Security, Bluetooth Smart (Low Energy)
Bluetooth® Smart (low energy) technology has some security differences with respect to BR/EDR security features such as Secure Simple Pairing. The association models are similar to Secure Simple Pairing from the user perspective and have the same names but differences in the quality of the protection provided.
The overall goal of keeping the cost of the controller and the complexity of a slave device to a minimum was used in making compromises on security capabilities
in Bluetooth Smart (low energy) technology.
Bluetooth Smart (low energy) technology uses three association models referred to as Just Works, Out of Band and Passkey Entry. Bluetooth low energy technology does not have an equivalent of Numeric Comparison. Each of these association models is similar to Secure Simple Pairing with the following exception; Just Works and Passkey Entry do not provide any passive eavesdropping protection. This is because Secure Simple Pairing uses Elliptic Curve Diffie-Hellman and Bluetooth Smart (low energy) does not. The use of each association model is based on the I/O capabilities of the devices in a similar manner as Secure Simple Pairing.
Key generation in Bluetooth Smart (low energy) technology is performed by the Host on each device independent of any other Bluetooth Smart (low energy) technology device. Note: Key generation in BR/EDR is performed in the controller. By performing key generation in the Host, the key generation algorithms can be upgraded without the need to change the Controller.
Bluetooth low energy technology uses multiple keys, each for a specific purpose, as follows:
- Confidentiality of data and device authentication
- Authentication of unencrypted data
- Device Identity
In Bluetooth Smart (low energy) technology, a single link key is generated by combining contributions from each device into a link key used during pairing. In BR/EDR key generation is performed in the controller.
Encryption in Bluetooth Smart (low energy) technology uses AES-CCM cryptography. Like BR/EDR, in Bluetooth Smart (low energy) technology
encryption is performed in the Controller.
Bluetooth Smart (low energy) technology supports the ability to send authenticated data over an unencrypted ATT bearer between two devices with a trusted relationship. This is accomplished by signing the data with a Connection Signature Resolving Key (CSRK). The sending device places a signature after the Data PDU. The receiving verifies the signature and if the signature is verified the Data PDU is assumed to come from the trusted source. The signature is composed of a Message Authentication Code generated by the signing algorithm and a counter. The counter is used to protect against a replay attack and is incremented on each signed Data PDU sent.
Bluetooth Smart (low energy) technology supports a feature that reduces the ability to track a Bluetooth device over a period of time by changing the address on a frequent basis. The privacy feature is not used in the GAP discovery mode and procedures but it is used when supported during connection mode and connection procedures.
In order for devices using the privacy feature to reconnect to known devices, the device addresses used when the privacy feature is enabled, private address, must be resolvable to the other devices’ identity. The private address is generated using the device’s identity key exchanged during the bonding procedure. Use of the private address for reconnection is limited to use cases where filtering of devices disabled. Disabling device filtering may increase the power consumption of the device since the host will need to process all device requests. Situations where the device filtering is disabled should only be used for a limited time to minimize the power consumption in this mode.
The privacy feature also defines a reconnection address allowing for bonded devices to reconnect while also filtering devices to known devices. The reconnect address is exchanged between the two devices at each connection. Since reconnect addresses only change between connections, device filtering can be used to minimize processing of excessive requests.