11

In BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C], page 372, there is a section called LE Security Modes, which states:

There are two LE security modes, LE security mode 1 and LE security mode 2.

LE security mode 1 has the following security levels:

  1. No security (No authentication and no encryption)
  2. Unauthenticated pairing with encryption
  3. Authenticated pairing with encryption
  4. Authenticated LE Secure Connections pairing with encryption

LE security mode 2 has two security levels:

  1. Unauthenticated pairing with data signing
  2. Authenticated pairing with data signing

I do not really understand the difference between the LE security mode 1 and level 3 and 4. Can somebody say something about this?

forest
  • 65,613
  • 20
  • 208
  • 262
Brian Brown
  • 231
  • 1
  • 2
  • 9

2 Answers2

7

Intro

In relation to another question LE has two main occurrences:

  • Secure Simple Pairing (4.0)
  • Secure Connections (4.2)

Both occurrences specify the algorithms that can/must be used in the following association methods:

  • Numeric Comparison , which protects against passive and active attacks. (for LE, not available in Secure Simple Pairing);
  • Just works, which protects against passive attacks IF ECDH is used (for LE, only the case in Secure Connections), and never protects against active attacks;
  • Passkey entry, which protects against passive attacks IF ECDH is used (for LE, only the case in Secure Connections), and should protect against an active MITM attack (although there are some doubts about that, e.g. Padovan
  • Out Of Band, of which the security depends on the OOB method that is used.

When talking about an authenticated link, we talk about a link that provides protection against active MITM attacks.

Answer

Security mode 1, level 3 and 4 concern authenticated encryption. Looking at the table given by Bluetooth organization, we can choose between:

  • Passkey Entry
  • Numeric Comparison
  • OOB => this depends on the OOB channel, so is usually not discussed.

However, Numeric Comparison is not available in Secure Simple Pairing, so we can only use it in Secure Connections and must use Passkey Entry when using LE Secure Simple Pairing. Then again, not everybody is convinced that Passkey Entry cannot be broken, so the only real secure method is actually Numeric Comparison (and thus enforce LE Secure Connections). This can be bad from a compatibility standpoint of course.

  • Authenticated pairing uses Passkey Entry (no ECDH, as it is LE legacy!)
  • Authenticated LE Secure Connections pairing uses ECDH Passkey Entry OR preferably Numeric Comparison (both with P-256 ECDH as it is Secure Connections)
Michael
  • 5,403
  • 2
  • 34
  • 58
  • Ok, let's assume I use only 4.2 (Secure Connections) and would like to implements those 2 modes and their levels. Then: mode 1, level 2 should use ECDH to exchange keys and generate encryption key? Mode 1, Level 3 should use ECDH to exchange keys, and also, for instance, the Numeric Comparison for authentication. But what about mode 1, level 4 then? I understand that if I consider only 4.2, then mode 1 level 3 and mode 1 level 4 will be the same, is that right? – Brian Brown Nov 06 '16 at 11:50
  • A device that is in Secure Connections only mode must and can NOT use other levels than level 4 (or level 1 but that's not relevant), as 4.2 is not compatible with level 3. Level 3 simply does not exist in 4.2. It just is available because some devices keep supporting older versions (4.0/4.1). So no, they will not be the same. – Michael Nov 06 '16 at 11:59
  • I see. And, just to be sure - since Secure Simple Pairing uses ECDH to exchange keys, it means that I can use SSP in level 2 and 3? Exchange keys, and do the authentication with the Passkey Entry? And simply stick with Secure Connections for level 4? – Brian Brown Nov 06 '16 at 12:08
  • @BrianBrown, your question is about LE right? The spec does not explicitly map these security modes to BR/EDR. In LE, we only have ECDH in Secure Connections. LE Secure Simple Pairing does not use ECDH (BR/EDR SSP does, though). – Michael Nov 06 '16 at 12:24
  • Hm, I think I got it now. I simply thought that I can map those security levels and modes to Bluetooth 4.2 (and 4.1, 4.0 and so on, such that each Bluetooth version has the same modes and levels). But, could I use map those modes and levels to 4.2? I was thinking about something like this - lets take mode 1 and level 2 as an example - with 4.2, devices would exchange the keys, and generate their own ones (same for both, ECDH) to use it for encryption. Then, mapping of level 3 and 4, would use, for instance, Numeric Comparison and ECDH, so levels 3 and 4 would be the same. – Brian Brown Nov 06 '16 at 12:50
  • I'm only afraid that this perhaps does not make any sense. – Brian Brown Nov 06 '16 at 12:52
  • I follow your reasoning, and you are correct then yes. But it indeed does not make a lot of sense to implement level 3 if you will only be supporting 4.2. – Michael Nov 06 '16 at 12:54
  • Ok, thank you so much for the explanation. It seems that I would have only 3 levels in mode 1, and 2 levels in mode 2, while supporting only 4.2. Now it's all clear. Many, many thanks! – Brian Brown Nov 06 '16 at 13:53
2

Just reading about this, should have seen this when I was working on my last driver. Hopefully this helps, LE Secure Connections are a new process altogether. Not the same old handshake.

LE Secure Connections uses an algorithm called Elliptic curve Diffie–Hellman (ECDH) for key generation, and a new pairing procedure for the key exchange.

BLE 4.2 Article

John Holly
  • 121
  • 1
  • 2
    I'm afraid that this actually does not answer my question (at least, not fully). If Secure Connections is only used in level 4, which mechanisms are used for levels 2 and 3 (for key exchange, generation, for authentication)? Also, if Secure Connections is used in level 4, does it mean that level 2 and 3 use Legacy methods for key generation and authentication? – Brian Brown Nov 01 '16 at 11:31
  • Sorry about the confusion. From what I can gather, these operate like ring control on processor, there is an old question on stack I'm looking for that goes into greater detail. Will update. [BLE legacy and secure connections] (https://eewiki.net/display/Wireless/A+Basic+Introduction+to+BLE+Security#ABasicIntroductiontoBLESecurity-PairingMethodsforLELegacyConnections(4.0,4.1and4.2devices):). – John Holly Nov 01 '16 at 15:58
  • "The device can also be in a mode called Secure Connection Only in which all its services, except the one in Mode 1 Level 1, can only be accessed in Mode 1 Level 4." http://stackoverflow.com/questions/38963836/bluetooth-low-energy-gatt-security-levels – John Holly Nov 01 '16 at 16:00
  • 2
    It seems that either you do not understand me, or I do not understand you :) Will all the levels (2,3,4) use ECDH for key generation? They all should because `Version 2.1 + EDR of the Core Specification introduced Secure Simple Pairing, which utilizes FIPS-approved algorithms (SHA-256, HMAC-SHA-256 and the P-192 elliptic curve)`. I know association methods for secure connections (level 4, there are Just Works, Numeric Comparison, Passentry Key) - I understand that I can use any of them in level 4, but how about level 3? What is the difference between them? – Brian Brown Nov 02 '16 at 18:41
  • No, only LE Secure Connections use ECDH. In the Cypress PDF I have, it says "With this level of security" when referring to ECDH in the level 4 section. ECDH and numeric comparison for preventing MITM with legacy pairs. I hope that helps, sorry man - not going to dive any deeper. http://www.cypress.com/file/220246/download – John Holly Nov 02 '16 at 20:10