Service Discovery Application Profile

Security methods for use with the Service discovery application profile [4] are discussed in this section.

The Service discovery application profile describes the features and procedures used to discover services registered on other Bluetooth wireless devices using the Bluetooth Service Discovery Protocol (SDP). The user, independently of other profiles, specifically initiates the SDP. Service discovery procedures may be associated with other profiles, such as the LAN access profile to display network resources. In these situations the security procedures associated with the specific profiles should be applied.

The SDP uses only connection-oriented channels, however the SDP itself is a connectionless datagram service. It relies on the L2CAP layer to create and manage connections. This is significant in that the basis for security in the SDP is the initial connection and pairing of devices. The SDP itself does not require the use of authentication and/or encryption for SDP transactions. If authentication is performed on the Bluetooth wireless devices to be involved in an SDP procedure, then the devices must pass the authentication test to perform SDP procedures. Therefore any security procedures applied to the SDP are determined by those used to negotiate the connections between the specific Bluetooth wireless devices. SDP is not available to devices that do not pass this test.

Since SDP security is based on device access to the SDP service, security may be provided by restricting access to trusted devices, i.e., devices with fixed relationship (paired) that is trusted and has access to services.

Presumably the trust relationship is arranged in advance using the Bluetooth pairing mechanism. Once the devices have been paired, SDP is available. No additional security procedures are implemented.

In the case of a connection between untrusted or unknown devices, the service record is freely available, since no security is applied. This, however, is acceptable in many situations since the SDP only provides a record indicating what services are available, not a mechanism to access these services.

If the attack described above should succeed, the intruder must be present at the pairing occasion and record all communication. Hence, we do not recommend pairing at public places and strongly encourage the use of long
passkey number.

About Author

Leave A Reply