BLE security keys : TK, STK, LTK, CSRK, IRK

Introduction : BLE security relies on a set of cryptographic keys viz. Temporary Key (TK), Short Term Key (STK), Long Term Key (LTK), Connection Signature Resolving Key (CSRK) and Identity Resolving Key (IRK). They are used to protect data and manage device identity. Understanding each key’s purpose is crucial for implementing robust security.

• Temporary Key (TK) : Generation of TK key depends on the pairing method chosen. The TK gets generated each time the pairing process occurs. The TK is used in legacy connections only.

• Short Term Key (STK) : This key is generated from the TK exchanged between the devices.Session key used to encrypt the link immediately after pairing but before bonding; derived from TK and random numbers.

• Long Term Key (LTK) : This key gets generated and stored during phase three of the security process in legacy connections and during phase two in LE secure connections. It gets stored on each of the two devices that are bonded, and used in subsequent connections between the two devices. This stored key used for encrypting future connections between bonded devices without re-pairing.

• Connection Signature Resolving Key (CSRK) : Key used to verify the authenticity of signed data in unencrypted connections, ensuring it hasn’t been tampered with. Used to sign data and verify the signature attached to the data at the other end. This key is stored on each of the two bonded devices.

• Identity Resolving Key (IRK) : Key used to resolve a device’s Resolvable Private Address back to its real identity for privacy aware reconnections. Used to resolve random private addresses. This key is unique per device, so the masterʼs IRK will get stored on the slave side, and the slave’s IRK will be stored on the master side.

Conclusion: By applying the right BLE security keys, you can safeguard data, authenticate devices and protect user privacy. A strong security foundation builds trust and ensures compliance with industry standards.