Re: [Bluez-devel] RFCOMM service level security testing

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

From: Steven Singer <steven.singer@csr.com>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Stephen Crane <steve.crane@rococosoft.com>,
	BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: Re: [Bluez-devel] RFCOMM service level security testing
Date: Wed, 03 Nov 2004 18:45:00 +0000	[thread overview]
Message-ID: <4189272C.4080306@csr.com> (raw)
In-Reply-To: <1099504367.7125.131.camel@pegasus>

Marcel Holtmann wrote:
> do you know any document that explicit requires it? Maybe SIM Access?

Not offhand, but I would have thought it was implicit in the security
model.

Not many systems have to worry about running profiles whilst
simultaneously allowing direct access to HCI.

Of course, even for systems that don't allow access to HCI, they still
have to worry about the other side disabling encryption.

> I heard rumors that encryption costs more CPU and so consumes more
> power. Is this still true with modern chips or can we ignore this?

I'd be surprised if this has ever been true to a significant level.

The encryption engine used in Bluetooth is quite lightweight if
implemented in hardware. I can't imagine that anyone has implemented it
in software (not least because the encryption stream used depends on the
time at which the packet is transmitted - retransmits use a different
obscuring stream).

Compared to the power the rest of the system is taking (most notably,
the radio), the encryption is negligible.

It's reasonable to work on a model that encryption is free. In which
case the question is, is there any reason encryption shouldn't be turned
on as early as possible (as soon as authentication completes)?

> This is a good point, but I think I will explicit have this fine gain
> control. However it is enough to set the *_ENCRYPT flag for example and
> the authentication will be triggered always first.

Strictly speaking, it's impossible to enable encryption at the baseband
level without first having authenticated (though only one side needs to
have initiated authentication).

There's a strong argument, however, for having just one combined flag
that requests both authentication and encryption. Fewer flags means
less complexity.

The problem with having separate flags is that someone might think "oh,
I don't care if anyone snoops on this data, I just want to make sure I
get requests only from trusted devices". In that case they might request
only authentication and not encryption. Unfortunately, this is not
enough to prevent session hijacking.

By having just one flag, you remove the possibility that anyone could
chose an inappropriate setting. They'll just have two options: secure
and insecure.

	- Steven

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

next prev parent reply	other threads:[~2004-11-03 18:45 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-10-30 15:55 [Bluez-devel] RFCOMM service level security testing Marcel Holtmann
2004-11-02 22:03 ` Marcel Holtmann
2004-11-03 15:28   ` Stephen Crane
2004-11-03 15:37     ` Marcel Holtmann
2004-11-03 15:56       ` Stephen Crane
2004-11-03 16:08         ` Marcel Holtmann
2004-11-03 16:38           ` Stephen Crane
2004-11-05 12:28             ` Marcel Holtmann
2004-11-03 16:49         ` Steven Singer
2004-11-03 17:52           ` Marcel Holtmann
2004-11-03 18:45             ` Steven Singer [this message]
2004-11-03 19:01               ` Marcel Holtmann
2004-11-15 17:58                 ` [Bluez-devel] " David Hughes
2004-11-15 18:10                   ` Marcel Holtmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4189272C.4080306@csr.com \
    --to=steven.singer@csr.com \
    --cc=bluez-devel@lists.sourceforge.net \
    --cc=marcel@holtmann.org \
    --cc=steve.crane@rococosoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox