ANMIAN

Security Mode 4

 the Bluetooth specification specifies four levels of security for Bluetooth 

services for use during Secure Simple Pairing (SSP): 

Service Level 3 

requires man-in-the-middle (MITM) protection and encryption; user interaction is acceptable. 

Service Level 2 

requires encryption only; MITM protection is not necessary. 

Service Level 1 

does not require MITM protection and encryption; user interaction is minimal. 

Service Level 0 

does not require MITM protection, encryption, or user interaction. 

5.2.1.1 Security mode 1 (non-secure)

When a remote Bluetooth device is in security mode 1 it will never initiate any

security procedure (i.e., it will never send LMP_au_rand, LMP_in_rand or

LMP_encryption_mode_req).

5.2.1.2 Security mode 2 (service level enforced security)

When a remote Bluetooth device is in security mode 2 it will not initiate any

security procedure before a channel establishment request

(L2CAP_ConnectReq) has been received or a channel establishment procedure

has been initiated by itself. (The behavior of a device in security mode 2 is

further described in [11].) Whether a security procedure is initiated or not

depends on the security requirements of the requested channel or service.

A Bluetooth device in security mode 2 should classify the security requirements

of its services using at least the following attributes:

• Authorization required

• Authentication required

• Encryption required

Note: Security mode 1 can be considered (at least from a remote device point

of view) as a special case of security mode 2 where no service has registered

any security requirements.

5.2.1.3 Security modes 3 (link level enforced security)

When a remote Bluetooth device is in security mode 3 it will initiate security

procedures before it sends LMP_setup_complete. (The behavior of a device in

security mode 3 is as described in [3].)

A Bluetooth device in security mode 3 may reject the host connection request

(respond with LMP_not_accepted to the LMP_host_connection_req) based on

settings in the host (e.g. only communication with pre-paired devices allowed).

5.2.2 Security mode 4 (service level enforced security)

A Bluetooth device in security mode 4 shall classify the security requirements

of its services using at least the following attributes (in order of decreasing

security):

• Authenticated link key required

• Unauthenticated link key required

• No security required

An authenticated link key is a link key where either the numeric comparison,

out-of-band or passkey entry simple pairing association models were used. An

authenticated link key has protection against man-in-the-middle (MITM)

attacks. To ensure that an authenticated link key is created during the Simple

Pairing procedure, the Authentication_Requirements parameter should be set

to one of the MITM Protection Required options. An unauthenticated link key is

a link key where the just works Secure Simple Pairing association model was

used. An unauthenticated link key does not have protection against MITM

attacks.

When both devices support Secure Simple Pairing, GAP shall default to requiring

an unauthenticated link key and enabling encryption. A profile or protocol

may define services that require more security (e.g. an authenticated link key).

or no security. To allow an unauthenticated link key to be created during the

Simple Pairing procedure, the Authentication_Requirements parameter may be

set to one of the MITM Protection Not Required options.

When the device is in Bondable Mode, it shall enable Secure Simple Pairing

mode prior to entering Connectable Mode or establishing a link.

Device rejected?

LMP_not_accepted LMP_accepted

yes no

Authentication /

Pairing

Encrypt

26 July 2007 Security Aspects

BLUETOOTH SPECIFICATION Version 2.1 + EDR [vol 3] page 198 of 268

Generic Access Profile

A Bluetooth device in security mode 4 shall respond to authentication requests

during link establishment when the remote device is in security mode 3 for

backwards compatibility reasons.

A Bluetooth device in security mode 4 enforces its security requirements before

it attempts to access services offered by a remote device and before it grants

access to services it offers to remote devices. Service access may occur via

L2CAP channels or via channels established by protocols above L2CAP such

as RFCOMM.

원문 : http://www.hypexr.org/linux_scp_help.php

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.

Examples

Copy the file "foobar.txt" from a remote host to the local host

$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file "foobar.txt" from the local host to a remote host

$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory "foo" from the local host to a remote host's directory "bar"

$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"

$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \ your_username@rh2.edu:/some/remote/directory/

Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host

$ scp foo.txt bar.txt your_username@remotehost.edu:~

Copy the file "foobar.txt" from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} .

$ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} .

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish some_file your_username@remotehost.edu:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

$ scp -c blowfish -C local_file your_username@remotehost.edu:~

    Rectangle backup;

        private void checkBox_mouse_tracking_CheckedChanged(object sender, EventArgs e)

        {

            if (checkBox_mouse_tracking.Checked)

            {

                backup = Cursor.Clip;

                this.Cursor = new Cursor(Cursor.Current.Handle);

                Cursor.Position = new Point(this.Location.X+ label_mouse_tracking.Location.X , this.Location.Y + label_mouse_tracking.Location.Y);

                Point p = new Point(this.Location.X + label_mouse_tracking.Location.X+7, this.Location.Y + label_mouse_tracking.Location.Y+30);

                Cursor.Clip = new Rectangle(p, label_mouse_tracking.Size);

            }

            else

            {

                Cursor.Clip = backup;

            }

        }

    }

증상 : Vega series에서 HID를 연결하면 Phone state가 connecting에서 머물러 있음

원인 : device가 master role을 가져가려고 하면 host(phone)가 정상적으로 처리하지 못함

해결 : device를 slave role로 설정