• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 51 subscribers
  • Views 1718 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Bluetooth LE Security

Johan Schuld
Prodigy 20 points
Other Parts Discussed in Thread: AES-128

Hi,

We are developing a relatively simple application with BLE, basically a key and lock. Lock being the central, key being the peripheral. The lock is likely to be stuffed away somewhere and won't be physically accessible for serviceability.

The idea is to use a basic authentication method using the internal AES engine to verify the authenticity of the key. To keep  things simple the thought is to use a pre-made cryptogram stored on the key, signed by a certifying authority. This is sent to the lock and upon validation the lock will open. 

The question I have is how secure is BLE to prevent replay attacks or man in the middle? This on the basis of a secret passkey for initial pairing, and possibly a long-term key for quick (and possibly more secure) connection when in-field. Note that the initial bonding and long term key establishing may happen in an insecure environment.

I have a strong background in cryptography but bluetooth (and BLE) is new to me. So I'm trying to get up to speed on security on BLE. Ideally I'd like to leverage as much from the BLE stack. 

Cheers

Johan.

  • 0
    TI__Guru 57865 points

    Hi Johan,

    If you set Authentication bit (MITM protection) during bonding and you do it out of band (OOB) over NFC or other medium you'll have the full protection you seek. If you have a secure environment during bonding, you can skip OOB.

    Note that bonding in BLE is basically storing Long Term Keys (LTKs) for quick and secure re-connect (same as what "Pairing" would mean in another wireless protocol).

    Best Regards

  • 0 in reply to J Lindh
    Prodigy 20 points

    Hi Nick,

    Would you be able to give me some more details on the security used? or maybe there are some documents I can read. We want to have the ability to connect to the lock using standard bluetooth dongles as well (laptop/smartphone). Not used at the moment but for some maintenance/setup use.  So I guess  that means OOB or another medium would not possible.

    How does BLE prevent replay attacks etc? Does it use some form of random data or sequence numbering in the clear data before ciphering the data going out (using the LTK?)

    When bonding, is this LTK exchanged using the pre-set passkey? I.e. what if someone be listening in during bonding time?

    Thanks

    Johan

  • 0 in reply to Johan Schuld
    TI__Genius 10955 points

    Hi,

    On the low-level side of security, BLE uses AES-128 CCM mode. This means, as you might know, that packets are encrypted using AES counter mode and signed using a message authentication code. Replay attacks are protected against by incrementing the counter every time new payload is encrypted. Only retransmissions use the same counter, and then with absolutely no change of the encrypted payload.

    You can read more on the BLE security in the Bluetooth Core specification, v. 4.0, which can be downloaded from https://www.bluetooth.org/Technical/Specifications/adopted.htm. (Note also some corrections in Core Specification Addendum (CSA) 3). In the core specification, you should primarily look at Volume 6, Part E (and parts of Part B) and Volume 3, Part H.