What’s changing in Bluetooth that makes security a requirement, not an option.
The use of Bluetooth technology continues to grow beyond mobile into rapidly expanding IoT and automotive applications. Consumers have grown to expect hands-free calling via Bluetooth, however, as the technology moves to other use cases such as tire pressure monitors or door lock connectivity, security becomes a key challenge to automotive SoC designers.
Bluetooth-enabled devices have been a target of many documented hacks including, most recently, BlueBorne. “In 2011, researchers at the University of California at San Diego and the University of Washington found ways into a Chevy Impala’s innards that included everything from its OnStar connection to a hacked smartphone connected to its infotainment system via Bluetooth to a CD containing a malicious file inserted into its CD player.” (Andy Greenberg, 8.1.16. The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse. Wired.com).
Vulnerabilities enable hackers to download malicious software, and in the case of BlueBorne, without even requiring a file to be downloaded. This is a frightening thought for consumers and developers wanting to connect wirelessly from their smartphone to a “thing” or an automobile. This article discusses how the introduction of Bluetooth mesh will remedy current vulnerabilities and drive secure and private connections to automotive and IoT applications.
Introduction of Bluetooth Mesh
In July of 2017, the Bluetooth Special Interest Group (SIG) introduced Bluetooth mesh networking, continuing its upgrades to Bluetooth 4.2 with low energy technology and Bluetooth 5 specifications. Bluetooth 4.2 added optional security features while Bluetooth 5 added longer distances, better reliability, more data throughput, and faster data rates.
Bluetooth mesh allows Bluetooth devices to create a network, targeting applications like smart homes, cities and factories. The specification enables a many-to-many network topology, connecting a few or a few thousand devices to one another. Bluetooth mesh’s features enable the adoption of Bluetooth beyond the traditional peer to peer connection to systems needing wireless sensor networks. Unlike traditional networks that route data to the proper addresses, Bluetooth mesh uses a simple approach of flooding the data to the network. Bluetooth mesh and the new Bluetooth 5 capabilities position Bluetooth in many new applications that can interact with an automobile or its passengers both within the automobile or within the range of the surrounding infrastructure.
Per the Bluetooth Special Interest Group, Bluetooth enables new use cases in the car:
Bluetooth is pervasive, but is it secure?
Because Bluetooth is in all mobile phones it has become a popular target for hackers seeking valuable financial and personal data. That has fueled sentiment that Bluetooth is vulnerable to security breaches. However, many of these vulnerabilities are due to a lack of security threats being taken seriously. An example of one of these vulnerabilities is referenced in an article by Charlie Miller, A Hacker’s Guide to Fixing Automotive Cybersecurity. “Most cars offer Bluetooth connections to their driver’s phones. This allows the driver to make hands-free phone calls or play music from their phone over the car’s speakers. It also means the car is processing data over Bluetooth from the outside world. In fact, in 2011, researchers from the University of Washington and University of California, San Diego, successfully attacked a car through the Bluetooth interface by exploiting a vulnerability in the code that parsed the Bluetooth communications.”
Some silicon providers are beginning to take potential wireless vulnerabilities more serious and already claim their solutions are immune to the currently reported vulnerabilities such as BlueBorne. System architects for “Deeply embedded systems” (non-mobile) have claimed very limited exposure to the most recent vulnerabilities. This is partially because deeply embedded designs are deployed with RTOS, stacks and software solutions that are not like the mobile phones that are dominated by systems built on Android. But these less used software systems still require security implementations.
It’s still common practice for many Bluetooth Low Energy devices to send unencrypted data in peer-to-peer connections. This unsecured connection is typically productized without security because security is an optional capability in current Bluetooth Low Energy Generic Attributes (GATT) devices. Secondly, developers see extra risk and cost associated with implementing security. If there are limited repercussions to avoiding security, and big hurdles to implementing security, many choose to forgo any security features. With the adoption of Bluetooth mesh, security capabilities are no longer “optional.”
Prior to the Bluetooth mesh specification release, there has been a recent trend to adopt security features. However, manufacturers fail to properly design security into their system from the ground up, making it ineffective and easily bypassed. Improper implementations can often be due to cost and complexity, ineffective controls during development, newly exposed vulnerabilities, or a simple lack of security experience.
Bluetooth mesh can be adopted with firmware updates, presenting a new opportunity for securing devices with Bluetooth connectivity, however without proper implementation of the security hardware components additional vulnerabilities may be found.
Bluetooth mesh security requirements and implementation
Requiring security will move the market to consider and plan for security from the ground up, ensuring a quality security development process throughout the design cycle. From Bluetooth IP, security IP and processor IP selections, to final software and application testing, Bluetooth mesh requires security that works as intended. The Bluetooth SIG has specified the encryption and authentication of all mesh messages, which is a very important step in securing Bluetooth devices.
Bluetooth mesh security uses three types of security keys: Network Keys, AppKeys and Device Keys. While the Device Keys provision and configure a node, the Network Keys set up each node as a member of a network. The AppKeys secure messages at the network layer to ensure messages from different applications only access the proper information. Advanced Encryption Standard-Counter with CBC-MAC (AES-CCM) is the basic encryption and authentication cipher used.
From a bottoms-up security implementation, many Bluetooth-enabled products will need to begin with a Random Number Generator. From that point forward, encryption/decryption and key generation can occur in varying ways depending on power usage profiles, performance requirements, and cost and complexity trade-offs. Doing these tasks in hardware can increase performance, lower power consumption and ensure a more secure implementation.
The chip architecture should implement the necessary functions in hardware, when appropriate, and ensure a proper utilization of hardware by the firmware and software developers during their development cycle. Designers should plan interoperability testing with secure implementations of Bluetooth mesh with partners throughout all the layers of the protocol. Bluetooth mesh requires security at multiple layers, making it a driving force in wireless connectivity for the Bluetooth-enabled applications.
Conclusion
The adoption of Bluetooth 5 expands the technology beyond nearables and hearables to new applications such as smart homes and automobiles. Bluetooth mesh moves the technology even further, supporting networks of devices both large and small. But most importantly, Bluetooth mesh makes security a requirement, not an option.
The Synopsys DesignWare Bluetooth Low Energy Link Layer and PHY IP solutions, compliant with Bluetooth 5 and Bluetooth mesh, deliver random number generation and crypto acceleration hardware as optional features to enable a secure product. Synopsys’ DesignWare Security IP solutions include NIST-compliant true random number generators and an array of options for crypto acceleration to best fit power, area and performance optimizations. Synopsys’ DesignWare ARC Secure IP Subsystem addresses security threats in embedded SIM and other high-value embedded applications, and provides a programmable hardware root of trust to protect against malware, tampering and exploitation of communication protocols in SoCs. Beyond the Bluetooth, processor, security, and subsystem IP, Synopsys is collaborating with industry leaders such as InfoSec Global supporting their Agile Crypto Solutions, and Rambus with CryptoManager infrastructure and key provisioning services, to better react to new threats leveraging Synopsys IP and firmware updates.
Adoption of industry leading wireless and security IP, software, and services is essential to address almost daily security vulnerabilities, starting from the design concept phase. Bluetooth mesh enables better, and proper security adoptions for Bluetooth-enabled devices.
Leave a Reply