Bluetooth security in 4.2

ou Always Wanted To Know About Bluetoothsecurity In Bluetooth 42
Everything You Always Wanted To Know About Bluetoothsecurity In Bluetooth 42
Posted on January 10, 2015 by Vincent Gao
A few weeks ago, the Bluetooth SIG released the new Bluetooth® 4.2 core specification. This new release is the most connected, most secure and most power-efficient specification to date. Bluetooth 4.2 contains feature updates in security, privacy and extended data packet length. In this blog post, we introduce you to the security feature, and show you how to leverage it in your product design.

What Does Bluetooth 4.2 Mean to Developers?

LE Secure Connections

Bluetooth 4.2 introduced a new security model, LE Secure connections. LE Secure Connections uses an algorithm called Elliptic curve Diffie–Hellman (ECDH) for key generation, and a new pairing procedure for the key exchange.

The main goal of the Bluetooth Security Manager is to set up tools and procedures to enable secure connections and protect the communication from passive eavesdropping and Man-in-the-Middle attacks.

Using LE Secure Connections, with the ECDH algorithms to generate public/private key pairs, the Security Manager protects the communication from passive eavesdropping regardless of the I/O capabilities and pairing methods (Numeric Comparison, Just Works, Passkey Entry, and Out Of Band) you will be using in your applications. It will provide protections from Man-In-The-Middle (MITM) attacks if the application uses Numeric Comparison, Passkey Entry, and Out Of Band as the pairing method.

Adding LE Secure Connections to Your Products

You need to upgrade the security manager in your Bluetooth stack to support the following:

Generation and management of ECDH keys
LE Secure Connection pairing requests
Generation of ECDH keys and Long Term Keys (LTK)
Generation and exchange of cross transport keys
Once the pairing initiator and responder implement support for LE Secure Connections, the pairing can be started by the Master sending out a pairing request, or the Slave sending out a security request. The new Secure Connection bit in the Authentication Requirement Flags will indicate to the receiver that a Secure Connection is being requested for the existing connection.

Initiator Responder

Pairing is the process of generating and exchanging several keys for encryption and authentication.Then you could move to Phase 2, based on the I/O capabilities of both sides and establish an encrypted connection.

For technical details, please refer to Bluetooth Core Specification version 4.2 Volume 3 Part H. As usual, please visit our forum to discuss with other developers on all the new features in Bluetooth 4.2.

Happy coding!