Bluetooth Network Security : Link Key, Pairing, Authentication & Authorization
This page on bluetooth security covers basics of security concepts in bluetooth network. There are three procedures in bluetooth viz. iniatialization, authentication and encryption.
Due to wide applications of bluetooth technology in our daily life, security of bluetooth devices have become a concern for the users. Though bluetooth devices are used in tandem with other WPAN devices but bluetooth security algorithms are developed to take care of authentication & encryption between only bluetooth devices on radio path(i.e. wireless).
The bluetooth specification has defined three security services viz.
authentication, confidentiality and authorization.
Further bluetooth has three modes of security as follows.
Bluetooth Security Mode 1 : Nonsecure mode
Security Mode 2 : Service level enforced security mode
Security Mode 3 : Link level enforced security mode
The Bluetooth Link Key is generated at the initialization phase. This phase occurs when two devices on bluetooth channel starts communicating or bonding. Both the associated devices derive link keys using the identical PIN entered in both of them by the user. After initialization procedure is completed the devices will perform authentication procedure and encryption procedure on the link. This is done automatically and transparently without any manual intervention of the user. Encryption key is derived from the link key generated.
Authentication procedure for Bluetooth security
Let us understand authentication procedure used as part of bluetooth security. Let us assume that bluetooth device-1 wants to access the bluetooth device-2 or want to pair the connection with it. Here device-1 is known as "claimant" and device-2 is known as "verifier".
• The device-1 transmits BD_ADDR(48-bit address) to device-2.
• The device-2 transmits AU_RAND(128-bit random challenge) to device-1.
• Both the device-1 and device-2 perform computations using E1-algorithm to calculate the SRES.
E1 algorithms take BD_ADDR, AU_RAND and link key as inputs to calculate SRES.
• The device-1(claimant) returns the SRES in the response to device-2(verifier).
• The verifier does the comparison of returned SRES and the one it has calculated.
SRES is of size 32 bits.
• If the SRES are equal, verifier will authenticate the claimant and allows connection
establishment. Following are the useful fields and their sizes used in bluetooth authentication procedure.
This procedure generates ACO field which will be used in bluetooth encryption procedure.
Device Address: 48 bits (Public Access)
Random Challenge: 128 bits (Public, Unpredictable)
Authentication response('SRES'): 32 bits (Public)
Link Key: 128 bits (Secret)
ACO: 96 bit authenticated cipher offset
Encryption procedure for Bluetooth security
Bluetooth encryption is performed to protect payloads of the packet being exchanged between
the two bluetooth devices. The encyption procedure in bluetooth security is based on E0 algorithm.
Following steps are performed in the procedure:
• First using Key generator Encryption Key(Kc) is generated using inputs such as
EN_RAND, ACO and Link Key.
• E0 algorithm uses EN_RAND, BD_ADDR, Slot number and encryption key(Kc) to
generate 'Keystream'.
• At last 'Keystream' generated is EX-ORed
with payload information bits. This('Ciphertext') is transmitted to the receiving device.
• The same steps are performed by the bluetooth device-2 for information transfer.
This way 2-way bluetooth security is assured.
Following are the three encryption modes supported in bluetooth to
provide confidentiality service.
• Mode 1:Encryption is not performed on any type of traffic.
• Mode 2:Broadcast information is not encrypted while individually addressed
information is encrypted using individual link keys.
• Mode 3:All the traffic informations are encrypted using master link key.
Similar posts on Bluetooth technology
BLE (Bluetooth Low Energy) Links
Bluetooth v5.0 versus v5.1 >>
BLE states and state diagram >>
BLE advertising and data channels >>
BLE protocol stack architecture >>
BLE connection process >>
BLE advertising and data packet formats >>