Mumbai University > Information Technology > Sem 7 > Wireless Technology

Marks: 10M

Year: May 2016

Bluetooth security supports authentication and encryption. Authentication verifies who is at the other end of the link. Encryption ensures confidentiality of data. Even if a third party hacks the data, it is in encrypted form and not in original form.

1. Pairing:

   When two devices communicate for the first time, there is a pairing procedure. In this procedure, a secret key is generated. This key is shared by both the devices. It is stored in each device. When the devices want to communicate in future, there is no pairing procedure.

2. Security modes of a device: There are three security modes to a device.

3. Non-secure: A device will not initiate any security procedure.
4. Service level enforced security: A device does not initiate security procedures before channel establishment at the L2CAP level.
5. Link level enforced security: A device initiates security procedures before link set up at LMP is completed.

1. Bluetooth security levels

There are 2 kinds of security levels:

Authentication and Authorization

• Types of services: Different services have different service requirements. Some services require authentication and authorization. Some services require only authentication and not authorization. Some services don’t require both authentication and authorization.
• Authentication: Authentication is performed after determining the type of service. It cannot be performed when ACL link is established. It is performed only when connection request to service is submitted. It can be performed in both directions: client authenticates server and vice versa.
• Authentication procedure:
  • Connection request to L2CAP is sent
  • L2CAP requests access from security manager
  • Security manager enquires the service database
  • Security manager enquires the device database
  • If necessary, security manager enforces the authentication and encryption procedure.
  • The security manager grants access and L2CAP continues to set up the connection.

• Authorization: Some services require manual authorization of the device after authentication only then, these services can be accessed. This leads to the concept of trust. There are two kinds of device trust levels:
  • Trusted device: It has fixed relationship (paired) and unrestricted access to all services.
  • Untrusted device: This device has been previously authenticated, a link key is stored, but the device is not marked as trusted in device database.
  • An unknown device is also an untrusted device. No security information is available for this device.