Bluetooth Low Energy (BLE) security in a nutshell!

Introduction

Bluetooth Low Energy (BLE) was first released by the Bluetooth Special Interest Group (SIG) in 2010 as a subsidiary of Bluetooth 4.0 and is also referred to as Bluetooth Smart.

It is one of the most popular wireless standards that people use today for purposes regarding data transfer, location services and device networks such as control systems.

So why don’t we just use Bluetooth instead of BLE?

The main advantage of using BLE is the low power consumption in the connection of the two devices. The ultra-low energy consumption illustrates a glimpse of innovation compared to standard Bluetooth that was first developed for control and monitoring applications in many areas such as healthcare and consumer electronics.

It is ideal for low power mobile devices and is used in different applications where data are being exchanged such as in devices categorised in the paradigm of the Internet of Things (IoT).

Let’s just cut to the chase. How secured is this protocol?

Note: Basic background knowledge on Bluetooth architecture required before proceeding to the rest of this story.

Security of BLE

BLE’s main security aim is to provide assurance in three main categories of security:

• Authentication: Confirming and verifying the identity of the mobile device user.
• Authorization: Determining the permissions a device when connecting to another device regarding the services applicable to device access rights.
• Confidentiality: Ensuring that data transmitted between the device are not shared or exploited by unauthorised parties.

Security Modes

The security of BLE can be separated into two main security modes which are defined by the Generic Access Profile (GAP) that each contain different levels of security as shown by Figure 1.

Figure 1: BLE security modes

Pairing keys

In the pairing process, there are some main keys generated to establish the pairing security:

• Temporary Key (TK): This six digit key is generated from the pairing method and then used for the agreement of the two devices.
• Long Term Key (LTK): LTK is a 128-bit key which is used in the link layer as a key for encrypting and authenticating the communication.
• Connection Signature Resolving Key (CSRK): CSRK is a 128-bit key which is generated to be used in the ATT layer for data signing purposes. It is mainly used to generate a private Bluetooth address of the devices involved in the pairing.
• Identity Resolving Key (IRK): Just like CSRK, IRK is another 128-bit key used for generating a private Bluetooth address of the devices involved in the pairing.
• Short Term Key (STK): STK is used when encryption of the communication is generated from random values and from the TK by each device. It is also used as means of encrypting the message which contains LTK, CSRK and IRK which is then transmitted at the late stages of pairing.

Pairing Methods

Pairing is the establishment of connection between two devices. The pairing of the device is where the most vulnerabilities occur. There are several types of pairing two devices:

1. Secure Simple Pairing (SSP):

• Out of Band (OOB): Uses OOB communication methods for TK agreement such as NFC.
• Passkey Entry (PE): Uses a six digit number as a TK that needs to be entered in the device paired.
• Just Works (JW): This is a pairing method for devices that have no screen
  to display the TK. Simply, TK generated is all zeros. However this is not an
  authenticated pairing method and can be exposed to several attacks like the Man In The Middle (MITM) attack.

2. PIN Pairing:

This is where the two devices generate a 4 digit PIN code which is then entered into one of the two mobile devices. If the correct key is entered in the device, the device authenticates the BLE pairing connection.

Pairing Process

Pairing of two mobile devices can be a complex procedure. Pairing are used for each security mode and for each security level included in those security modes. The basic definition of analysing the security capabilities of each device and generating complex keys that are exchanged between two devices in order to authenticate the connection with each other. BLE pairing can be categorised to three main phases:

Figure 2: Pairing process diagram

• Phase one is about advertising events of the device. Each device advertises its capabilities with each other by advertising data through the ATT layer. ATT layer helps interpret device data in ATT values which are understood by the devices. It is important to note that no security at exchanging the advertised data.
• Phase two is where the keys are generated. There are three keys which are also described in the corresponding subsection above. TK is firstly generated as a key that is used for agreement of the two devices which is generated by Just Works, Out of Band and Passkey Entry pairing methods. STK is then agreed by both devices in this phase by combining the TK agreed by the devices and some random values. TK is shared between two devices but the STK generated is not.
• Phase three takes the STK used from phase two for secure transmission of the rest of the keys by encryption which is required for the communication. In this phase, a message is transmitted including three keys: LTK, CSRK and IRK which are encrypted by using the STK.

This is it! As a final note, I have listed down some potential vulnerabilities and threats that shows the security (or insecurity) of BLE as a wireless communication protocol.

Figure 3: Vulnerabilities and threats displayed as a table.

Thank you! :)