Difference between Bluetooth LE Secure Connections security mode 1 and level 3 and 4?

Intro

In relation to another question LE has two main occurrences:

  • Secure Simple Pairing (4.0)
  • Secure Connections (4.2)

Both occurrences specify the algorithms that can/must be used in the following association methods:

  • Numeric Comparison , which protects against passive and active attacks. (for LE, not available in Secure Simple Pairing);
  • Just works, which protects against passive attacks IF ECDH is used (for LE, only the case in Secure Connections), and never protects against active attacks;
  • Passkey entry, which protects against passive attacks IF ECDH is used (for LE, only the case in Secure Connections), and should protect against an active MITM attack (although there are some doubts about that, e.g. Padovan
  • Out Of Band, of which the security depends on the OOB method that is used.

When talking about an authenticated link, we talk about a link that provides protection against active MITM attacks.

Answer

Security mode 1, level 3 and 4 concern authenticated encryption. Looking at the table given by Bluetooth organization, we can choose between:

  • Passkey Entry
  • Numeric Comparison
  • OOB => this depends on the OOB channel, so is usually not discussed.

However, Numeric Comparison is not available in Secure Simple Pairing, so we can only use it in Secure Connections and must use Passkey Entry when using LE Secure Simple Pairing. Then again, not everybody is convinced that Passkey Entry cannot be broken, so the only real secure method is actually Numeric Comparison (and thus enforce LE Secure Connections). This can be bad from a compatibility standpoint of course.

  • Authenticated pairing uses Passkey Entry (no ECDH, as it is LE legacy!)
  • Authenticated LE Secure Connections pairing uses ECDH Passkey Entry OR preferably Numeric Comparison (both with P-256 ECDH as it is Secure Connections)

Just reading about this, should have seen this when I was working on my last driver. Hopefully this helps, LE Secure Connections are a new process altogether. Not the same old handshake.

LE Secure Connections uses an algorithm called Elliptic curve Diffie–Hellman (ECDH) for key generation, and a new pairing procedure for the key exchange.

BLE 4.2 Article

Tags:

Protocols

Bluetooth

Recent Posts