Difference between revisions of "Bluetooth Security Features"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 84: Line 84:


== Bluetooth Low Energy security ==
== Bluetooth Low Energy security ==
Fundamentals of the BLE Standard can be found at the [[BLE Fundamentals]] documentation.


Bluetooth Low Energy security modes are similar to the Security Modes 2 and 4 of Bluetooth Classic, but each service can have its own security requirements.  Furthermore, Bluetooth Low Energy has two security modes with multiple security levels.
Bluetooth Low Energy security modes are similar to the Security Modes 2 and 4 of Bluetooth Classic, but each service can have its own security requirements.  Furthermore, Bluetooth Low Energy has two security modes with multiple security levels.

Revision as of 17:37, 5 March 2020

Summary

This Page is work in progress please come back later.

This documentation is a survey about the security features of Bluetooth Classic and Bluetooth Low Energy.

Basic Security Services

  • Authentication: verifies the identity of communicating devices based on their Bluetooth address. User authentication is not provided by the Bluetooth Specification.
  • Confidentiality: prevents eavesdropping of the transmitted data by an untrusted third person in the piconet. Confidentiality is created by data encryption.
  • Authorization: controls the access of the resources. It assures that only authorized devices get permitted to access a service.
  • Message Integrity: checks if the data was altered during the transmission.
  • Pairing/Bonding: creates shared secret keys to use them in subsequent connections.

Bluetooth Classic Security

BR/EDR/HS Security Modes

Bluetooth Classic defines encryption and authentication during two different stages of the communication setup. The stages can be differed in Link-level and Service-level. Link-level enforced security features occur before the Bluetooth physical link is fully established. Service-level enforced security features occur after the physical link is already established and while the logical link gets established.Security mode one to the three were defined before Bluetooth version 2.1 came out. Bluetooth version 2.1 added the fourth security mode.

Security Mode 1

This mode is considered as non-secure because it doesn’t use authentication nor encryption. Security Mode 1 is only supported by today's Bluetooth devices to communicate with old devices that are not capable of the other security modes.

Security Mode 2

This mode establishes security at Link-level by using a local security manager that controls the access of supported services. It’s even possible to restrict access on a part of the services depending on the trust to the accessing device. Bluetooth service discovery can be performed without any security challenges.

Security Mode 3

This security mode is a link level security mode and security procedures get initiated before the physical link is fully established. Authentication and Encryption is fully supported by security mode 3 connections. Furthermore, service discovery can only be performed with an authenticated device which encrypts its traffic.

Security Mode 4

BR/EDR/HS Security Mode 4 Levels Summar

Security mode 4 was introduced in Bluetooth version 2.1 and is a service level enforces security mode which security mechanisms get initiated after physical and logical link setup. Security mode takes advantage of the Secure Simple Pairing (SSP) Mechanism. SSP in Bluetooth version 4.1 uses the P-256 elliptic curve to generate the link key. Bluetooth 4.1 uses Hash Messages Authentication Codes Secure Hash Algorithm with 256-bit (HMAC-SHA-256) for integrity checks. For encryption the AES-Counter with CBC-MAC (AES-CCM) cypher is used. The P-256 elliptic curve, HMAC-SHA-256 and AES-CCM are security mechanisms which got approved by the Federal Information Processing Standard (FIPS). Security mode 4 gets differentiated into 5 different layers with different security levels.

  • Layer 0: Layer 0 is only used by the Service Discovery Protocol (SDP). This layer doesn’t have any security features.
  • Layer 1: Layer 1 doesn’t use any security.
  • Layer 2: Layer 2 uses an unauthenticated link key.
  • Layer 3: Layer 3 required an authenticated link key.
  • Layer 4: Layer 4 uses secure connection in addition to the authenticated link key

Whether or not a link key is authenticated depends on the SSP association model used.


Secure Simple Pairing (SSP)

Secure Simple Pairing was introduced with Security Mode 4 at Bluetooth Version 2.1 and got improved in Version 4.1. SSP provide several association models suited for all input/output capability combinations. Some of these association models are protected against passive and active man-in-the-middle (MITM) attacks during pairing by using ECDH public key cryptography.

Association models

Numeric Comparison

Numeric comparison was designed for devices, where both can display a six-digit number and allow a user input to accept and deny the connection. During the Paring both devices show a six-digit code on their displays. The user can accept the parring if the displayed numbers are the same. The connection is secure against MITM attacks and eavesdropping, if the paring was done correctly.

Passkey Entry

This model can be used where one device a has a display that sows a six-digit number and the other device has a digit input. Device a show a code that must be entered into the keyboard of the other device to establish the connection. This model is also secure against MITM attacks and eavesdropping.

Out of Band (OOB)

The out of band model uses an additional wireless or wired technology like Near Field Communication (NFC) to exchange the needed cryptographic keys. This model’s security is only as secure as the out of band technology. Even though, this association model is associated to be secure against eavesdropping and MITM attacks.

Just Works

The just works model is not secured against eavesdropping and MITM attacks. This model is designed for connection where both devices have no input or output capabilities.

Confidentiality of the data

The Bluetooth standard defines three encryption modes for data traffic, but only two of them actuals provide confidentiality. The modes are as follows:

  • Encryption Mode 1: The data traffic is unencrypted
  • Encryption Mode 2: Individually addressed traffic is encrypted based on individual link keys but broadcast traffic is not.
  • Encryption Mode 3: Individually addressed traffic and broadcast traffic is encrypted using an encryption key based on the master link key.

For encryption mode 2 and 3 is either the AES-CCM or E0 stream cipher used. Bluetooth Security Mode 4 encrypts all data traffic, expect service discovery messages

Trust Levels and Service Security Levels.

In addition to the security modes, exist different levels of service security and trust. The trust levels can be differentiated into trusted and untrusted. A trusted device has an established relation ship to the device and has full access to all the services. The untrusted device doesn’t have a relationship to the other device and has only a restricted access to the services. The Service security level depend on the used Security mode. There are no Service security levels defined for Security mode 1 and 3. Security mode 2 has the following Service security levels:

  • Authentication required
  • Encryption required
  • Authorization required

Security mode 2 defines the following five Service security levels:

  • Service Level 0: No MITM protection, encryption, or user interaction required.
  • Service Level 1: MITM protection and encryption not required. Minimal user interaction.
  • Service Level 2: Requires encryption only; MITM protection is not necessary.
  • Service Level 3: Requires MITM protection and encryption; user interaction is acceptable.
  • Service Level 4: Requires MITM protection and encryption with 128-bit strength; user interaction is acceptable.

Bluetooth Low Energy security

Fundamentals of the BLE Standard can be found at the BLE Fundamentals documentation.


Bluetooth Low Energy security modes are similar to the Security Modes 2 and 4 of Bluetooth Classic, but each service can have its own security requirements. Furthermore, Bluetooth Low Energy has two security modes with multiple security levels.

  • Low energy Security Mode 1 is associated with encryption
  • Level 1 does neither use authentication nor encryption.
  • Level 2 uses unauthenticated pairing with encryption.
  • Level 3 uses authenticated pairing with encryption.
  • Level 4 which uses authenticated low energy Secure Connections pairing with encryption.


  • Low energy Security Mode 2 is associated with encryption data integrity
  • Level 1 uses unauthenticated pairing with data signing.
  • Level 2 uses authenticated pairing with data signing.

Security Mode 1 Level 4 is considered to create the strongest connections because it uses AES-CMAC and P-256 elliptic curve for pairing and encryption. Security Mode 1 Level 3 is less secure because it doesn’t use elliptical curve cryptography. Because Security Mode 2 does not provide encryption, it is strongly recommended to use Security Mode 1 Level 3 and 4.

Bluetooth Classic and Bluetooth Low Energy security differences

Key Differences Between Bluetooth BR/EDR and Low Energy

References