Bluetooth Security Overview

There are many security-related concepts related to Bluetooth, and they are distributed to different documents (specification,
In whitepaper), different parts of specification are scattered about security. This makes it difficult to understand the security of Bluetooth. It may be because you do not understand enough, which makes the Security UI quite different for various Bluetooth products. Therefore, for users, simple Bluetooth products are rather cumbersome to use. Maybe another reason is Bluetooth.
Specification is too flexible and there are too many optional
Requirement.

 

1, Bluetooth
Different security Modes

 

[Visitor]

The Bluetooth device can be in an unused security mode based on different security requirements (the manufacturer decides or allows the user to choose from ).

 

Security Mode 1:

No security check

 

Security Mode 2:

Service-level security check does not need to be performed during link, but after link is established
Establishment request-before l2cap_connectreq is received.

Different services in Security Mode 2 can have different security requirements for different security checks.

Bytes -------------------------------------------------------------------------------------------------------------------------------

. Authorization required:

Authorization authentication is required before accessing the service );
Authorization includes authentication, which means you need to know who the other party is before authorization ). To access a service in a device of this security level, you can:

1) trusted device can be accessed automatically

2) The untrusted device requires an authorization step before accessing the service.

 

. Authentication required:

Authentication is required before accessing the service ).

 

. Encryption required:

Switch to the encryption mode before accessing the service)

Bytes -------------------------------------------------------------------------------------------------------------------------------

Security mode1 can be seen as a special case of Security Mode 2. When no service in the device of Security Mode 2 meets the preceding security requirements, this means that no security check is performed.
--- Equivalent to security mode1.

 

Security Mode 3:

The link level security check is performed before the link is established (before the lmp_link_setup_complete is sent. Security check is mainly about authentication and encryption can be performed at the same time.

 

Note the differences between authorization and authentication.

Authentication: Authenticate the device of the other party to prove that the other party is the one you know. Technically, there must be a link between two devices.
Key. If the link key is not saved during authentication, paring is performed to allow the user to enter the passkey ). Note that during a session (connection starts to disconnect), authentication may be performed many times.

Authorization: In Security Mode 2, access permissions to different services are controlled. On the UI, a dialog box is displayed. "A wants to access your X
Service, are you allowed ?"
.
Authorization includes authentication.

 

[Visitor]

For the Access Object device A, the visitor Device B can be:

 

. Trusted Device

The device has passed authentication, saves a link key, and is marked (which can be selected through a UI) as "trusted ".

 

. Untrusted Device

The device has passed authentication and stores a link key without the "trusted" identifier.

 

. Unknown Device

This device does not store any security information.

 

It can be seen that the trusted device and untrusted device with the link key can automatically pass the authentication check. But only trusted
The device can automatically pass the authorization check.

 

2. Definitions of several related concepts

 

Paring:

This refers to the process of entering a passkey (PIN) through the UI to create a link key. Paring can occur in the bonding process, or if no link is saved between two devices
If the key is used for link or channel connection and authentication is required.

 

Bonding:

This refers to the process of creating a link key through paring and saving the link key. The Link
Key is available for later authentication. Bonding can be divided into general
Bonding and dedicated bonding; General bonding not only paring, but also
Layer) for security parameter settings (such as setting the "trusted" flag ).

 

Passkey:

This is a concept of a UI level, which is input by the user. Passkey is also called a pin outside the UI. Passkey can be up to 16 characters long.

 

Link key:

Also known as the authentication key, which is generated by passkey for authentication and encryption
Key. The link key is 128 bits.

 

Encryption key:

Generated by the link key for encryption ). It can be 8-128 bits. The main reason for the variable length is that different countries have different restrictions on the encryption algorithms for export products.

 

The encryption key is often changed. A new encryption key is generated every time you switch to the encryption mode.

The link key is relatively stable, but different types of link keys are used at different times/in different environments:

The combination key KAB: the link key is generated by the combination of two devices.

The Unit Key ka:
A device generates a link key. KAB is more secure, but ka can also be used if conditions are not allowed.

The temporary key kmaster: This is generated temporarily for some special purposes (for example, the master broadcasts data to all slave). After use, it switches back to the original link.
Key

The initialization key kinit: without any link key, KAB or KA must be generated as the common
When using the link key, kinit is used as the temporary link key to ensure the new common
The link key is securely exchanged.