Which Bluetooth Security Mode to use? - bluetooth

I am wondering what is state of the art, when developing new products.
We are currently developing a new product and I have to decide, which bluetooth security mode to use. Value ranges from 1 to 4.
If I understand this right, mode 4 was introduced with bluetooth 2.1 and I ask myself, if there is a significant number of smart phones not supporting this.
Moreover we prepare our bluetooth certificaation with the PTS tool. This tool enforces using mode 4 if our device can to BR/EDR and BLE.
Is it state of the art to always enforce mode 4 in new devices?
Thank you.

If you really want to use state of the art security mode in Bluetooth, then this would be "Secure Connections" for classic Bluetooth [1], and "LE Secure Connections" for Bluetooth Low Energy [2]. Secure Connections was introduced in Bluetooth v4.1 and LE Secure Connections was introduced in v4.2. This is the latest and greatest security mode, and it uses Elliptic Curve Diffie-Hellman Cryptography for key calculation [3]. One of the key features of this mode is that if a device is paired over classic Bluetooth, there is no need to pair over LE as well, as a keys for both transports are generated during a single pairing procedure [4].
I hope this helps.
Bluetooth Specification v5.0, Vol 0, Part C, Section 1.3: Core System Package.
Bluetooth Specification v5.0, Vol 0, Part C, Section 1.3: Core System Package.
Bluetooth Specification v5.0, Vol 1, Part A, Section 5.3: Secure
Connections Only Mode.
Bluetooth Specification v5.0, Vol 1, Part A, Section 5.6: Key
Generation Between BR/EDR and LE Physical Transports.

Related

Secure Simple Pairing vs LE Legacy pairing

What is the diference between Secure Simple Pairing and LE Legacy Pairing in BLE? My assumption is, that the SSP is the older one, rather not used today, am I right with it? Is SSP still used in the devices or it is rather state-of-art method of pairing.
That UG103.14 document seems to be written by some people at Silabs; it is not an official document written by Bluetooth SIG. That BLE would use Secure Simple Pairing is just wrong.
In Bluetooth Classic we have Legacy Pairing, Secure Simple Pairing and Secure Connections (the newest and safest one).
In BLE we have LE Legacy Pairing and LE Secure Connections.
You can read the following in the Bluetooth Core Specification 5.3, Vol 1 Part A (Architecture) section 5.4.1:
Bluetooth LE uses four association models referred to as Just Works, Numeric Comparison, Out of Band and Passkey Entry. LE legacy pairing does not have an equivalent of Numeric Comparison.
In LE legacy pairing, each of these association models is similar to BR/EDR Secure Simple Pairing with the following exceptions.
• Just Works and Passkey Entry do not provide any passive eavesdropping protection. This is because Secure Simple Pairing uses Elliptic Curve Diffie-Hellman and LE legacy pairing does not. In LE Secure Connections pairing, the four association models are functionally equivalent to BR/EDR Secure Connections.
If you want to know more, I suggest you to read the whole of chapter 5 Security Overview. It's just 11 pages.

Does Bluetooth 5 implements BR/EDR natively?

I can't find a proper answer on the Internet.
The Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) appeared with the 2.0 Bluetooth Core Specification to improve data rate transfers. The Bluetooth Low Energy (BLE) appeared with the 4.0 Bluetooth Core Specification to improve consumption in the IoT field. Yet, to make those two modes work together (BLE & BR/EDR) you had to use a "Smart Ready" module (or dual-mode specific module).
Today, we have the Bluetooth 5. I don't quite understand if, when I browse Bluetooth 5 SoC on the market, the BR/EDR is implemented natively. For the BLE mode, it is. From a general FAQ :
Is the low energy feature of Bluetooth a part of Bluetooth 5.0?
Yes, Bluetooth with low energy functionality, introduced in Bluetooth 4.0, is a feature within Bluetooth Core Specification version 5.0. In fact, the new features and benefits of Bluetooth 5.0 are designed specifically for Bluetooth with low energy functionality.
But for the BR/EDR mode, the Bluetooth 5 Core Specification states (p323, Vol : 2 Core System Package [BR/EDR Controller Volume]) :
Two modulation modes are defined. A mandatory mode, called Basic Rate, uses a shaped [...]. An optional mode, called Enhanced Data Rate, uses PSK modulation [...].
So, from the Core Specification, the EDR mode is optional. Yet, I can't find any SoC or module (BT5 compliant) that has this EDR mode, like it doesn't exist anymore but everyone exhibit high data transfers (more than EDR used to be with previous version).
So, is the EDR implemented natively in BT5 (as the BLE is) even if the Core Specification states it as optional ?
Where am I wrong ?
Thanks !
"Most" things in the Bluetooth Core specification are optional. You can have a BT5-compliant Bluetooth Classic chip that doesn't have any LE functionality and you can have a BT5-compliant BLE chip that doesn't have any Bluetooth classic features.
To check whether a particular Bluetooth chip supports a specific feature, just look it up at https://launchstudio.bluetooth.com/Listings/Search.
As mentioned above, lots of things Bluetooth are optional, and the nomenclature is confusing and changeable.
Bluetooth Smart Ready describes modules that can do both Smart (ie LE) as well as classic. If you are looking for a Bluetooth Smart Ready module, we've successfully used the Silicon Labs (acquired Bluegiga) BT121 module in a couple of products where we needed SPP with high speed and range (BR/EDR).
Hope that helps!
Best Regards, Dave

Pairing differences between Bluetooth and Bluetooth LE?

Is there any (big) technial difference between pairing 'normal' Bluetooth devices and pairing Bluetooth LE devices?
I found a lot of information for Bluetooth LE pairing, but not for normal? For example
Info 1.
So is this information for normal Bluetooth correct too?
If you mean Bluetooth Classic or BR/EDR by 'normal',the difference depends on the version of Bluetooth in use.
Bluetooth Classic or BR/EDR 2.1 - 4.1 Vs BLE 4.0-4.1
BR/EDR pairing procedures are handled by the LMP layer of the Bluetooth Controller.
BLE Pairing procedures are handled by SMP in the host stack.
BR/EDR uses ECDH Key generation which prevents passive eavesdropping.
BLE legacy pairing does not use ECDH Key generation and so it is susceptible to passive eavesdropping
BR/EDR defines 4 association models; OOB, Passkey entry, Just works, Numeric Comparison
BLE Legacy Pairing defines 3 association models ; OOB, Passkey entry, Just works.
Although they appear similar from the user perspective, they do not provide the same level of security. See #2
BR/EDR generates the Link Key on both devices.
BLE legacy pairing, generates the STK. The Link Key i.e. LTK in use is distributed by the slave
BR/EDR v4.2 Secure Connection vs BLE v4.2 Secure Connection
BLE 4.2 secure connections added ECDH key generation and the Numeric Comparison association model. It also did away with the STK. The LTK is now generated on both slave and master.
Secure connection association models on the BLE link, are equivalent to BR/EDR secure connection association models, in terms of protection against MITM attacks and Passive eavesdropping.
When two BR/EDR/LE devices support Secure Connections over both transports, keys for both transports may be generated during a single pairing procedure. The ability to convert keys from one transport to the other eliminates the need to pair twice.
There are still some differences.
BR/EDR pairing procedures are handled by the LMP layer of the Bluetooth Controller.
BLE Pairing procedures are handled by SMP in the host stack.
BR/EDR cryptographic functions use HMAC-SHA-256.
BLE cyrptographic functions use AES-CMAC.
More information can be found in the Bluetooth core specification here

BlueZ: LE secure pairing using Elliptical Curve Diffie-Hellman from command line

One of the main features of Bluetooth v4.2 is LE secure connections, where Elliptic Curve Diffie-Hellman (ECDH) is used for the key agreement protocol. As of BlueZ v5.26, support for LE secure connections has been added as follows:-
"BlueZ 5.26 is the first release with support for Blueooth 4.2 features. Perhaps the most notable one of these is Low Energy Secure Connections which will require a 3.19 or newer kernel."[1]
Is there a way to test ECDH pairing through the command line? if not, what is the easiest way to test this?
I'm using BlueZ v5.38 on kernel 3.19 but I can't figure out how to do this.
[1] http://www.bluez.org/release-of-bluez-5-26/
In Linux, the secure connections feature using ECDH can be verified by performing pairing (using bluetoothctl) between two Bluetooth v4.2 devices and observing the output through btmon. Look for HCI Event: Link Key Notification and observe the Key type. If it shows P-256, then Secure Connections feature is verified. If it shows P-192, then it is using Secure Simple Pairing (SSP).
Additional background on this can be found in the Bluetooth Core Specification v4.2 in Vol 1, Part A, Section 5.1: Security Architecture.
I hope this helps.

Is Bluetooth Smart Ready low energy?

I searched on bluetooth.com , bluetooth.org but I didn't find any explanation about Bluetooth Smart Ready Device being low energy.
I know Bluetooth Smart Ready is dual mode. (Backward compatible)
My question is When Bluetooth Smart Ready is connected to older Bluetooth device, is it still in low energy mode or does it require more power(like older Bluetooth Devices) ?
Short answer: no it is not in low energy mode because it is not using the low energy subset of Bluetooth v4.0.
Long answer: Bluetooth v4.0 defines two types of transceivers:
Dual-Mode Devices (aka Smart Ready Devices): Dual mode devices include all the features of standard Bluetooth v4.0 (Classic Bluetooth + Bluetooth High Speed + Bluetooth Low Energy); BLE functionality is integrated into the existing Bluetooth controller. Dual mode devices, such as PCs and Mobile phones, can utilize the full package versions of the technology running side by side.
Single-mode Devices (aka Bluetooth Smart): single mode devices
implement the low energy protocol stack only. The single mode devices
benefit from the low power consumption and low cost of implementation
provided by v4.0. Therefore, the devices are cheaper and consume
less power than dual mode devices.
Hope this helps.
Bluetooth Smart means Bluetooth 4.0. The only common in Bluetooth Smart and the older versions is the frequency range.The communications is vastly different, requiring different radio hardware too.
So if a device is dual mode, it can either use the low energy, or the standard communication. And because of this, in standard mode, the energy consumption is the same as with the standard devices.
No, When a backwards compatible Dual Mode/Smart Ready device is connecting and transmitting on Bluetooth 2.1, 3.0 or EDR it is not Low Energy.
What makes low energy low energy is the short burst transmissions, packet size and the way the processing works. Being Dual Mode / Smart Ready just combines the necessary chips and antenna into one package for ease of manufacturing and design.
Bluetooth Smart Ready = Dual Mode, i.e. it can switch between BR/EDR (Classic) and BLE.
For BLE, it is first and foremost the protocol that makes it "low energy", i.e. low consumption.
So, when the Smart Ready device works in BLE mode, it is low energy. When it works in Classic mode, it is not low energy.

Resources