Suppose you have 2 BLE devices that periodically randomize their MAC addresses for security reasons. But they were paired. How do these 2 BLE devices w/random MACs know if they're paired when they meet again after being out of range? i.e. What kind of packets are sent back and forth to determine this?
Random addresses are created using a specific algorithm so that only those possessing the Identity Resolving Key, which is distributed during pairing, can verify that a given random address belongs to a given device.
If you want to know the details you should simply read the Security Manager specification in the Bluetooth Core documentation.
Related
From the Bluetooth client example at http://people.csail.mit.edu/albert/bluez-intro/x502.html, it seems I can simply connect to a remote Bluetooth socket as long as I have the Bluetooth MAC address of the device.
If I can simply connect to a remote Bluetooth device, I am wondering what exactly does Bluetooth pairing do. When is pairing really needed?
Update:
From How does Bluetooth pairing work?, it appears the final result of pairing is that an encryption key gets stored on both sides. I assume, when you open a remote socket connection, the call is intercepted by the local bluetooth daemon. In turn, the daemon encrypts the data and sends to the remote device. The daemon on the remote device decrypts the data and sends to the remote client application:
Device1Client-->Device1Daemon-->Device2Daemon-->Device2Client
Is this assumption correct?
Yes, your assumption is partially correct. Encryption is one of the uses of Passkey.
Bluetooth pairing is necessary whenever two Bluetooth devices connect to each other to share resources. A trusted relationship is established between the devices using a numerical password, commonly referred to as a passkey. Depending on how often one Bluetooth device connects to another, the user might opt to have the passkey saved for future connection attempts or prompt to enter the passkey each time the devices request communication with each other.
This is already explained on Stack Overflow please check- How does Bluetooth pairing work?
In the below answer, I will try to explain what is not mentioned in the above link or answers.
In Pairing process, when the initiating device sends a ‘Pairing Request” to the other device. The two devices then exchange I/O capabilities, authentication requirements, maximum link key size, and bonding requirements. Basically, all this phase consists of, is the two devices exchanging their capabilities and determining how they are going to go about setting up a secure connection. It is also important to note that all data being exchanged during this phase is unencrypted.
Now the question is why this Phase is needed?
As mentioned- “two devices exchanging their capabilities.” The pairing should happen between compatible device there is no point in Pairing you Mouse with a Headphone as Mouse capabilities are different than Headphone.
One more use of Pairing is – “determining how they are going to go about setting up a secure connection.” Here the frequency hopping pattern is determined for two reasons-
To avoid Middle Man Attack.
To avoid Collision
Bluetooth uses 79 radio frequency channels in the band starting at 2402 MHz and continuing every 1 MHz. It is these frequency channels that Bluetooth technology is "hopping" over. The signal switches carrier channels rapidly, at a rate of 1600 hops per second, over a determined pattern of channels. The hopping pattern is determined well during the pairing process so that no other device will know in which band of the frequency the data is being transferred at an instance. Its rare case that frequency hopping pattern can be the same for a couple of devices communicating hence collision is avoided.
Note: If any third device is able to capture the passkey then it can replicate the whole communication pattern and capture the data being transferred. This is how the BT Sniffers work.
I am not able to cover all the details as per SIG specs. I hope the above answers give you a clearer picture of the need for the Pairing process. Feel free to point out, if you want me to explain any specific point in detail.
Below are the reference Links for more information-
http://large.stanford.edu/courses/2012/ph250/roth1/
https://www.bluetooth.com/blog/bluetooth-pairing-part-1-pairing-feature-exchange/
As I understand it, Bluetooth Low Energy communication can be established with or without pairing. This is in the context of mobile development, Android more specifically but I believe iOS is more or less the same.
Are there instances where one would choose one over the other? And what would be the purpose? What is technically considered paired communication and what is considered unpaired communication?
I've dabbled around for a bit on the differences and have even made a few demo only apps related to BLE but I haven't found a clear explanation if what I am doing is actually considered paired or not.
Edit:
The reason I ask the question is that I believe I am looking to encrypt unpaired BLE connections. In some cases, and essentially my main use case, a mobile device may want to connect to several different peripherals randomly at different times throughout the day and the process of physically accepting a pair request seems unnecessary and quite time consuming. By 'randomly' I mean I am walking by one if I have a dozen scattered around my apartment and I personally don't know exactly which one without physically checking. I don't what to walk in the room the first time and have to manually pair each device, that would be insane if I had 100 devices. Note that these devices don't necessarily have to be connected at the same time, but could. Also note that I understand this isn't generally the main use case of the typical peripheral to mobile use case.
Here are a few differences:
If you bond the devices, the link will become encrypted, so it becomes more secure. So "paired" communication basically means the link is encrypted plus the device "knows" what it talks to.
The remote device also learns your phone's IRK (identity resolving key), which can be used to identify the phone later on. By default, the phone rotates the Bluetooth Device Address every 15 minutes or so. Without knowing the IRK, the peripheral can't identify the phone.
A good thing if the devices are bonded, is that the GATT db of the remote device gets cached, which means upon next connection, you don't have to wait a long time for service discovery to complete.
On Android, connecting by Bluetooth Device Address without first scanning is broken since the API lacks the "address type" bit (public/random address). If Android "guesses" wrong, you will connect to the wrong device and therefore fail. However if devices are bonded, the address type is stored and looked up based upon Bluetooth Device Address, which makes it work as expected. So if you plan to automatically connect to your peripherals in the background upon boot for example, it's a good idea to bond the devices.
A small detail is that Client Characteristic Configuration Descriptor values should also be stored by the GATT server and restored once the bonded device reconnects so it doesn't have to rewrite the descriptor value.
Some Bluetooth profiles needs bonding, for example HID (at least on iOS and Android).
is there a way for a peripheral to determine to what central it is connected to?
Suppose i have a peripheral device that can connect to a PC, a Smartphone, or a smart TV, etc. The peripheral is an arduino based system, therefore has got some intelligence and i want it to behave in different ways according to what the central it is connected to is. What would be the best way to understand what the central is?
Thanks
There is no way to determine the connected central device type, the way you asked. One way to do is program your arduino to act differently as per the BD_ADDR addresses of the central device. But in this case, you need to know the addresses of all your central devices, and it works only with known set of devices. Also some central devices may not use public BD_ADDR addresses. For example Apple devices use random addresses. In this case you don't know the real BD_ADDR address, until your device pairs with central device. You can't rely on their names because Bluetooth device names can be changed.
I'm currently developing a wireless connectivity between two embedded devices over 802.15.4 RF protocol. One of the devices is the coordinator(server), and the other is a node(client)
I want to make sure that only specific vendor devices will be able to communicate with the coordinator.
What's the best approach to authenticate a device to the coordinator, so other devices couldn't try to cheat. the messages are over RF so anyone can listen to them with a sniffer.
You could filter by MAC address, since all devices from a single manufacturer will start with the same three-byte OUI.
It would be better to look into the security options of ZigBee though. You could configure all of the devices with a secret, pre-shared key, and only devices with that key will be able to join your network.
Or, look at the Smart Energy model, where each device has a unique pre-shared key. The coordinator is given a MAC address and an install code out of band (some method other than over the ZigBee network) and will then allow that single device to join the network.
What level of security are you looking for? Something to prevent accidental interference by non-participating devices, or something to protect sensitive information from prying eyes? If the latter it's best not to try rolling your own solution as it's very hard to get absolute security right. As mentioned in the last answer: a ZigBee stack would provide a comprehensive solution to the problem, but the cost is added complexity and higher spec hardware (you'd need at least 128kB flash, and 4-8kB RAM to run all classes of ZigBee device comfortably).
I have an android phone and I want it to communicate with 10 bluetooth modules, not simultaneously. I know that a master device can have 7 slaves for bluetooth connection. does it mean "pairing"?
The question is can I have my phone paired with 10 bluetooth devices? Then send them data seperately?
There is no set limit on the number of pairings possible for a device, except for any limitations made by the platform or bluetooth software stack (eg. limited storage).
does it mean "pairing"?
Bluetooth pairing and connecting are two separate operations.
When two Bluetooth devices pair, they will exchange Bluetooth addresses and encryption keys. If pairing is successful, it allows the devices to connect to each other at a later time.
When two bluetooth devices connect, the profiles are established (a2dp if a speaker, hfp if headset, etc), and they can communicate.
Sometimes there is confusion between pairing and connecting since most smartphones automatically connect after detecting a successful pairing.
Pairing is just done once, typically when you buy a Bluetooth product. Connection is done whenever you use the product.
The question is can I have my phone paired with 10 bluetooth devices?
Then send them data seperately?
As mentioned in the other answer, the maximum number of paired devices is platform dependent, it varies from product to product, but there is no set limit. The maximum number of connected devices (that you could send/receive data concurrently to) is 7 according to the Bluetooth specification.