BLE Fundamentals

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search


This documentation will cover foundational aspects of BLE [1]. Feel free to skip it, if you are already familiar with the technology.

Communication Protocol

BLE was introduced in Bluetooth 4.0 is one of the most common technologies utilized by smart devices. The technology is explicitly designed for devices with resource and power constraints. BLE is effectively using lower data rate and less power than Bluetooth classic, thus significantly reducing battery consumption on smart devices.

Protocol Stack

Bluetooth Low Energy Protocol Stack

The figure shows the BLE stack and its three main layers: Application, Host, and Controller.

Host Controller Interface (HCI)
HCI enables the interaction between Host and Controller.
LE Physical Layer (PHY)
The Controller's PHY layer is responsible for signal modulation and demodulation. In addition to that it also calculates the hopping pattern for Frequency Hopping Spread-Spectrum.
Link Layer (LL)
LL manages several things, including the device's Bluetooth address, encryption and connection initiation.
Logical Link Control and Adaptation Protocol (L2CAP)
L2CAP encapsulate data from other layers into a proper BLE packet structure.
Generic Access Profile (GAP)
GAP controls a majority of the advertisements and also handles the role of the device in a specific connection.
Attribute Protocol (ATT)
ATT is the component which manages the data exchange and performs operations like read, write and error handling.
Generic Attribute Profile (GATT)
Organization of BLE GATT
GATT manages the data by categorizing it into Profiles, Services and Characteristics.
If the concept is applied to the thermostat, the respective fields can be described as follows:
  • BLE devices can have several profiles. A thermostat can have a "winter" and a "summer" profile for example.
  • These profiles are comprised of services. An example for a service is temperature regulation.
  • Furthermore, a service contain several characteristics which hold values, e.g. the temperature value.
  • Such values are referenced through unique handles. This information is relevant to comprehend how gatttool works.

Bluetooth Address

The six byte Bluetooth Device Address (BD_ADDR) is comprised of three components.

Part Byte Description
NAP 2 Non-significant Address Part - assigned by IEEE and therefore publicly available
UAP 1 Upper Address Part - also assigned by IEEE, publicly available
LAP 3 Lower Address Part - transmitted with every packet as part of the packet header

Pairing Process

In the pairing process the devices agree upon everything related to security. The security measures are initiated by the Security Manager of the master. The slave may request the initiaton of pairing or the use of other security procedures. That means that the devices exchange their capabilities and consequently decide on a specific pairing method.

Pairing Method Description
Numeric Comparison Both devices present the same Temporary Key (TK) on their respective displays. The user is asked to verify that the values match on both devices. This method is exclusive to LE Secure Connections.
Just Works This mode is especially for devices which have no display or input mechanism, such as earphones or a computer mouse. The TK value is always set to zero.
Passkey Entry With this mode the TK value is displayed on one device, and the user is prompted to enter the value into the other device.
Out of Band (OOB) In this mode the key is exchanged through a different protocol than BLE, i.e. utilizing NFC or QR-codes

The device's capabilities are exchanged through L2CAP values, which are not encrypted. Following that, the devices agree upon a Temporary Key (TK). The value of TK is an integer between 0 and 999999. The user is asked to verify the generated TK using a display, for example when pairing a phone to a car. The TK is ultimately used for generation of a Short Term Key (STK). The STK itself is never transmitted between devices and is actually used to establish the Long Term Key (LTK). The LTK is then used by the paired devices for subsequent connections.

Mike Ryan, the author of "Bluetooth: With Low Energy Comes Low Security" describes vulnerabilities of BLE security and exposes a critical security isse. The key exchange protocol is vulnerable to brute force attacks. It details that once a TK value is successfully found, the STK and LTK keys can also be otained by decrypting the corresponding keys. Ryan is also the creator of crackle, which we will use late to decrypt BLE connections.

Frequency Hopping Spread-Spectrum (FHSS)

Bluetooth can handle many devices at the same time by using a technique called Frequency Hopping Spread-Spectrum (FHSS). This technique enables transmitters to change the frequency mid-connection. Therefore, many devices can make use of the full radio spectrum. Consequently, it is highly unlikely for two devices to interfere with each other on the same frequency.

BLE uses a slightly different FHSS scheme than Bluetooth classic, because BLE consists of 40 different channels, 3 advertisement and 37 data channels.

Center Frequency Data Channel
Channel Index
2402 MHz 37
2404 MHz 0
... ...
2424 MHz 10
2426 MHz 38
2428 MHz 11
... ...
2478 MHz 36
2480 MHz 39

Once a connection is established, it hops along the 37 data channels using the following formula:

Next channel ≡ channel + hop increment (mod 37)

The time in between hops is specified as the hop interval.

It is important to mention that Bluetooth 5 introduced a new channel selection algorithm. Hopping sequences follow a pseudo random sequence now.