluetooth. ZigBee is targeted at radio-frequency (RF) applications which require a low data rate, long battery life, and secure networking.

Bluetooth Special Interest Group

In 1998, Ericsson, IBM, Intel, Toshiba, and Nokia, formed a consortium and adopted the code name Bluetooth for their proposed open specification. In December 1999, 3Com, Lucent Technologies, Microsoft, and Motorola joined the initial founders as the promoter of Bluetooth Special Interest Group (SIG). Since that time, Lucent Technologies transferred their membership to their spinoff Agere Systems, and 3Com has left the promoter group. Agere Systems was later merged with LSI Corporation and left the Bluetooth promoters group in August 2007.

The Bluetooth Special Interest Group (SIG) is a privately held, not-for-profit trade association with headquarters in Bellevue, Washington. As of September 2007 the SIG is composed of over 9,000 member companies that are leaders in the telecommunications, computing, automotive, music, apparel, industrial automation, and network industries, and a small group of dedicated staff in Hong Kong, Sweden, and the USA. SIG members drive the development of Bluetooth wireless technology, and implement and market the technology in their products varying from mobile phones to printers. The Bluetooth SIG itself does not make, manufacture, or sell Bluetooth enabled products.

Origin of the name and the logo of Bluetooth

Bluetooth was named after a late tenth century king, Harald Bluetooth, King of Denmark and Norway. He is known for his unification of previously warring tribes from Denmark (including now Swedish Scania, where the Bluetooth technology was invented), and Norway. Bluetooth likewise was intended to unify different technologies, such as computers and mobile phones.

The name may have been inspired less by the historical Harald than the loose interpretation of him in The Long Ships by Frans Gunnar Bengtsson, a Swedish Viking-inspired novel.

The Bluetooth logo merges the Germanic runes analogous to the modern Latin letter H and B: (Hagall) and (Berkanan) merged together, forming a bind rune.

Technical Information

Communication and connection

A master Bluetooth device can communicate with up to seven devices. This network group of up to eight devices is called a piconet.

A piconet is an ad-hoc computer network, using Bluetooth technology protocols to allow one master device to interconnect with up to seven active devices. Up to 255 further devices can be inactive, or parked, which the master device can bring into active status at any time.

At any given time, data can be transferred between the master and one other device, however, the devices can switch roles and the slave can become the master at any time. The master switches rapidly from one device to another in a round-robin fashion. (Simultaneous transmission from the master to multiple other devices is possible, but not used much.)

Bluetooth specification allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role and the slave role in one piconet. These devices are planned for 2007.

Many USB Bluetooth adapters are available, some of which also include an IrDA adapter. Older (pre-2003) Bluetooth adapters, however, have limited services, offering only the Bluetooth Enumerator and a less-powerful Bluetooth Radio incarnation. Such devices can link computers with Bluetooth, but they do not offer much in the way of services that modern adapters do.

Setting up connections

Any Bluetooth device will transmit the following sets of information on demand:

• Device name.
• Device class.
• List of services.
• Technical information, for example, device features, manufacturer, Bluetooth specification, clock offset.

Any device may perform an inquiry to find other devices to which to connect, and any device can be configured to respond to such inquiries. However, if the device trying to connect knows the address of the device, it always responds to direct connection requests and transmits the information shown in the list above if requested. Use of device services may require pairing or acceptance by its owner, but the connection itself can be started by any device and held until it goes out of range. Some devices can be connected to only one device at a time, and connecting to them prevents them from connecting to other devices and appearing in inquiries until they disconnect from the other device.

Every device has a unique 48-bit address. However these addresses are generally not shown in inquiries. Instead, friendly Bluetooth names are used, which can be set by the user. This name appears when another user scans for devices and in lists of paired devices.

Most phones have the Bluetooth name set to the manufacturer and model of the phone by default. Most phones and laptops show only the Bluetooth names and special programs that are required to get additional information about remote devices. This can be confusing as, for example, there could be several phones in range named T610 (see Bluejacking).

Pairing

Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a passkey. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in. The encryption can, however, be turned off, and passkeys are stored on the device file system, not on the Bluetooth chip itself. Since the Bluetooth address is permanent, a pairing is preserved, even if the Bluetooth name is changed. Pairs can be deleted at any time by either device. Devices generally require pairing or prompt the owner before they allow a remote device to use any or most of their services. Some devices, such as Sony Ericsson phones, usually accept OBEX business cards and notes without any pairing or prompts.

Certain printers and access points allow any device to use its services by default, much like unsecured Wi-Fi networks. Pairing algorithms are sometimes manufacturer-specific for transmitters and receivers used in applications such as music and entertainment.

Air interface

The protocol operates in the license-free ISM band at 2.4-2.4835 GHz. To avoid interfering with other protocols that use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR) and reach 2.1 Mbit/s. Technically, version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing power consumption to half that of 1.x devices (assuming equal traffic load).

Security

Bluetooth implements confidentiality, authentication and key derivation with custom algorithms based on the SAFER+ block cipher. In Bluetooth, key generation is generally based on a Bluetooth PIN, which has to be entered into both devices. This procedure might get modified slightly, if one of the devices has a fixed PIN, which is the case e.g. for headsets or similar devices with a restricted user interface. Foremost, an initialization key or master key is generated, using the E22 algorithm.

The E0 stream cipher is used for encrypting packets, granting confidentiality and is based on a shared cryptographic secret, namely a previously generated link key or master key. Those keys, used for subsequent encryption of data sent via the air interface, hardly rely on the Bluetooth PIN, which has been entered into one or both devices.

A demonstration of this reduction has been put effort in by Y. Shaked and A. Wool in . An overview of the most important vulnerabilities and the most common exploits to those

TYPES OF BLUETOOTH

Bluetooth 1.0 and 1.0B

Versions 1.0 and 1.0B had many problems, and manufacturers had difficulties making their products interoperable. Versions 1.0 and 1.0B also had mandatory Bluetooth hardware device address (BD_ADDR) transmission in the Connecting process, rendering anonymity impossible at a protocol level, which was a major setback for certain services planned to be used in Bluetooth environments.

Bluetooth 1.1

• Ratified as IEEE Standard 802.15.1-2002.
• Many errors found in the 1.0B specifications were fixed.
• Added support for non-encrypted channels.
• Received Signal Strength Indicator (RSSI).

Bluetooth 1.2

This version is backward-compatible with 1.1 and the major enhancements include the following:

• Faster Connection and Discovery
• Adaptive frequency-hopping spread spectrum (AFH), which improves resistance to radio frequency interference by avoiding the use of crowded frequencies in the hopping sequence.
• Higher transmission speeds in practice, up to 721 kbit/s, as in 1.1.
• Extended Synchronous Connections (eSCO), which improve voice quality of audio links by allowing retransmissions of corrupted packets.
• Host Controller Interface (HCI) support for three-wire UART.
• Ratified as IEEE Standard 802.15.1-2005.

Bluetooth 2.0

This version, specified on 10th November 2004, is backward-compatible with 1.1. The main enhancement is the introduction of an Enhanced Data Rate (EDR) of 3.0 Mbit/s. This has the following effects:

• Three times faster transmission speed—up to 10 times in certain cases (up to 2.1 Mbit/s).
• Lower power consumption through a reduced duty cycle.
• Simplification of multi-link scenarios due to more available bandwidth.

The practical data transfer rate is 2.1 megabits per second and the basic signalling rate is about 3 megabits per second.

The "Bluetooth 2.0 + EDR" specification given at the Bluetooth Special Interest Group (SIG) includes EDR and there is no specification "Bluetooth 2.0" as used by many vendors. The HTC TyTN pocket PC phone, shows "Bluetooth 2.0 without EDR" on its data sheet and another source states Bluetooth 2.0 without EDR is equivalent to version 1.2 with additional bug fixes. In many cases it is not clear whether a product claiming to support "Bluetooth 2.0" actually supports the EDR higher transfer rate.

Bluetooth 2.1

Bluetooth Core Specification Version 2.1 is fully backward-compatible with 1.1, and was adopted by the Bluetooth SIG on August 1, 2007. This specification includes the following features:

• Extended inquiry response: provides more information during the inquiry procedure to allow better filtering of devices before connection. This information includes the name of the device, a list of services the device supports, as well as other information like the time of day, and pairing information.

• Sniff subrating: reduces the power consumption when devices are in the sniff low-power mode, especially on links with asymmetric data flows. Human interface devices (HID) are expected to benefit the most, with mouse and keyboard devices increasing the battery life by a factor of 3 to 10.

• Encryption Pause Resume: enables an encryption key to be refreshed, enabling much stronger encryption for connections that stay up for longer than 23.3 hours (one Bluetooth day).

• Secure Simple Pairing: radically improves the pairing experience for Bluetooth devices, while increasing the use and strength of security. It is expected that this feature will significantly increase the use of Bluetooth.

• NFC cooperation: automatic creation of secure Bluetooth connections when NFC radio interface is also available. For example, a headset should be paired with a Bluetooth 2.1 phone including NFC just by bringing the two devices close to each other (a few centimeters). Another example is automatic uploading of photos from a mobile phone or camera to a digital picture frame just by bringing the phone or camera close to the frame .

Future of Bluetooth

• Broadcast Channel: enables Bluetooth information points. This will drive the adoption of Bluetooth into cell phones, and enable advertising models based around users pulling information from the information points, and not based around the object push model that is used in a limited way today.

• Topology Management: enables the automatic configuration of the piconet topologies especially in scatternet situations that are becoming more common today. This should all be invisible to the users of the technology, while also making the technology just work.

• Alternate MAC PHY: enables the use of alternative MAC and PHY's for transporting Bluetooth profile data. The Bluetooth Radio will still be used for device discovery, initial connection and profile configuration, however when lots of data needs to be sent, the high speed alternate MAC PHY's will be used to transport the data. This means that the proven low power connection models of Bluetooth are used when the system is idle, and the low power per bit radios are used when lots of data needs to be sent.

• QoS improvements: enable audio and video data to be transmitted at a higher quality, especially when best effort traffic is being transmitted in the same piconet.

Bluetooth technology already plays a part in the rising Voice over IP (VOIP) scene, with Bluetooth headsets being used as wireless extensions to the PC audio system. As VOIP becomes more popular, and more suitable for general home or office users than wired phone lines, Bluetooth may be used in cordless handsets, with a base station connected to the Internet link.

High speed Bluetooth

On 28 March 2006, the Bluetooth Special Interest Group announced its selection of the WiMedia Alliance Multi-Band Orthogonal Frequency Division Multiplexing (MB-OFDM) version of UWB for integration with current Bluetooth wireless technology.

UWB integration will create a version of Bluetooth wireless technology with a high-speed/high-data-rate option. This new version of Bluetooth technology will meet the high-speed demands of synchronizing and transferring large amounts of data, as well as enabling high-quality video and audio applications for portable devices, multi-media projectors and television sets, and wireless VOIP.

At the same time, Bluetooth technology will continue catering to the needs of very low power applications such as mice, keyboards, and mono headsets, enabling devices to select the most appropriate physical radio for the application requirements, thereby offering the best of both worlds.

Bluetooth 3.0

The next version of Bluetooth after v2.1, code-named Seattle (the version number of which is TBD) has many of the same features, but is most notable for plans to adopt ultra-wideband (UWB) radio technology. This will allow Bluetooth use over UWB radio, enabling very fast data transfers of up to 480 Mbit/s, while building on the very low-power idle modes of Bluetooth.

Ultra Low Power Bluetooth

On June 12, 2007, Nokia and Bluetooth SIG announced that Wibree will be a part of the Bluetooth specification as an ultra low power Bluetooth technology. Expected use cases include watches displaying Caller ID information, sports sensors monitoring your heart rate during exercise, as well as medical devices. The Medical Devices Working Group is also creating a medical devices profile and associated protocols to enable this market.

Bluetooth Specifications and features

The Bluetooth specification was developed in 1994 by Jaap Haartsen and Sven Mattisson, who were working for Ericsson Mobile Platforms in Lund, Sweden. The specification is based on frequency-hopping spread spectrum technology.

The specifications were formalized by the Bluetooth Special Interest Group (SIG), organised by Mohd Syarifuddin. The SIG was formally announced on May 20, 1998. Today it has over 7000 companies worldwide. It was established by Ericsson, Sony Ericsson, IBM, Intel, Toshiba, and Nokia, and later joined by many other companies.

Operating system support for Bluetooth

Apple has supported Bluetooth since Mac OS X version 10.2 released in 2002.

Of Microsoft platforms, Windows XP Service Pack 2 and later releases have native support for Bluetooth. Previous versions required the users to install their Bluetooth adapter's own drivers, which was not directly supported by Microsoft.^[5] Microsoft's own Bluetooth dongles (that are packaged with their Bluetooth computer devices) have no external drivers and thus require at least Windows XP Service Pack 2.

Linux provides two Bluetooth stacks, with the BlueZ stack included with most Linux kernels. It was originally developed by Qualcomm and Affix. BlueZ supports all core Bluetooth protocols and layers.

Wi-Fi

Wi-Fi is more like traditional Ethernet networks, and requires configuration to set up shared resources, transmit files, and to set up audio links (for example, headsets and hands-free devices). It uses the same radio frequencies as Bluetooth, but with higher power output resulting in a stronger connection. Wi-Fi is sometimes called "wireless Ethernet." This description is accurate as it also provides an indication of its relative strengths and weaknesses. Wi-Fi requires more setup, but is better suited for operating full-scale networks because it enables a faster connection, better range from the base station, and better security than Bluetooth.

Bluetooth

Bluetooth exists in many products, such as phones, printers, modems and headsets. The technology is useful when transferring information between two or more devices that are near each other in low-bandwidth situations. Bluetooth is commonly used to transfer sound data with phones (i.e. with a Bluetooth headset) or byte data with hand-held computers (transferring files).

Bluetooth simplifies the discovery and setup of services between devices. Bluetooth devices advertise all of the services they provide. This makes using services easier because there is no longer a need to setup network addresses or permissions as in many other networks.

Bluetooth vs. Wi-Fi in Networking

Bluetooth and Wi-Fi have slightly different applications in today's offices, homes, and on the move: setting up networks, printing, or transferring presentations and files from PDAs to computers. Both are versions of unlicensed spread spectrum technology.

Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances, but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. Bluetooth is often thought of as wireless USB, whereas Wi-Fi is wireless Ethernet, both operating at much lower bandwidth than the cable systems they are trying to replace. However, this analogy is not entirely accurate since any Bluetooth device can, in theory, host any other Bluetooth device—something that is not universal to USB devices, therefore it would resemble more a wireless FireWire.

Uses of Bluetooth

Bluetooth is a standard and communications protocol primarily designed for low power consumption, with a short range (power-class-dependent: 1 meter, 10 meters, 100 meters) based on low-cost transceiver microchips in each device.

Bluetooth enables these devices to communicate with each other when they are in range. The devices use a radio communications system, so they do not have to be in line of sight of each other, and can even be in other rooms, as long as the received transmission is powerful enough.

Class	Maximum Permitted Power (mW/dBm)	Range (approximate)
Class 1	100 mW (20 dBm)	~100 meters
Class 2	2.5 mW (4 dBm)	~10 meters
Class 3	1 mW (0 dBm)	~1 meter

It has to be noted that in most cases the effective range of class 2 devices is extended if they connect to a class 1 transceiver, compared to pure class 2 network. This is accomplished by higher sensitivity and transmitter power of the Class 1 device. The higher transmitter power of Class 1 device allows higher power to be received by the Class 2 device. Furthermore, higher sensitivity of Class 1 device allows reception of much lower transmitted power of the Class 2 devices. Thus, allowing operation of Class 2 devices at much higher distances. Devices that use a power amplifier on the transmit, have improved receive sensitivity, and highly optimized antennas are available that routinely achieve ranges of 1km within the Bluetooth Class 1 standard.

Version	Data Rate
Version 1.2	1 Mbit/s
Version 2.0 + EDR	3 Mbit/s
WiMedia Alliance (proposed)	53 - 480 Mbit/s

Bluetooth

Bluetooth is an industrial specification for wireless personal area networks (PANs). Bluetooth provides a way to connect and exchange information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a secure, globally unlicensed short-range radio frequency. The Bluetooth specifications are developed and licensed by the Bluetooth Special Interest Group.

PAN Technology

A Bluetooth PAN is also called a piconet, and is composed of up to 8 active devices in a master-slave relationship (a very large number of devices can be connected in "parked" mode). The first Bluetooth device in the piconet is the master, and all other devices are slaves that communicate with the master. A piconet typically has a range of 10 meters, although ranges of up to 100 meters can be reached under ideal circumstances.

Recent innovations in Bluetooth antennas have allowed these devices to greatly exceed the range for which they were originally designed. At DEF CON 12, a group of hackers known as "Flexilis" successfully connected two Bluetooth devices more than half a mile (800 m) away. They used an antenna with a scope and Yagi antenna, all attached to a rifle stock. A cable attached the antenna to a Bluetooth card in a computer. They later named the antenna "The BlueSniper."

Skinplex, another PAN technology, transmits via the capacitive near field of human skin. Skinplex can detect and communicate up to one meter from a human body. It is already used for access control for door locks and jamming protection in convertible car roofs.

Personal Area Network (PAN)

A personal area network (PAN) is a computer network used for communication among computer devices (including telephones and personal digital assistants) close to one person. The devices may or may not belong to the person in question. The reach of a PAN is typically a few meters. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink).

Personal area networks may be wired with computer buses such as USB and FireWire. A wireless personal area network (WPAN) can also be made possible with network technologies such as IrDA, Bluetooth, UWB, and ZigBee.

Types of Wireless LANs

Peer-to-Peer

Peer-to-Peer or ad-hoc wireless LAN

A peer-to-peer (P2P) allows wireless devices to directly communicate with each other. Wireless devices within range of each other can discover and communicate directly without involving central access points. This method is typically used by two computers so that they can connect to each other to form a network.

If a signal strength meter is used in this situation, it may not read the strength accurately and can be misleading, because it registers the strength of the strongest signal, which may be the closest computer.

802.11 specs define the physical layer (PHY) and MAC (Media Access Control) layers. However, unlike most other IEEE specs, 802.11 includes three alternative PHY standards: diffuse infrared operating at 1 Mbit/s in; frequency-hopping spread spectrum operating at 1 Mbit/s or 2 Mbit/s; and direct-sequence spread spectrum operating at 1 Mbit/s or 2 Mbit/s. A single 802.11 MAC standard is based on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). The 802.11 specification includes provisions designed to minimize collisions. Because two mobile units may both be in range of a common access point, but not in range of each other. The 802.11 has two basic modes of operation: Ad hoc mode enables peer-to-peer transmission between mobile units. Infrastructure mode in which mobile units communicate through an access point that serves as a bridge to a wired network infrastructure is the more common wireless LAN application the one being covered. Since wireless communication uses a more open medium for communication in comparison to wired LANs, the 802.11 designers also included a shared-key encryption mechanism, called wired equivalent privacy (WEP), or Wi-Fi Protected Access, (WPA, WPA2) to secure wireless computer networks.

Bridge

A bridge can be used to connect networks, typically of different types. A wireless Ethernet bridge allows the connection of devices on a wired Ethernet network to a wireless network. The bridge acts as the connection point to the Wireless LAN.

Wireless distribution system

When it is difficult to connect all of the access points in a network by wires, it is also possible to put up access points as repeaters

Architecture of WLAN

Stations

All components that can connect into a wireless medium in a network are referred to as stations. All stations are equipped with wireless network interface cards (WNICs). Wireless stations fall into one of two categories: access points and clients.

• Access points

Access points (APs) are base stations for the wireless network. They transmit and receive radio frequencies for wireless enabled devices to communicate with.

• Clients

Wireless clients can be mobile devices such as laptops, personal digital assistants, IP phones, or fixed devices such as desktops and workstations that are equipped with a wireless network interface.

Basic service set

The basic service set (BSS) is a set of all stations that can communicate with each other. There are two types of BSS: independent BSS and infrastructure BSS. Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS.

• Independent basic service set

An independent BSS is an ad-hoc network that contains no access points, which means they can not connect to any other basic service set.

• Infrastructure basic service set

An infrastructure BSS can communicate with other stations not in the same basic service set by communicating through access points.

Extended service set

An extended service set (ESS) is a set of connected BSSes. Access points in an ESS are connected by a distribution system. Each ESS has an ID called the SSID which is a 32-byte (maximum) character string. For example, "linksys" is the default SSID for Linksys routers.

Distribution system

A distribution system connects access points in an extended service setup.

Disadvantages of Wireless LAN

Wireless LAN technology, while replete with the conveniences and advantages described above, has its share of downfalls. For a given networking situation, wireless LANs may not be desirable for a number of reasons. Most of these have to do with the inherent limitations of the technology.

• Security: Wireless LAN transceivers are designed to serve computers throughout a structure with uninterrupted service using radio frequencies. Because of space and cost, the antennas typically present on wireless networking cards in the end computers are generally relatively poor. In order to properly receive signals using such limited antennas throughout even a modest area, the wireless LAN transceiver utilizes a fairly considerable amount of power. What this means is that not only can the wireless packets be intercepted by a nearby adversary's poorly-equipped computer, but more importantly, a user willing to spend a small amount of money on a good quality antenna can pick up packets at a remarkable distance; perhaps hundreds of times the radius as the typical user. In fact, there are even computer users dedicated to locating and sometimes even cracking into wireless networks, known as wardrivers. On a wired network, any adversary would first have to overcome the physical limitation of tapping into the actual wires, but this is not an issue with wireless packets. To combat this consideration, wireless networks users usually choose to utilize various encryption technologies available such as Wi-Fi Protected Access (WPA). Some of the older encryption methods, such as WEP are known to have weaknesses that a dedicated adversary can compromise. (See main article: Wireless security.)

• Range: The typical range of a common 802.11g network with standard equipment is on the order of tens of meters. While sufficient for a typical home, it will be insufficient in a larger structure. To obtain additional range, repeaters or additional access points will have to be purchased. Costs for these items can add up quickly. Other technologies are in the development phase, however, which feature increased range, hoping to render this disadvantage irrelevant. (See WiMAX)

• Reliability: Like any radio frequency transmission, wireless networking signals are subject to a wide variety of interference, as well as complex propagation effects (such as multipath, or especially in this case Rician fading) that are beyond the control of the network administrator. In the case of typical networks, modulation is achieved by complicated forms of phase-shift keying (PSK) or quadrature amplitude modulation (QAM), making interference and propagation effects all the more disturbing. As a result, important network resources such as servers are rarely connected wirelessly.

• Speed: The speed on most wireless networks (typically 1-108 Mbit/s) is reasonably slow compared to the slowest common wired networks (100 Mbit/s up to several Gbit/s). There are also performance issues caused by TCP and its built-in congestion avoidance. For most users, however, this observation is irrelevant since the speed bottleneck is not in the wireless routing but rather in the outside network connectivity itself. For example, the maximum ADSL throughput (usually 8 Mbit/s or less) offered by telecommunications companies to general-purpose customers is already far slower than the slowest wireless network to which it is typically connected. That is to say, in most environments, a wireless network running at its slowest speed is still faster than the internet connection serving it in the first place. However, in specialized environments, the throughput of a wired network might be necessary. Newer standards such as 802.11n are addressing this limitation and will support peak throughputs in the range of 100-200 Mbit/s.

Wireless LANs present a host of issues for network managers. Unauthorized access points, broadcasted SSIDs, unknown stations, and spoofed MAC addresses are just a few of the problems addressed in WLAN troubleshooting. Most network analysis vendors, such as Network Instruments, Network General, and Fluke, offer WLAN troubleshooting tools or functionalities as part of their product line.