It is a short range communication technology to connect to devices using short-range radio frequency(RF) which is intended to replace communication that uses cabling. It is used mainly to establish wireless personal area networks (WPAN),commonly referred to as AD-HOC or peer-to-peer (P2P) networks. This technology now a days are integrated into many types of business and consumers devices such as mobile phones, PDA, laptops, headsets, vehicles, printers.
This technology is globally accepted and any devices which are bluetooth enabled can communicate with other bluetooth enabled device located in proximity to one another almost everywhere in the world.
Bluetooth is a low cost, low power technology which provides small wireless networks. The devices with this technology connect each other through short range,ad hoc networks known as piconets. Every time a bluetooth enabled device enter or leave radio proximity the piconets gets established automatically and dynamically. Also each device in the piconets offers a simultaneous connection up to seven other devices and that piconet can also belong to several other piconets allowing a limitless connection.
This technology also has the ability to simultaneously handle data and voice transmission which provides users with a variety of uses such as printing ,synchronization with PC and laptops, accepting voice calls through hands-free headsets etc.
Some of the advantages of this technology includes:
Replacements for cable: this technology replaces the use of different types of cabling required to establish a connection between 2 or more different or similar devices e.g mouse, headsets, keyboard, printers etc.
Wireless synchronization: It automatically synchronize with bluetooth enabled devices such as laptops via wireless connection. e.g synchronization of address book contained in laptops,cellular phones etc.
Internet connectivity: any bluetooth enabled device having internet connectivity can share the internet access with other bluetooth enabled device. One acts as a modem. e.g a laptop can use a internet via a bluetooth enabled cellular phone by establishing a dialup connection through the cellular phone.
Bluetooth Technology Characteristics:
Bluetooth operates in the unlicensed 2.4 GHz to 2.4835 GHz Industrial, Scientific and Medical (ISM) frequency band. Many technology such as IEEE 802.11 b/g WLAN standard operate in this band. It employs frequency hoping spread spectrum (FHSS) for every transmissions, also FHSS helps to minimize the interference and transmission errors as well as provides a limited level of transmission security. This is done by the technology which detects the devices under the spectrum and avoids the frequency used by the other bluetooth enabled device. Also the communication between the devices uses 79 different radio channels by hoping frequencies at 1 MHz interval giving a high degree of interference immunity and allowing better transmission within the spectrum. This hoping provides greater performance even when other technologies are being used simultaneously with bluetooth technology.
Range:
the operating range depends upon the device class which include the following:
Class 3 radios : supports up to 1m or 3ft.
Class 2 radios : found in mobile devices-ranges from 10m or 33 ft.
Class 1 radios: used in industrial sector having a vast range of 100m or 300 ft.
Bluetooth low energy technology has a range of up to 200m or 600ft.
Power Consumption:
class 2 device uses 2.5 mW of power.
The generic alternate mac/phy in version 3.0 HS enables the discovery of remote AMPs for high speed device and turns on the radio only when needed for data transfer giving a power optimization benefit as well as aiding in the security of the radios.
Bluetooth low energy technology, optimizd for devices requiring maximum battery life instead of a high data transfer rate, consumes between ½ and 1/100 the power of classic bluetooth technology.
Data rate
bluetooth low energy technology provides a speed of 1 Mbps of data transmission.
For version 1.2 and 2.0 EDR the data rate includes 1Mbps and 3 Mbps respectivley.
For version 3.0 HS up to 24 Mbps is supported.
Security Aspects:
bluetooth technology and associated devices are susceptible to general wireless networking threats, such as DOS attacks, eavesdropping, man-in-the-middle-attacks, message modification, and resource misappropriation. Generally the security are classified into three categories:
non-secure: in this type any bluetooth device do not initiate any security measures.
Service level enforced security: in this security mode two bluetooth device establish a nonsecure Asynchronous Connection-Less (ACL) link.
Link level enforced security: in this mode authentication, authorization and optional enryption are initiated when a request of L2CAP(logical Link Control and Adaptation Protocol )connection-oriented or connectionless channel is made. This security mode is established before the connection is made between the devices.
Vulnerabilities:
Bluejacking: this is a threat which involves a sending of unsolicited messages or business card to bluetooth enabled devices. For this threat to work the sending and receiving device must be within the range of of 8-10m from each other. This is a method usually used for promotional purposes intent rather than with any malicious intention. This method can be quite annoying due to repetitive messages. Also this method does leave a door open for variety of social engineering attacks. In order to prevent this type of attack the device must be set into non-discoverable mode in unsecured areas.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Bluesnarfing: this hacking method is done in bluetooth enabled cellular phones and what this attack does is it copies the entire contact book, calender or anything that is stored in the cellular phone’s memory. This threat can be minimised by setting the device in non-discoverable mode in an un-secured zone. How-ever many software are available in web which can steal information from blue-tooth enabled devices.
the back door attack: this attack starts of after being in connection with bluetooth device; through pairing mechanism and if the owner does not observe their device after connection than they are unlikely to notice anything after the device are paired; allowing attacker to use any resources that a trusted relationship with that device grants access to. This means the attacker can not only retrieve data but also use features such as GPRS WAT, internet, modems etc. without the owner being notified.
The cabir worm: it is a malicious software that uses the bluetooth technology to look for available bluetooth devices and send itself to them. This worm currently only effects mobile phone which uses symbian series 60 user interface platform. But this threat can be avoided by the user since the user itself has to manually accept the worm and install in order for this attack to be in effect.
GPRS
it is a non-voice value added service which allows Mobile Phones to be used for sending and receiving data over and internet protocol(IP) based network. It stands for General Packet Radio Services. It is a packet based radio service which is delivered as a network overlay for GSM, CDMA and TDMA networks which enables “always on†connections. This eliminates the repetitive and time consuming dial up connection. It also reserves radio resources only when there is a certain data to be sent ensuring the maximum utilization of radio resources. This service enables users to use many multimedia application through mobile internet. Along with it it provides user the internet from anywhere and anytime.
GPRS handles data in a series of packets which can be routed over several paths through the GSM network. The data is segmented and stored as packets before being transmitted and reassembled at the receiving end. GPRS users get the benefit of instantaneous connection setup and continuous connection to the internet after being logged-in to an APN (Access Point Name) until the user log off and the user only have to pay the data which is actually transmitted. Since this is a wireless technology so and end-to-end connection is not required because network resources and bandwidth are only used when data is actually transferred. This allows efficient use of available radio bandwidth. This reduces the cost compared to circuit switched services since communication channels gets shared and are on a ‘as-packets-are-needed’ basis.
GPRS data speeds ranges from 14.4 kbit/s (using one radio time-slot) to 115kbit/s (by amalgamating time slots). The average data transfer speed is at about 56 kbit/s. The improvement in the data rate allows users to take part in video conference and interact with various websites and similar application using mobile handheld devices as well as from notebook computers.
GPRS is based on GSM communication and will complement existing services like SMS. It also complement blue-tooth.
Advantages of GPRS:
Operators
offer new and improved data services to residential and business markets.
Uplift the revenues from data services.
Opportunity to increase the number of network users.
Provides an upgrade path and baseline for UMTS
End Users:
high speed internet
cost effective since charge is carried out only when data is transmitted and not for the duration of connection
constant connectivity
simultaneous use of voice and data communication
Applications of GPRS include:
Chat
web browsing
internet email
file transfer
file sharing
Security:
Security threat depend the type of traffic and data service for specific threat. The Gp interface is the logical connection between PLMNs that is used to support roaming data users. The following traffic falls under Gp :
GTP : this provides a logical connection between the SGSN and GGSN of roaming partners.
BGP : this provides the routing information between the operator and the GRX and/or roaming partners
DNS: provides resolution for subscriber’s Access Point Name (APN)
THREAT ON Gp includes
Availability
Border Gateway Bandwidth saturation : in this type of threat a malicious operator connects to the same GRX which may have the ability to generate a sufficient amount of traffic which gets directed at users border gateway such that required traffice is starved for bandwidth in or out of user PLMN. Finally denying roaming acess to and from the network.
DNS flooding: in this threat the DNS server gets flooded with correct or malformed DNS queries denying subscribers to locate GGSN to use an external gateway.
GTP flooding: in this threat SGSNs and GGSNs may be flooded with GTP traffic that cause them to spend their CPU cycles processing illegitimate data preventing subscribers to roam or send data out to an external network
Authentication and Authorization
Spoofed create PDP context Request:
Spoofed update PDP context request
Integrity and Confidentiality
Capturing a subscriber’s data session
WAP
WAP stands for Wireless Application Protocol. It is an application environment and a set of communication protocol for witless devices which is designed to allow manufacturer, vendor and technology independent access to the internet and advanced telephony services. Basically it serves as a bridge between the mobile world and the internet as well as intranets offering the ability to deliver an unlimited range of mobile value added services to the users regardless of their network, bearer and terminal. This also enables subscriber to access the same amount of information from a pocket sized devices as they can from the desktop.
The WAP specification defines a set of protocols in layers like application , session, transaction, security, and transport enabling operators and manufactures to meet the challenges in advanced wireless service differentiation and fast/flexible service creation.
WAP utilizes binary transmission for greater compression of data and is optimized for long latency and low bandwidth. The light weight WAP protocol block is designed to minimize the required bandwidth and maximize the number of wireless network types that can deliver WAP content. Since WAP is based on a scalable layered architecture, each layer can develop independently of the others making it possible to introduce new bearers or to use new transport protocols without having to make any alteration in other layers.
Versions of WAP
WAP 1.X-
WAP 1.0 was introduced way back in April 1998 which described a stack of softwares for internet access through mobile.
WAP 1.1 was then introduced a year later after WAP 1.0 in 1999.
WAP 1.2 which was the final update of the WAP 1.X series was introduced in June 2000 and the significant update of this was the introduction of WAP push.
WAP Push:
This version allows WAP content to be pushed to the mobile device with minimum user intervention since this includes a specially encoded message that includes a link to wap address. It can be used over any device which supports WDP like GPRS and SMS.
This push version enables users the option to automatically access the WAP content with WAP 1.2
WAP 2.0:
This version re-engineered WAP which was introduced in the year 2002 and was a simple version of HTML which is called XHTML. The XHTML helps reduce the bandwidth of internet pages helping user to use the saved bandwidth for other purpose.
Benefits:
Operators
chance to increase the subscriber by improving services such as interface to voice mail and prepaid systems
introduction of new application without the need for additional infrastructure or modification to the phone.
Enabling the provision of end-to-end turnkey solution which create a lasting competitive advantage.
Content Providers;
enable content and application developers to grasp eh tag based WML(wireless Markup Language) allowing services to be written and executed within an operator’s network quickly and easily
End Users
easy and secured access to relevant internet information and services such as unified messaging and entertainment through their mobile devices.
Can access the information from corporate databases.
Significant freedom of choice when selecting mobile terminals and application they support
allows users to receive and request information in controlled fast and low-cost environment .
Applications of WAP:
advertising the product directly through the mobile devices allowing the shoppers directly the link to order entry page.
Establishment of virtual lan enabling users to play or share information within the grous.
Downloading files.
Infotainment feature: customer care and provisioning, message notification and call management, email, mapping and location service, weather and traffic alerts, sports and financial services, address book and directory services and corporate intranet application.
Security concern over WAP
WAP Gateway : this is the most important threat associated with WAP. In this threat WAP devices communicate to web servers through WAP gateway meaning WAP contains unencrypted data for a short period of time which can be highly confidential. In order to avoid this the WAP device must switch to a trusted and secured gateway instead of using the default WAP gateway. Also another solution includes upgrading all wap gateways such that they can work in pass-through mode. When WAP gateway works in this mode it just let pass all the encrypted traffic from mobile phone to server without being decrypted and the gateway would be just a relay for the data stream.
Weak encryption algorithms: the encryption protocol encrypts data during the handshake phase which has a possibility to choose the 40bit DES encryption method. In this method, a 5 byte key is used containing 5 parity bits leaving only 35 effective key bits in the DES key. This DES key can be easily hacked through brute force
potential for virus attacks: wap contains a scripting language(WMLScript) which makes easier for viruses to affect mobile phone.
GSM
It stands for Global System for Mobile Communication which is a globally accepted standard for digital cellular communication and most globally used mobile phone system . It is an open digital cellular technology which is used to transmit mobile voice and data services. This design was the first digital design to follow the analog period to enhance the security from analog counterparts in mobile communication. This technology supports voice calls and data transfer rate up-to 9.6kbit/s, along with the transmission of SMS. This operates in the 900MHz and 1.8 GHz bands in Europe and 1.9 GHz and 850MHz bands in the US , Australia, Canada and many south American countries. The users can access the same service when traveling abroad through GSM international roaming capability which is done after harmonizing spectrum across most part of the earth. This gives users to connect seamlessly and same number connectivity in more than 218 countries even if they have different network service provider.
Application of GSM includes:
accessing the internet with GPRS being enabled..
Used in E-commerce for services like mobile banking, e-ticketing etc.
Advantage of Gsm include:
the consumer benefits from the ability to roam and switch carriers without replacing phones and SIM and also to network operators.
High voice clarity due to the efficient use of radio frequencies which allows the system to tolerate intercell disturbances.
The encryption of speech allows user information to be secured.
Also pioneered low cost implementation of the short message service known as text messaging.
Introduction of worldwide emergency telephone number feature.
Introduction of value added feature such as GPRS EDGE.
Threat includes the following:
there are mainly two motivation for attackers of mobile phone systems which are:
Theft Of service:
cloning: In this type of attack, the attacker steals the identifying information from a legitimate phone and loads it to another phone allowing attacker to masquerade as the legitimate phone. What this does is it causes charges to be assessed against the account holder of the legitimate phone.
Call Decryption: this threat is based on the encryption method of the GSM network. The attacker had found to decrypt a call with greater speed within 30 seconds with just a laptop and specific radio device back in 2007 and 2008.
data Interception: in this type of attack the attacker can easily listen to the transmission of the phone using relatively unsophisticated tools in a effort to eavesdrop on the voice and data transmission occurring. To solve this problem encryption of the data in the air should be maintained.
Cite This Work
To export a reference to this article please select a referencing style below: