This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

What advantage does Pairing using Legacy Pairing (BLE 4.0,4.1 devices) give me over a simple connection between 2 devices?

BLE 4.2 uses something called LESC (LE Secure Connection) for significantly enhancing the link encryption between 2 devices (using public private key pair model). But prior to that the way devices would pair with each other, what advantage would that give me over a normal connection as the data exchanged between the 2 paired devices (BLE 4.0,4.1) is easily sniffable and if the pairing method is 'Just Works' then it's even highly prone to MITM attacks. So, what good is pairing in devices using BLE v.4.0 or 4.1 ?

Parents

0 Dmitry over 4 years ago

Hi,

Legacy pairing is a “fallback” mode for devices that don’t support LESC, like WEP for wifi routers, there are no advantages comparing with LESC. Nevertheless, there may be some use cases when you may consider using legacy pairing:

- when security is not an issue at all, and pairing is needed only to let devices know each other and to speed up connection establishment

- there is a second level of encryption and MITM protection (e.g. TLS over BLE)

- at development stage, because legacy connection is much easier to debug (the sniffer has no way to know LESC keys)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manish Kaul over 4 years ago in reply to Dmitry

Dmitry said:
there are no advantages comparing with LESC.

I'm not at all comparing legacy pairing with LESC. My question clearly asks, advantages of legacy pairing over a simple connection ? Sharing keying information and generating STKs within each device, if I didn't do that and just started communicating data over the link between 2 'connected' devices, what difference does that make ?

Dmitry said:
to speed up connection establishment

Pairing is done post connection.

Dmitry said:
there is a second level of encryption and MITM protection

If my pairing method is 'Just Works' it can't protect devices from MITM attack.

Dmitry said:
at development stage, because legacy connection is much easier to debug

Exactly what I said, I can sniff data when communicated between 2 connected devices and same happens while 2 devices are paired with each other. So why did I go for legacy pairing? What's the advantage?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Manish Kaul over 4 years ago in reply to Dmitry

Dmitry said:
there are no advantages comparing with LESC.

I'm not at all comparing legacy pairing with LESC. My question clearly asks, advantages of legacy pairing over a simple connection ? Sharing keying information and generating STKs within each device, if I didn't do that and just started communicating data over the link between 2 'connected' devices, what difference does that make ?

Dmitry said:
to speed up connection establishment

Pairing is done post connection.

Dmitry said:
there is a second level of encryption and MITM protection

If my pairing method is 'Just Works' it can't protect devices from MITM attack.

Dmitry said:
at development stage, because legacy connection is much easier to debug

Exactly what I said, I can sniff data when communicated between 2 connected devices and same happens while 2 devices are paired with each other. So why did I go for legacy pairing? What's the advantage?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Dmitry over 4 years ago in reply to Manish Kaul

When working with heterogenous devices, the advantage is that all services and characteristics are cached by master - it doesn't need to discover them every time. Also in privacy mode IRK is saved by master, so next time it can see who is connecting. In case of two custom devices, if security and privacy are not considered, I don't see any advantage.

Manish Kaul said:
If my pairing method is 'Just Works' it can't protect devices from MITM attack

It's obvious. I mean second-layer auth with your own CA - in that case you can.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manish Kaul over 4 years ago in reply to Dmitry

Dmitry said:
Also in privacy mode IRK is saved by master

Yes, agreed to a certain extent on this point. As what you're referring to is part of bonding rather than only pairing.

Dmitry said:
the advantage is that all services and characteristics are cached by master

You mean next time master connects with the same slave (after pairing initially) it won't need to discover the serives on peripheral again? I think that could be an advantage of caching and not pairing. Can that not be achieved by simple connection, after all you know who you are connecting to.

Dmitry said:
if security and privacy are not considered,

privacy I can understand but security is anyway not being addressed here.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Dmitry over 4 years ago in reply to Manish Kaul

Manish Kaul said:
You mean next time master connects with the same slave (after pairing initially) it won't need to discover the serives on peripheral again?

Yes.

Manish Kaul said:
I think that could be an advantage of caching and not pairing. Can that not be achieved by simple connection, after all you know who you are connecting to.

With your own devices, you're free to implement caching at application level. But in Android, for example, you don't have access to raw handles, you're working with UUIDs. In case of paired device, BLE stack has cached UUID-handle mapping, for unpaired device it performs discovery every time you're connecting to the device.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manish Kaul over 4 years ago in reply to Dmitry

Alright Dmitry! Thankyou!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel