The present invention relates to the provision of improved security in a device which has services accessible by other devices communicating with the device. It particularly relates to devices which are accessed over a radio interface in accordance with the BLUETOOTH specification (a digital wireless protocol).
FIG. 1 illustrates a network 2 of radio transceiver units, including a master unit 4 and slave units 6, 8 and 10, communicating by transmitting and receiving radio packets. There is only one master in a network. The network operates in a time division duplex fashion. The transceiver units are synchronized to a common time frame determined by the master unit 4. This time frame consists of a series of time slots of equal length. Each radio packet transmitted in the network has its start aligned with the start of a slot and a single packet transmitted in the network at a time. When the master unit is performing point-to-point communication a transmitted radio packet is addressed to a particular transceiver which replies to the master unit by transmitting a radio packet addressed to the master unit in the next available time slot. When the master unit is performing point to multi-point communication a transmitted radio packet is addressed to all transceiver units. Any misalignment between the master and a slave is corrected by adjusting the timing of the slave.
The transceivers transmit and receive, in this example, in a microwave frequency band, illustratively 2.4 Ghz. The network reduces interference by changing the frequency at which each radio packet is transmitted. A number of separate frequency channels are assigned each with a bandwidth of 1 MHz, and the frequency may hop at a rate of 1600 hops/s. The frequency hopping of the transceivers communicating in or joining the network is synchronized and controlled by the master unit. The sequence of hopping frequencies is unique for the network and is determined by a unique identification of the master unit.
Each transceiver unit has a unique identification, the Unit ID, henceforth referred to as the BLUETOOTH ID. Each BLUETOOTH ID (48-bit IEEE address) is unique for each BLUETOOTH unit. A BLUETOOTH ID of a unit can be found through an enquiry routine over the RF interface to the unit.
The network is a radio frequency network suitable for transmitting voice information or data information between transceivers. The transmissions made are of low power, for example 0 to 20 dBm, and the transceiver units can effectively communicate over the range of a few centimeters to a few tens or hundred of meters.
Referring to FIG. 2, a frame 20 is illustrated. This frame 20 is the common time frame used by the network 2 and controlled by the master unit 4. The frame illustratively has slots 22 to 29. The slots designated by even numbers are reserved. Only the master unit can begin transmitting a radio packet aligned with the start of the even numbered slots. The slots designated by odd numbers are reserved. Only radio packets transmitted by a slave, that is radio packets addressed for reception by the master unit can have their start aligned with the start of the odd numbered slots. Each slot is allocated a different one of a sequence of hopping frequencies. It is however, possible for a radio packet to extend over a number of slots and in this case the frequency at which the packet is transmitted remains constant at that allocated to the slot at the start of the packet. A slot has a constant time period and is typically 625 microseconds.
Referring to FIG. 3, a typical radio packet 30 is illustrated. The radio packet has a start 32 and contains three distinct portions: a first portion contains an Access Code 34, a second portion contains a Header 36 and a third portion contains a Payload 38. The Payload 38 has a Payload Header 37.
Referring to FIG. 4, a schematic illustration of a transceiver unit is shown. Only as many functional blocks and interconnections are shown in this diagram as are necessary to explain in the following how a transceiver unit and the communication network operates. The transceiver unit 40 contains a number of functional elements including: an antenna 46, receiver 50, synchroniser 52, header decoder 54, controller 60, memory 56, which may include non-transitory machine accessible and readable media, packetiser 42, clock 68, frequency hop controller 48 and transmitter 44. Although these elements are shown as separate elements they may in fact be integrated together and may be carried out in software or in hardware.
Data to be transmitted in the payload by the transceiver unit 40 is supplied as data signal 41 to the packetizer 42. Control information to be transmitted in the payload of a packet is supplied in a payload control signal 87 provided by the controller 60 to the packetizer 42. The packetizer 42 also receives an access code control signal 69 and a header control signal 71 from controller 60 which respectively control the Access Code 34 and the Header 36 attached to the payload to form the packet. The packetizer 42 places the data or control information into a packet 30 which is supplied as signal 43 to the transmitter 44. The transmitter 44 modulates a carrier wave in dependence upon the signal 43 to produce the transmitted signal 45 supplied to the antenna 46 for transmission. The frequency of the carrier wave is controlled to be one of a sequence of hop frequencies by a transmission frequency control signal 47 supplied by the frequency hop controller 48 to the transmitter 44.
The antenna 46 receives a radio signal 51 and supplies it to the receiver 50 which demodulates the radio signal 51 under the control of a reception frequency control signal 49 supplied by the frequency controller 48 to produce a digital signal 53. The digital signal 53 is supplied to the synchronizer 52 which synchronizes the transceiver unit 40 to the time frame of the network. The synchronizer is supplied with an access code signal 81 specifying the Access Code of the packet which the transceiver unit is expecting to receive. The synchronizer accepts those received radio packets with Access Codes which correspond to the expected Access Codes and rejects those received radio packets with Access Codes that do not correspond to the expected Access Code. A sliding correlation is used to identify the presence and the start of the expected Access Code. A sliding correlation is used to identify the presence and the start of the expected Access Code in a radio packet. If the radio packet is accepted then the radio packet is supplied to the header decoder 54 as a signal 55 and a confirmation signal 79 is returned to the controller 60 indicating the packet has been accepted by the synchronizer 52. The confirmation signal 79 is used by the controller in a slave unit to resynchronize the slave clock to the master clock. The controller compares the time at which a radio packet was received with the time at which the radio packet was expected to be received and shifts its timing to offset the difference. The header decoder 54 decodes the header in the received packet and supplies it to the controller 60 as header signal 75. The header decoder 54, when enabled by a payload acceptance signal 77 supplied by the controller 60, produces a data output signal 57 containing the remainder of the radio packet, the payload 38.
The memory 56 may store applications.
The operation of unit can also be understood from FIG. 5 which illustrates a Bluetooth protocol stack 100. The stack 100 includes, in order from the bottom up, the basic layers including RF layer 102, Baseband and Link Control layer 104, Link Manager Protocol Layer 106 and Logical Link Control and Adaptation Layer (L2CAP) 108. The layer L2CAP 108 connects with a number of overlying layers 110 including an Internet layer 112 for providing TCP/IP protocol, a Human Interface Device layer 114 for interfacing with the user interface 130 and a RF Communications layer 116 which emulates serial ports of a PC (com1, com2 com3 etc). Each of the layers 112, 114 and 116 may connect directly with one or more applications/services 118 and are able to multiplex their output so that data is sent to the correct one of several applications/services. The layer L2CAP 108 may also connect directly to an application or service.
In the units currently proposed, the Baseband and Link Control layer 104 enables the physical RF link between units using inquiry and paging to synchronise their clocks and transmission frequencies. The Link Manager Protocol Layer 106, henceforth referred to as the Link Layer 106, is responsible for link set-Up between two units including security, control of packet size, connection and power modes. In the proposal the Link Layer 106 responds to the payloads received in Link Management Protocol packets.
L2CAP allows higher level protocols to receive the payloads of received L2CAP data packets. The L2CAP protocol may be coupled to application and higher protocol layers and transfers data between either higher level protocols and services and the lower level Link Layer 106.
The payload header 37 of the payload 38 in packets 30 distinguishes L2CAP packets from Link Management Protocol packets. At present, it is required that the Link Management Protocol packets should be filtered out by the Link Layer 106 and not propagated to higher layers.
The BLUETOOTH technology should provide security measures both at the application layer and the link layer. Currently, in each BLUETOOTH unit the link layer 106 security measures are standardized. Authentication and encryption routines are implemented in a standard way in each device in the Link Layer 106.
Each unit stores one or more secret authentication link keys for use in communication with another unit or units. Typically a unit will permanently store a link key for each of the units it wishes to communicate with. Each link key is associated with the BLUETOOTH ID of the unit for which it is used to communicate.
The stored secret link key is used in an authentication routine to authenticate the identity of the unit being communicated with. The stored shared secret link key is also used to generated an encryption key. The encryption key is derived from but is different to the authentication link key and a new encryption key is generated each time encryption is used by using a random number generator.
A challenge response scheme is used to authenticate a unit. A valid pair of units share the same secret link key. A first unit produces a random number and challenges a second unit to authenticate itself by supplying the random number to it. The second unit returns the result of a function which takes as its arguments the BLUETOOTH ID of the second unit, the received random number and the key associated with the first unit but stored in the second unit. The first unit uses the same function to produce a result which if it equals the result received from the second unit authenticates the second device. The function in the first unit takes as its arguments the BLUETOOTH ID of the second unit which has been previously obtained, the random number and the key associated with the second unit but stored in the first unit.
The authentication procedure occurs in the Link Layer of each unit. Once authentication has been successfully completed access to the protocol layer, services and applications in the unit is unrestricted.
Each time encryption is required a random number is produced and an encryption key is formed from the random number and the authentication key for the link. The encryption process occurs in the Link Layer 106.
If the two devices have not previously communicated there will be no shared link key stored in the devices and it is necessary to ‘pair’ the devices. This may be done by inputting a PIN number into a user interface of the first unit and inputting the same PIN into a user interface of the second unit. The PINs may be used for the calculation of temporary initial authentication link keys until the calculation of a permanent shared secret authentication link key for communication between the devices.
One problem with the presently proposed security system is that it is inflexible. Once the link layer 106 has allowed a device access to the layers above it, its access is unrestricted except by specific security features built into the applications themselves. It would be desirable to provide an improved, more flexible, security system.