Discussion on the Security of Automotive Smart Bluetooth Technology

Bluetooth low energy technology is a low-cost, interoperable wireless technology for short-range operation that operates in the unlicensed 2.4GHz ISM RF band. Bluetooth low energy technology was formerly known as Bluetooth Smart technology. It is precisely because of the above characteristics of Bluetooth low-power technology that various auto manufacturers have expressed plans to apply the technology to automobiles. Through Bluetooth low-power technology, users can switch their car doors and adjust windows, seats, mirrors, lights and other functions through their own smart phone buttons or car wireless control buttons.

This article refers to the address: http://

By applying Bluetooth low-power technology to automobiles, in addition to providing users with great convenience, car manufacturers can also get convenience. By utilizing Bluetooth low-power technology, automakers can eliminate in-car wired connections during car production, which avoids cluttering car wiring problems. This will greatly reduce the complexity of car wiring for automakers while reducing the weight of the entire vehicle. Therefore, it is not a good idea to apply Bluetooth low-power technology to cars with such a big advantage.

However, there is currently one biggest problem with Bluetooth low energy technology. What is the security of controlling the body electronics through the Bluetooth low energy technology?

Luca De Ambroggi, chief analyst of IHS Technology's automotive semiconductors, said in an interview with the foreign media EE Times that due to the nature of wireless technology, no matter which wireless technology is associated, it will be accompanied by corresponding security. Sexual problems. At the same time, Luca De Ambroggi also said that Bluetooth low energy technology is much more secure than WIreless-FIdelity (WiFi) or Long Term Evolution (LTE). Luca De Ambroggi also speculated that the entire industry is currently working to fix the related security vulnerabilities of Bluetooth low-power technology, and also said that this is a never-ending problem.

It turns out that Luca De Ambroggi's guess is correct. Currently, the Bluetooth Special Interest Group (SIG) is working hard to improve the device-level security level of the Bluetooth low energy technology. Joel Linsky, senior technical director of Qualcomm Technologies and chairman of the Bluetooth Specification Alliance Core Specification Working Group, said that the Bluetooth Technology Alliance is currently working on the development of the Bluetooth low-power technology to implement its new features in industrial-grade security-level technology. Suke Jawanda, chief marketing officer of the Bluetooth Technology Alliance, said that the specific implementation time for the new specification standard for Bluetooth low-power technology is still uncertain.

Discussion on the Security of Automotive Smart Bluetooth Technology

Bluetooth security risks

According to Jimmy Pai, marketing manager of Cambridge Silicon Radio, CSR Technologies, a Fabless fabless semiconductor manufacturer based in Cambridge, UK, whose main product line is single-chip Bluetooth chips, GPS chips, etc. Vendors and Tier 1 suppliers have expressed security concerns about this Bluetooth low-power technology. A year ago, CSR Technologies introduced its automotive body electronics control chip, the Bluetooth low-power chip, and said: "Our CSR technology company has been working with the automotive manufacturer to develop the Bluetooth low-power chip. For two years, we have been unable to wait for the Bluetooth Technology Alliance to propose a new solution." Therefore, CSR Technologies has developed a workaround to meet the needs. “The technical improvements we have introduced are our CSR-specific solutions that comply with the relevant standards of the Bluetooth Technology Alliance.”

For the Bluetooth low-power technology, the security question that automakers and Tier 1 suppliers often ask is: Can people control the car by hijacking the wireless connection?

Mike Ryan, security engineer at iSEC Partners, said the "key exchange" process for Bluetooth low-power technology is the weakest link in the technology. In his technical white paper, Mike Ryan pointed out the conversational eavesdropping vulnerabilities in Bluetooth low-power technology and showed the process of intercepting and reassembling packets into connected data streams. Mike Ryan also demonstrated data attacks for the Bluetooth low energy technology key exchange protocol. Among them, the key role of the key exchange protocol is to prevent data encryption from failing to prevent data eavesdropping.

After communicating with the EE Times email, Mike Ryan summarized the replies from the Electronic Engineering Times: If the Bluetooth low energy technology key exchange protocol fails, and if the user device security depends on Bluetooth low Power technology has built-in security settings, and hackers need to be able to see how users are pairing their phones. Only then can a hacker attack the user's vehicle through the Bluetooth low energy technology. If the user setting can open the door via Bluetooth low energy technology, the hacker will be able to control the opening of the door through the Bluetooth low energy technology.

Discussion on the Security of Automotive Smart Bluetooth Technology

Key exchange protocol vulnerability

Mike Ryan believes that the key exchange protocol is the only weak link in Bluetooth low energy technology. In the email, Mike Ryan said: "The other technical protocols of the Bluetooth low-power technology are designed to be perfect and meet the daily needs. At the same time, the technical protocols used by different devices are different. So some devices do exist. Security issues. However, some devices do not use a key exchange protocol or encryption protocol at all. Other devices do not make reasonable use of privacy protection technology, so this type of device is easily hacked."

In addition, Mike Ryan wrote in his technical white paper that Bluetooth low-power technology features encryption protocols and in-band key exchange protocols, unlike Elliptic Curve Diffie-Hellmann (Elliptic Curve Diffie-Hellmann, ECDH is a mature key exchange protocol based on ECC, the Diffie-Hellman key exchange algorithm of Elliptic Curve Cryptosystems. Among them, the Elliptic Curve Diffie-Hellmann key exchange protocol is a key exchange protocol proposed by the Bluetooth Technology Alliance. In addition, the in-band key exchange protocol used by Bluetooth low-power technology has a fatal weakness, that is, the key exchange protocol in the band will destroy the privacy of the Bluetooth session and cause the content of the session to be eavesdropped.

The question raised by the Mike Ryan team is mainly aimed at the key exchange protocol of the Bluetooth low-power technology without mentioning its encryption technology.

Joel Linsky, senior technical director of Qualcomm Technologies, said that the Bluetooth Ryan team pointed out in its own position that the Bluetooth low-power technology key exchange protocol does not have anti-eavesdrop protection. However, for the Bluetooth technology alliance, Bluetooth low-power technology is designed to achieve versatility on different devices. Bluetooth technology alliance technicians cannot use Bluetooth on the first day of Bluetooth low-power technology development. The design of low-power technology is completely free of problems, which is really too strict for the technicians. "And the wireless technology industry is also aware of the shortcomings of this technology and potential hidden dangers."

According to the different application backgrounds of Bluetooth low-power technology, Joel Linsky said that it is fully achievable to add a security level to the "application-level security level" for Bluetooth low-power technology, but not all wireless devices require device-level security.

Discussion on the Security of Automotive Smart Bluetooth Technology

Original ecological support Diffie-Hellmann key exchange protocol

Joel Linsky also said that the Bluetooth Technology Alliance is currently working on a Bluetooth low-power technology that natively supports the Diffie-Hellmann key exchange protocol, which was introduced by the National Institute of Standards and Technology. Standard algorithms, in addition, the standard algorithms introduced by the National Institute of Standards and Technology also include hashing functions, key exchange protocols, and Elliptic Curve Diffie-Hellmann (ECDH) key exchange protocols.

Mike Ryan said that although ECDH will lead to higher cost of the central processing unit (CPU), increased power consumption and longer time for Bluetooth low-power technology key exchange, "but as long as it is used properly, its cost increases for users. It is once and for all."

In Joel Linsky's view, the biggest problem with introducing ECDH key exchange protocol for Bluetooth low-power chips is that the response time is longer. The calculation process is in an industrial grade 8051 Micro Control Unit (MCU). In progress). "A Bluetooth low-power chip using the ECDH key exchange protocol takes only a few seconds to complete the key exchange. If the time spent in this process exceeds 1 second, the chip is judged to be processing speed. Too slow." In this regard, Joel Linsky said that it is possible to increase the speed of chip calculations simply according to Moore's Law. If the Bluetooth low-power chip uses a micro-control unit such as the ARM Cortex M0 or higher, the key exchange time of the chip can be reduced to 50-100 milliseconds. Joel Linsky also said that it is not clear about CSR Technologies' added security measures for Bluetooth low-power technology.

According to Jimmy Pai of CSR Technologies, CSR Technologies has proposed security measures such as “out-of-band pairing” and “AES-128 encryption algorithm” for Bluetooth low-power technology. Jimmy Pai believes that Bluetooth low energy technology is just a communication tool, and the function of controlling the vehicle, for example, through a user's smartphone can be realized by the vehicle internal device.

It is reported that the Bluetooth low-power technology security specification update is already under planning, and it will be released at the same time as the new specification of the Bluetooth technology alliance. But for now, the specific release date of the Bluetooth Technology Alliance for its new Bluetooth specification has not yet been made public.

Solar System

Home Solar System ,Solar Panel System,Solar Energy System,Solar Lighting System

jiangmen jieken lighting appliance co.,ltd , https://www.jekenlighting.com

This entry was posted in on