






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Instructions for a lab experiment focused on discovering security flaws in bluetooth protocols using both windows and linux environments. Students will learn about bluetooth technology, its features, and security levels. They will use tools like bluesoleil and airsnare to detect and exploit vulnerabilities. The lab aims to help students understand the importance of securing wireless connections.
Typology: Lab Reports
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: Date Due: Last Edited: Lab Authored by: Ruhull Alam Bhuiyan and Keon Copeland Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due.
in a Windows environment and a Linux environment.
machines. Then, you will demonstrate how to access another machine with Bluetooth connectivity.
other computers and mobile devices in the vicinity. Do not attempt to connect to them!!! They will probably have some level of security, but we do not want to disturb a professor when his/her computer asks if he/she would like to allow you to connect. If you have a Bluetooth enabled laptop or cell phone, feel free to bring it into the lab to use as an experiment, but please keep experiments inside the lab using your own devices.
personal area networks (PANs), also known as IEEE 802.15.1. Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency. Bluetooth is a radio standard primarily designed for low power consumption, with a short range (power class dependent: 1 meter, 10 meters, 100 meters) and with a low-cost transceiver microchip in each device. Bluetooth lets these devices communicate with each other when they come in range, even if they are not in the same room, as long as they are within up to 100 meters of each other, dependent on the power class of the product. Products are available in one of three power classes:
Class 1: 100 meters Class 2: 10 meters Class 3: 1 meter Communication & connection A Bluetooth device playing the role of the "master" can communicate with up to 7 devices playing the role of the "slave." This network of "group of up to 8 devices" (1 master + 7 slaves) is called a piconet. At any given time, data can be transferred between the master and 1 slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). Either device may switch the master/slave role at any time. Bluetooth specification allows connecting 2 or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. Air interface The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbits/s. Version 2. implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load). Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB (although Wireless USB is really wireless USB), whereas Wi-Fi is wireless Ethernet, both operating at much lower bandwidth than the cable systems they are trying to replace, minus that of the newest version of the Wireless N protocol, which operates at a maximum speed of 108 Mbit/s.(Double that of a normal Wireless G connection.) Bluetooth Profiles In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. The following profiles are defined and adopted by the Bluetooth SIG and are a few of the most commonly used profiles:
BlueSoleil BlueSoleil allows your Bluetooth radio enabled desktop or notebook computer to wirelessly access a wide variety of Bluetooth enabled digital devices, such as mobile phones, stereo/mono headsets, keyboard and mouse, camera, printer and GPS devices or PDAs etc. BlueSoleil presents users the Bluetooth connection environment in an intuitive "Bluetooth space / orbit + Soleil (the sun)" graphical user interface. Within this intuitive environment, users can easily click "My local Soleil" device to start to search other surrounding Bluetooth device, which are shown on the orbit. Bluetooth connection can be setup by simply clicking the other Bluetooth device icon. A line will be shown between the Soleil and the device to indicate the connection. You can enjoy all the Bluetooth functions in one graphical user interface. BlueSoleil can be downloaded from http://www.bluesoleil.com/download/index.asp In this section, you will learn about the different levels of security that the Bluetooth protocol allows. This is very important because you can configure a computer for ease of use or you can lock it down for protection against unwanted attacks. Let’s begin. Both of the computers have the same setup so chose one to be the attacker and the other to be the victim. Start the XP virtual machines on both computers. Click on the BlueSoleil icon on the desktop if you do not see a Bluetooth icon in the System Tray. Otherwise, right-click on the Bluetooth icon and choose Display. Now you need to insert the USB adapter, but you will need to unload the Linux module that claims the device to be able to use it in the Windows XP virtual machine. Open a terminal on the RedHat 4.0 physical machine and unload the module that claimed the adapter. #rmmod hci_usb If you have to unplug the adapter, and reinsert it later, you will have to unload this module. Just use the previous command. You can check to see if the Bluetooth module is being used by the hci usb module with the following command. #lsmod Look for the Bluetooth module on the left and see if it is being used by any module. VMWare won’t let you use the adapter until Bluetooth is free from other modules. Now, select VM -> Removable Devices -> USB Devices -> < your Bluetooth adapter > You should see a pop up on the virtual machine confirming this. Repeat for the other lab computer.
In this section you will use BlueSoleil to find other Bluetooth enabled devices. Make sure your USB adapter is connected and BlueSoleil is running. Refer to the previous section if you don’t remember how to do so. We will see how different security levels in BlueSoleil allow for different levels of access by devise wishing to connect to our computer. On both the attacker and the victim machines, go to My Bluetooth -> Security. Select Low. Click on OK. Go to My Bluetooth -> Device Properties. Change the Device Name to Attacker and Victim, respectively. Select OK. On the attacker, click on the orange ball in the middle of the screen to find other devices. Note: Please ignore machines other than the ones you are using for this lab. Double-click on the victim machine. After a few seconds, you should see a few highlighted icons across the top-left side of the BlueSoleil window. These are the services available from the victim machine. Choose the Bluetooth File Transfer Service and a window should pop up on the attacker’s screen. Open WordPad and create a small test document and save it to the Desktop. Drag the file to the FTP window. On the victim machine, go to My Services -> Properties. Click on the File Transfer tab. Look at the Share This Folder field. Navigate to that folder in Windows Explorer. You should see the text file. Capture this screen. Screenshot # Q2.1 What are the advantages and disadvantages of the low security setting? Now we are going to try the Medium setting, but first we need to remove the computer from each other’s device history. This will make sure that the machines act as if they are connecting for the first time. On both machines, go to Tools -> Add Device from History. Select the other machine and click on Delete then click OK. Change the security to Medium on both machines and restart BlueSoleil by choosing File -> Exit and clicking on the desktop icon again. Search for other Bluetooth devices with the attacker once again. Try to do another file transfer. Q.2.2 What is happening on the victim machine? Don’t actually transfer a file this time. You need authentication to access the victim this time, but you can still see the services that the victim has available.
On the machine, where AirSnare is running, choose network adapter (in the AIrSnare window) to be Bluetooth PAN Network Adapter. Right click on the icon and select start. Now, start device discovery for the client machine. Q 3.1 What do you see? What kind to protocol is listed in the AirSnare window? Go to ‘Window’ in the file menu. Select “AirHorn Window’. Choose a client name, and type in ‘send to’. Type random message in the body. Click send Q 3.2 What happens on the client machine? Go to ‘Window’ in the file menu. Select “DHCP request’. Q 3.3 What do you see in the window? Try to connect to your host machine from a client. Try device discovery in the BlueSoleil, then wait to a few seconds. Do this several times. Take a screen shot of AirSnare ( Screenshot #3 ) Q 3.4 On the AirSnare window what do you see under the ‘Unfriendly MAC Addresses’? Why do you think this happens?
Member Names: ___________________ _______________________ Section 2 Screenshot # Q2.1 What are the advantages and disadvantages of the low security setting? Q.2.2 What is happening on the victim machine? Q2.3 Although authentication is required to connect to the victim, being able to see the available service still poses a threat. Give a few examples. Q2.4 What is happening on the victim machine with high security turned on? Screenshot # Q2.5 What is the advantage of being non-discoverable?
capability or additional or better learning experience for future students here is what you need to do. You should add that tool to the lab by writing new detailed lab instructions on where to get the tool, how to install it, how to run it, what exactly to do with it in our lab, example outputs, etc. You must prove with what you turn in that you actually did the lab improvement yourself. Screen shots and output hardcopy are a good way to demonstrate that you actually completed your suggested enhancements. The lab addition section must start with the title “Lab Addition”, your addition subject title, and must start with a paragraph explaining at a high level what new concept may be learned by adding this to the existing laboratory assignment. After this introductory paragraph, add the details of your lab addition.