An Augmented Level of Security for Bluetooth Devices Controlled by Smart Phones and Ubiquitous Handheld Gadgets

The enormous growth of smartphones was impelled by the idea to make a mobile phone offer more than just cellular telephony. One of the prime factors that initiated the age of smartphones (e.g. iOS, Android, RIM, etc.) was inarguably the capability of wireless sharing of images, music etc. among the users; which was possible due to Bluetooth Technology (IEEE 802.15). Today customers of the cheapest phone in world demand to have an inbuilt Bluetooth stack. Apart from sharing files, especially media, Bluetooth provides us with a lot more functionality, like streaming audio to a home entertainment system, allowing to share an Internet connection over DUN profile, a remote car locking and security system, a few to mention. Though the IEEE 802.15 stack has its own security mechanism, sometimes a system might require an additional security architecture running collaboratively with the in-built security to authorize an inbound pairing request. A simple example of the authorization paradox is that the standard security mechanism cannot help a Bluetooth system that was paired to multiple devices, to decide which of the paired devices to authorize to execute a certain task. For example, a device may be required to allow a smartphone Bluetooth stack to stream audio but restrict it from transferring files. Here need of a profile specific authorization is felt but it is beyond the scope of IEEE 802.15. To understand it better, let us assume that a home theater system has a Bluetooth link which allows smart phones to stream audio to it over A2D Audio sharing profile. Such a home theater system (e.g. HT-DZ350 by Sony) can be connected to any smartphone and play the streamed music. Each time a device disconnects, the Bluetooth stack resets itself and identity of the Bluetooth stack on the smartphone is lost. Since Bluetooth radio waves can penetrate walls and windows, it may be possible that a neighbor of mine connected her smartphone to the Home theater system and played an unwanted music. Sometimes this can be fatal in some remote controlled instruments unless proper security mechanisms are installed. Proposed in this thesis is a novel, generic and extensible framework to prevent unauthorized access over Bluetooth serial port profile; which is independent of any Cryptographic algorithm or approach. The thesis also suggests different architectures for differently equipped hardware systems, because the performance of the system under an augmented security stack will be dif