BLE - security

RE: BLE - security

Dmitry — Sat, 17 Jul 2021 12:20:21 GMT

https://www.bluetooth.com/specifications/specs/core-specification/

Wow, a new version appeared four days ago...

RE: BLE - security

Roei — Sat, 17 Jul 2021 12:14:24 GMT

Thanks!

Can you please give me the link for the spec?

RE: BLE - security

Dmitry — Sat, 17 Jul 2021 11:39:18 GMT

Phase 2, Authentication Stage 1.

If you're curious about such low-level things, please read Bluetooth Core spec (Vol 3 Part H) - the whole pairing process is explained in details.

RE: BLE - security

Roei — Sat, 17 Jul 2021 09:58:35 GMT

Thanks!

Can you please tell me in which phase does authentication (passkey etc...) occur?

RE: BLE - security

Dmitry — Sat, 17 Jul 2021 09:31:42 GMT

[quote userid="73410" url="~/f/nordic-q-a/77264/ble---security/320533#320533"]After that - we use that shared secret key and together with both sides's addresses and rand numbers, we create the LTK?[/quote]

Exactly.

[quote userid="73410" url="~/f/nordic-q-a/77264/ble---security/320533#320533"]Do we know the exact generation function?[/quote]

Yes, see Bluetooth Core specification Vol 3 Part H, "LE Secure Connections key generation function f5".

RE: BLE - security

Roei — Sat, 17 Jul 2021 08:54:37 GMT

OK, just to be sure everything is cleared:

Diffie-Hellman is used to generate shared secret. In the end - both sides have the shared secret.

After that - we use that shared secret key and together with both sides's addresses and rand numbers, we create the LTK? Do we know the exact generation function?

Thanks!!

RE: BLE - security

Dmitry — Sat, 17 Jul 2021 08:46:23 GMT

[quote userid="73410" url="~/f/nordic-q-a/77264/ble---security/320530#320530"]In other words - why do we need another phase for key distribution? After Diffie-hellman - both sides can generate the LTK[/quote]

They do. In case of LESC, third phase is only needed to distribute IRK and CSRK (if requested in pairing request/response). As these values are confidential, this step is performed over an encrypted channel.

RE: BLE - security

Roei — Sat, 17 Jul 2021 08:02:37 GMT

In other words - why do we need another phase for key distribution? After Diffie-hellman - both sides can generate the LTK.

Thanks!

RE: BLE - security

Roei — Sat, 17 Jul 2021 07:39:39 GMT

Thanks!

Regarding phases - does key generation occur during the second phase? Because I know that third phase is key distribution.

RE: BLE - security

Dmitry — Fri, 16 Jul 2021 21:00:12 GMT

First, public keys are exchanged. Second, confirmation and random values are sent. The channel is not encrypted at this stage, but these values are not secret.

RE: BLE - security

Roei — Fri, 16 Jul 2021 20:44:47 GMT

Thanks!

I understand that we are generating the LTK, using both sides addresses and random numbers which are sent to both sides. Can you please tell me if those numbers are sent before or after diffie-hellman? Does it happen over secured connection?

RE: BLE - security

Dmitry — Fri, 16 Jul 2021 20:38:03 GMT

Hi,

[quote userid="73410" url="~/f/nordic-q-a/77264/ble---security/319728#319728"]Why do need another step after generating diffie-hellman key?[/quote]

Short answer - direct use of shared secret is insecure. The theory is somewhat complicated but we can trust OpenSSL wiki that clearly says: "Never use a derived secret directly".

[quote userid="73410" url="~/f/nordic-q-a/77264/ble---security/320431#320431"]

In addition - what about a connection which isn't bonded?

Do we still have diffie-hellman and LTK?

[/quote]

As Einar pointed out, LTK is the only key that we have after pairing process in case of LESC - we just have an option to forget it after disconnection when bonding is not required.

RE: BLE - security

Roei — Fri, 16 Jul 2021 12:52:32 GMT

In addition - what about a connection which isn't bonded?

Do we still have diffie-hellman and LTK?

Thanks!

RE: BLE - security

Roei — Tue, 13 Jul 2021 08:59:27 GMT

Thanks!

Why do need another step after generating diffie-hellman key? What is the difference between this key and LTK?

RE: BLE - security

Einar Thorsrud — Thu, 08 Jul 2021 14:22:58 GMT

Yes. In the end, the only key that remains after the pairing procedure is the LTK. This is briefly described in the second link I provided.

RE: BLE - security

Roei — Thu, 08 Jul 2021 14:19:42 GMT

Hi,

I know that with diffie-hellman, both sides generates a key, without sharing private keys.

After it's done - we are we doing with that key? Do we use it to generate another key?

RE: BLE - security

Einar Thorsrud — Thu, 08 Jul 2021 13:02:05 GMT

Hi,

I assume you are referring to LE Secure Connections (LESC), which is where a Diffie–Hellman key exchange is used in Bluetooth. That is used so that the two peers can exchange their public keys with each other to generate a shared secret that no one else can know, even an attacker that has intercepted all of the communication. This in turn is used to generate a encryption key.

You can read more about LESC here, and refer to the Bluetooth specification for all details.