Manualshelf

User manual

ManualsBrandsTELEDYNE LECROY ManualsLaboratory Test EquipmentProtocol analyser USB
211212213214215216217218219220
A.1 Decrypting Encrypted Bluetooth® low energy
A.1.1 How Encryption Works in Bluetooth low energy
Data encryption is used to prevent passive and active—man-in-the-middle (MITM) eavesdropping attacks on a
Bluetooth low energy link. Encryption is the means to make the data unintelligible to all but the Bluetooth master
and slave devices forming a link. Eavesdropping attacks are directed on the over-the-air transmissions between
the Bluetooth low energy devices, so data encryption is accomplished prior to transmission using a shared, secret
key.
A.1.2 Pairing
A Bluetooth low energy device that wants to share secure data with another device must first pair with that
device. The Security Manager Protocol (SMP) carries out the pairing in three phases.
1. The two connected Bluetooth low energy devices announce their input and output capabilities and from
that information determine a suitable method for phase 2.
2. The purpose of this phase is to generate the Short Term Key (STK) used in the third phase to secure key
distribution. The devices agree on a Temporary Key (TK) that along with some random numbers creates
the STK.
3. In this phase each device may distribute to the other device up to three keys:
a. the Long Term Key (LTK) used for Link Layer encryption and authentication,
b. the Connection Signature Resolving Key (CSRK) used for data signing at the ATT layer, and
c. the Identity Resolving Key (IRK) used to generate a private address.
Of primary interest in this paper is the LTK. CSRK and IRK are covered briefly at the end.
Bluetooth low energy uses the same pairing process as Classic Bluetooth: Secure Simple Pairing (SSP). During SSP
initially each device determines its capability for input and output (IO). The input can be None, Yes/No, or
Keyboard with Keyboard having the ability to input a number. The output can be either None or Display with
Display having the ability to display a 6-digit number. For each device in a paring link the IO capability determines
their ability to create encryption shared secret keys.
The Pairing Request message is transmitted from the initiator containing the IO capabilities, authentication data
availability, authentication requirements, key size requirements, and other data. A Pairing Response message is
Frontline BPA low energy Hardware & Software User Manual 212