Difference between revisions of "Bluetooth Security Features"

Summary

This Page is work in progress please come back later.

This documentation is a survey about the security features of Bluetooth Classic and Bluetooth Low Energy.

Basic Security Services

• Authentication: verifies the identity of communicating devices based on their Bluetooth address. User authentication is not provided by the Bluetooth Specification.
• Confidentiality: prevents eavesdropping of the transmitted data by an untrusted third person in the piconet. Confidentiality is created by data encryption.
• Authorization: controls the access of the resources. It assures that only authorized devices get permitted to access a service.
• Message Integrity: checks if the data was altered during the transmission.
• Pairing/Bonding: creates shared secret keys to use them in subsequent connections.

Bluetooth Classic Security

Bluetooth Classic defines encryption and authentication during two different stages of the communication setup. The stages can be differed in Link-level and Service-level. Link-level enforced security features occur before the Bluetooth physical link is fully established. Service-level enforced security features occur after the physical link is already established and while the logical link gets established.Security mode one to the three were defined before Bluetooth version 2.1 came out. Bluetooth version 2.1 added the fourth security mode.

Insert Image P12

Security Mode 1

This mode is considered as non-secure because it doesn’t use authentication nor encryption. Security Mode 1 is only supported by today's Bluetooth devices to communicate with old devices that are not capable of the other security modes.

Security Mode 2

This mode establishes security at Link-level by using a local security manager that controls the access of supported services. It’s even possible to restrict access on a part of the services depending on the trust to the accessing device. Bluetooth service discovery can be performed without any security challenges.

Security Mode 3

This security mode is a link level security mode and security procedures get initiated before the physical link is fully established. Authentication and Encryption is fully supported by security mode 3 connections. Furthermore, service discovery can only be performed with an authenticated device which encrypts its traffic.

Security Mode 4

Security mode 4 was introduced in Bluetooth version 2.1 and is a service level enforces security mode which security mechanisms get initiated after physical and logical link setup. Security mode takes advantage of the Secure Simple Pairing (SSP) Mechanism. SSP in Bluetooth version 4.1 uses the P-256 elliptic curve to generate the link key. Bluetooth 4.1 uses Hash Messages Authentication Codes Secure Hash Algorithm with 256-bit (HMAC-SHA-256) for integrity checks. For encryption the AES-Counter with CBC-MAC (AES-CCM) cypher is used. The P-256 elliptic curve, HMAC-SHA-256 and AES-CCM are security mechanisms which got approved by the Federal Information Processing Standard (FIPS). Security mode 4 gets differentiated into 5 different layers with different security levels.

• Layer 0: Layer 0 is only used by the Service Discovery Protocol (SDP). This layer doesn’t have any security features.
• Layer 1: Layer 1 doesn’t use any security.
• Layer 2: Layer 2 uses an unauthenticated link key.
• Layer 3: Layer 3 required an authenticated link key.
• Layer 4: Layer 4 uses secure connection in addition to the authenticated link key

Whether or not a link key is authenticated depends on the SSP association model used. Insert Table 3-2.

Secure Simple Pairing (SSP)

Bluetooth Low Energy Security

References

• https://csrc.nist.gov/publications/detail/sp/800-121/rev-2/final