Bluetooth security mechanisms
The basic security mechanisms used in Bluetooth equipment are:
When two devices communicate, they can initiate a process known as
bonding, where each of them uses a PIN code provided by the
user to generate two secret keys: A link key, and an
encryption key. For the bonding procedure to succeed, the user
must supply the same PIN code to both devices, so they both generate
the same pair of keys. These keys are used in the authentication and
encryption procedures described below.
Authentication is the process by which a device verifies another
device's identity. The mechanism used for this purpose in Bluetooth
is a so-called challenge-response scheme, in which:
- One party (the claimant) sends its address to the other
(the verifier).
- The verifier sends a random challenge (in fact, a number
generated by a random number generator) to the claimant.
- The claimant replies with a response, which it works out
on the basis of the challenge, the address and the shared secret link
key, and sends it to the verifier.
- The verifier works out the response which it expects to receive
on the basis of the challenge, the address and the shared secret link
key, and compares it with the response actually received.
If the expected and received responses are identical, the two
participants have evidently used the same information to work out
their responses. Since the necessary information includes the secret
link key, which is assumed only to be known by the two participants
who took part in the bonding process, each of them can be pretty
certain that it is communicating with its true "bonding partner".
If this is the case, the authentication process terminates
successfully, otherwise the connection between the two parties is
broken.
Confidentiality is ensured by encryption of the data sent
between two Bluetooth devices. Encryption is based on a so-called
stream cipher. In this form of encryption, a continuous
sequence of encryption keys (a keystream) is produced by the
sender and combined with the stream of unencrypted data to produce a
stream of encrypted data, which is transmitted to the receiver. At
the receiver, an identical keystream is produced, and used to extract
the unencrypted data from the encrypted data:
Each key in the keystream is generated in two steps:
- The secret shared link key is combined with a random number to
produce an encryption key.
- The encryption key is combined with the address and the random
number to produce the next key in the keystream.
It is important to make it as difficult as possible for an intruder to
guess the sequence of encryption keys, since if he could do so he
could decrypt the stream of encrypted data. Ideally, even if the
intruder actually managed to find a long sequence of keys, he would be
unable to deduce what the next one would be. To ensure this,
successive encryption keys are generated using successive random
numbers generated by a random number generator for which it is
extremely difficult to guess the next number, even if one has seen a
long sequence of numbers already.
Robin Sharp
Last updated 050518.