According to the Bluetooth 5.2 manual, pages 1641-1642, Table 2.8, Numeric Comparison pairing should be used in cases when both devices have a display. These displays can be used to show confirm Yes/No prompts on both devices as part of authentication. (Figure 2.3, page 1648). However, from the perspective of protocol message exchange sequences for Numeric Comparison, it appears that even if one of the devices does not have display IO the Numeric Comparison pairing can be used. In particular, instead of displaying the passcode on both of the devices, it can be displayed on one of the devices (assume device A) and the other device (assumer device B) merely enters the same passcode through the keypad. The internally generated same passcode (Va=Vb) can be matched with entered passcode on device B and can be confirmed Yes/No prompt on device B. The rest of the procedure can be followed as the standard method (Passkey Entry pairing, page 1652, Figure 2.5).
Is there anything wrong with my understanding here? Is there any security implication of using Numeric Comparison pairing with devices not having displays?
Related
So I'm trying to write a small applet which reads a serial number from a smart card using the javax.smartcardio library. Smartcard is connected with bit4id reader, and right now I successfully connect to the smartcard and read basic infos such as ATR and protocol (T=1).
I did some research about it (for example: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx#table9)
But I'm not getting which specific list of command APDUs should I send to the card to get that serial.
Is there an "easy way" to do that, without reading tons of papers and manuals?
I guess I would need some datasheets to know how data is stored inside the card, right? or can i send some kind of command APDUs to retrieve this info from the card too?
Right now I only receive SW=6986 responses (not valid command)
Any advises, even only on the workflow, would be strongly appreciated!
There is no one way to read a smart cards serial number. "smartcard" is an ISO/IEC standard defined in the 7816 specification. Many industries use this standard like Mobile SIM, Bank Cards and Digital Signature Cards.
The implementation of the standard is different across industry with some industries advancing this basic standard with there own additional APDUs etc. like 3GPP/GSMA standard in the Mobile SIM case or the EMV standard in banking.
Anyhow, assuming that this card is smart-card ISO/IEC 7816 compliant you could possibly assume that it uses file base storage for card data. You could use the "SELECT" command (defined in 7816-4) to try to access all available files and print there information. i.e. files are identified by two bytes like 3F00 you could select from 0000,0001,0002....FFFF then if you get a successful select (status word 90) then read the contents and print it. Doing this you may be able to identify which file has the "serial" then you would only need to read this file going forward.
The above is not "easy" but may be a nice challenge and learning experience.
My teachers use a small device, with a press on the only button the device shows a code of numbers.
When they want to change my grades they login to the school system using this code.
NO I DO NOT WANT TO HACK IT ;)
I'd like to know how this sort of code is generated and afterwards how it is authenticated?
Sounds like the device is used for two factor authentication.
RSA makes one type of these devices. Here is a link to more information on it: RSA SecurID
#Mart Haarman, The SecurID is not based on time. It used 128 bit RSA algorithm, has a seed value which is a random generated number embedded in the device and mapped to the device serial number.
How exactly does Bluetooth paring work? What is communicated between each device during the pairing process?
I was told if you had device-A wanting to pair with device-B:
A sends a 'unique key' to device B on some wavelength/frequency
B returns an 'echo' back to A, and hence the devices pair.
+-----+ key +-----+
| | ----> | |
| A | | B |
| | <---- | |
+-----+ echoed +-----+
This seems to be inaccurate, so would anyone be able to either expand further or actually explain how/what is communicated to result in a successful pairing of the devices?
I was thinking of incorporating some of this research into a final year project (University), but would at least need to know the something of the Bluetooth programming pairing first.
Any help would be much appreciated in describing how these initial communications work.
I've heard of terms such as 'parked mode', and 'passive mode' within my research, but am yet to find any 'useful' information in the programming behind the design, (and hence I have asked this question). The likes of googling this type of topic is also quite difficult as it seems to bring up stuff like 'how to turn your bluetooth on' pages, and not the design of the programming behind it.
Bluetooth Secure Simple Pairing uses Elliptic Curve Diffie Hellman (ECDH) public key cryptography with approximately 95 bits of entropy using the FIPS approved P192 elliptic curve.
E:y2=x3 +ax+b(modp)
The following parameters are given:
The prime modulus p, order r, base point x-coordinate Gx, base point y- coordinate Gy.
The integers p and r are given in decimal form; bit strings and field elements are given in hex.
p = 6277101735386680763835789423207666416083908700390324961279
r = 6277101735386680763835789423176059013767194773182842284081
b = 64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1
Gx = 188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012
Gy = 07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811
There are five phases of Secure Simple Pairing:
1. Public key exchange
Each device generates its own Elliptic Curve Diffie-Hellman (ECDH) public-private key pair.
2. Authentication Stage 1
1 of 3 protocol options is chosen by the connecting devices based on the IO capabilities of the two devices. These are:
Numeric Comparison,
Out-of-Band,
Passkey Entry
3. Authentication Stage 2
Each device confirms that both devices have successfully completed the exchange as stipulated by which of protocol was chosen and used in the previous step.
4. Link key calculation
A link key is computed from the derived shared key and the publicly exchanged data. This is the numeric code shown to the user.
5. LMP Authentication and Encryption
The encryption keys are generated. The devices are successfully connected.
Further Reading:
Bluetooth user Interface Flow Diagrams for Bluetooth Secure Simple Pairing Devices (PDF)
Bluetooth Core Complete Specification v4.0 vol0 (ZIP/PDF)
the core specification is 138 pages and to fully answer your question would take at least 20 so to fully answer your question you'll need to read the references
A trusted relationship is established between the devices using a numerical password, commonly referred to as a passkey. Depending on how often one Bluetooth device connects to another, the user might opt to have the passkey saved for future connection attempts or prompt to enter the passkey each time the devices request communication with each other.
Read more : http://www.ehow.com/how-does_4964578_bluetooth-pairing-work.html
For two devices to have the ability to pair, they must share the same bluetooth profile. The following is from the official Bluetooth website:
Pairing devices
Not all Bluetooth enabled devices are designed to be paired. Logically, there's no reason to connect a wireless mouse to a wireless headset. You should be able to pair a Bluetooth enabled headset to a Bluetooth enabled phone, or a Bluetooth enabled mouse to a Bluetooth enabled computer.
If you're not sure whether the two devices you want to connect are designed to be paired with each other, make sure their Bluetooth profiles match.
I am writing an application that run only that user's phone. If the phone is stolen, application will never work anytime. For this scenario, I must used IMEI and SIM number but I develop application on SDK 60 2nd edition. So getting these numbers is not easy.
I used Bluetooth ID instead of IMEI, but I could not found any specific ID instead of SIM number. If any suggestion have been, I' d be glad. Thanks...
There are some examples on how to accomplish this with the IMEI in different phone manufacturers:
http://mobilepit.com/10/how-to-get-imei-number-in-j2me-javame.html
Seems like there's no "universal" method for any of those. In S60 (I guess this is what you mean by 'SDK 60') the appropiate code is:
System.getProperty("phone.imei");
For IMSI I think you have to get the operators signing, but you could use:
System.getProperty("com.nokia.mid.imsi");
This is a question purely to satisfy my own curiosity.
Here in Norway it's common for netbanks to use a calculator-like (physical) dongle that all account holders have. You type your personal pin in the dongle and it generates an eight-digit code you can use to login online. The device itself is not connected to the net.
Anyone knows how this system works?
My best guess is that each dongle has a pregenerated sequence of numbers stored. So the login process will fail if you type an already used number or a number that is too far into the future. It probably also relies on an internal clock to generate the numbers. So far none of my programmer peers have been able to answer this question.
[Edit]
In particular I'm curious about how it's done here in Norway.
Take a look here: http://en.wikipedia.org/wiki/Security_token. If you are interested in the algorithms, these might be interesting: http://en.wikipedia.org/wiki/Hash_chain and http://en.wikipedia.org/wiki/HMAC.
TOKENs have very accurate real-time clock, and it is synced with same clock on the auth server. Real time is used as a seed along with your private key and your unique number is generated and verified on the server, that has all the required data.
One major one-time password system is Chip and PIN, in which bank cards are inserted into special, standalone card readers that accept a PIN and output another number as you describe. It is widely deployed in the UK.
Each bank card is a smart card. The card's circuitry is what checks the PIN and generates the one-time password. Cryptographic algorithms that such cards can use include DES, 3DES (Triple DES), RSA, and SHA1.
I recently went overseas and used the dongle there with no problems.
It is a sealed battery powered dongle. One pushes the button and a code number appears.
The only way it could work is that it is time synchronised to the bank.The number that is recruited only lasts for a minute if that.
A random number generator is used to create the stream of numbers recorded in the memory of the device.
It therefore becomes unique for the user and only the bank 'knows' what that random number generator produced for that particular user and dongle.
So there can only be one next number .
If the user makes a mistake, the bank 'knows' they are genuine because the next try is the next sequential number that is in the memory.
If the dongle is stolen the thief also has to have the other login details to reach the account.