Guide to Bluetooth security: recommendations of the National Institute of Standards and Technology Review
Original publisher: Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, [2008] OCLC Number: (OCoLC)712603834 Subject: Bluetooth technology. Excerpt: ... UIDE TO LUETOOTH ECURITY G B S 3. Bluetooth Security Features This section provides an overview of the security mechanisms included in the Bluetooth specifications to illustrate their limitations and provide a foundation for some of the security recommendations in Section 4. A high-level example of the scope of the security for the Bluetooth radio path is depicted in Figure 3-1. In this example, Bluetooth security is provided only between the mobile phone and the laptop computer, while IEEE 802.11 security protects the wireless local area network link between the laptop and the IEEE 802.11 AP. However, the communications on the wired network are not protected by Bluetooth or IEEE 802.11 security capabilities. End-to-end security is not possible without using higher-layer security solutions in addition to the security features included in the Bluetooth specification and IEEE 802.11 standards. Figure 3-1. Bluetooth Air-Interface Security The following are the three basic security services specified in the Bluetooth standard:�Authentication: verifying the identity of communicating devices. User authentication is not provided natively by Bluetooth.�Confidentiality: preventing information compromise caused by eavesdropping by ensuring that only authorized devices can access and view data.�Authorization: allowing the control of resources by ensuring that a device is authorized to use a service before permitting it to do so. The three security services offered by Bluetooth and details about the modes of security are described below. Bluetooth does not address other security services such as audit and non-repudiation; if such services are needed, they must be provided through additional means. 3-1
No comments:
Post a Comment