Bluetooth Security Basics

This page on bluetooth security covers basics of security concepts in bluetooth network. There are three procedures in bluetooth viz. iniatialization, authentication and encryption.

Due to wide applications of bluetooth technology in our daily life, security of bluetooth devices have become a concern for the users. Though bluetooth devices are used in tandem with other WPAN devices but bluetooth security algorithms are developed to take care of authentication & encryption between only bluetooth devices on radio path(i.e. wireless).

The bluetooth specification has defined three security services viz. authentication, confidentiality and authorization. Further bluetooth has three modes of security as follows.
Bluetooth Security Mode 1 : Nonsecure mode
Security Mode 2 : Service level enforced security mode
Security Mode 3 : Link level enforced security mode

The Bluetooth Link Key is generated at the initialization phase. This phase occurs when two devices on bluetooth channel starts communicating or bonding. Both the associated devices derive link keys using the identical PIN entered in both of them by the user. After initialization procedure is completed the devices will perform authentication procedure and encryption procedure on the link. This is done automatically and transparently without any manual intervention of the user. Encryption key is derived from the link key generated.

Authentication procedure for Bluetooth security

bluetooth security-authentication procedure

Let us understand authentication procedure used as part of bluetooth security. Let us assume that bluetooth device-1 wants to access the bluetooth device-2 or want to pair the connection with it. Here device-1 is known as "claimant" and device-2 is known as "verifier".

• The device-1 transmits BD_ADDR(48-bit address) to device-2.
• The device-2 transmits AU_RAND(128-bit random challenge) to device-1.
• Both the device-1 and device-2 perform computations using E1-algorithm to calculate the SRES. E1 algorithms take BD_ADDR, AU_RAND and link key as inputs to calculate SRES. • The device-1(claimant) returns the SRES in the response to device-2(verifier).
• The verifier does the comparison of returned SRES and the one it has calculated. SRES is of size 32 bits.
• If the SRES are equal, verifier will authenticate the claimant and allows connection establishment. Following are the useful fields and their sizes used in bluetooth authentication procedure. This procedure generates ACO field which will be used in bluetooth encryption procedure.

Device Address: 48 bits (Public Access)
Random Challenge: 128 bits (Public, Unpredictable)
Authentication response('SRES'): 32 bits (Public)
Link Key: 128 bits (Secret)
ACO: 96 bit authenticated cipher offset

Encryption procedure for Bluetooth security

bluetooth security-encryption procedure

Bluetooth encryption is performed to protect payloads of the packet being exchanged between the two bluetooth devices. The encyption procedure in bluetooth security is based on E0 algorithm. Following steps are performed in the procedure:
• First using Key generator Encryption Key(Kc) is generated using inputs such as EN_RAND, ACO and Link Key.
•  E0 algorithm uses EN_RAND, BD_ADDR, Slot number and encryption key(Kc) to generate 'Keystream'. • At last 'Keystream' generated is EX-ORed with payload information bits. This('Ciphertext') is transmitted to the receiving device.
• The same steps are performed by the bluetooth device-2 for information transfer. This way 2-way bluetooth security is assured.

Following are the three encryption modes supported in bluetooth to provide confidentiality service.
• Mode 1:Encryption is not performed on any type of traffic.
• Mode 2:Broadcast information is not encrypted while individually addressed information is encrypted using individual link keys.
• Mode 3:All the traffic informations are encrypted using master link key.

Similar posts on Bluetooth technology

Main Bluetooth tutorial page  Frequency  PHY Layer  MAC layer  Stack  Power classes  Security  products  versions 


What is Bluetooth   Bluetooth tutorial   Bluetooth frequency allocations   Bluetooth power classes   Bluetooth Protocol Stack   Bluetooth Physical Layer   Bluetooth MAC Layer   Bluetooth Product Vendors   difference between bluetooth versions

BLE (Bluetooth Low Energy) Links

BLE Protocol Stack BLE connection establishment procedure

Bluetooth v4.2 versus v5.0 >>
Bluetooth v5.0 versus v5.1 >>
BLE states and state diagram >>
BLE advertising and data channels >>
BLE protocol stack architecture >>
BLE connection process >>
BLE advertising and data packet formats >>

Wireless security Related Links

3G Security   LTE Security   GSM Security   Zigbee Security   Z-wave Security   Web App. Security   Bluetooth security   WiFi security  

IoT Wireless Technologies

WLAN    ➤THREAD    ➤EnOcean    ➤LoRa    ➤SIGFOX    ➤WHDI   
Zigbee   ➤6LoWPAN   ➤Zigbee RF4CE   ➤Z-Wave   ➤NFC   ➤RFID   ➤INSTEON