Establishing a Secure BLE Connection

March 5, 2021
images


Recently, Bluetooth Low Energy (BLE) has become one of the most popular wireless standards for IoT devices. Most applications are now using this technology to transfer sensitive information between devices. Therefore, designers looking to integrate BLE into their products should be aware of the BLE security features and limitations. 

The main security issues with the pairing between devices with BLE are passive eavesdropping, man in the middle (MITM) attacks and identity tracking. 

BLE offers several security features and levels for communication between devices. A designers has to be aware of the specific security threats facing BLE, and try to implement and mitigate security risk in both hardware and firmware design.

BleuIO team is continuously updating its firmware and libraries to make the BLE connection more secure between devices.

At the moment, we have Numeric Comparison, Just Works or Passkey Entry for pairing and bonding. 

  • Numeric Comparison: In this scenario, both the devices have a display unit able to display a six-digit number. Both displays show the same number, and the user is asked to confirm that these numbers match. 
  • Passkey Entry: The Passkey Entry is initially intended for the case that one device has a keyboard, but no display unit and the other device has at least a display unit, for example, a BLE and a PC keyboard scenario. The user is shown a six-digit number (from “000000” to “999999”) on the device with a display and then is asked to enter the number on the other device. If the value entered on the second device is correct, the pairing is successful.
  • Just Works: This model is primarily intended for the most constrained devices in terms of I/O. The Just Works association model uses the Numeric Comparison protocol, but the user is never shown a number, and the application may simply ask the user to accept the connection. This method doesn’t offer protection against a Man in the Middle (MITM) attack, but it provides the same protection level against passive eavesdropping as the Numeric Comparison.

BleuIO security features :

  • Set the passkey for passkey authentication on your dongle yourself.
  • Set the minimum security level your dongle will use. This can be done either when already connected to a device or before. If the device you are connecting to does not meet the security level requirement, the dongle will disconnect from it.
  • Choose if the dongle should auto accept the numeric comparison authentication request or manually.
  • Can access protected characteristics that need an increased Security Level. 

Please take a look at our Get Started guide to know more about it. 

Following video shows how to securely pair between two BleuIO devices.

Share this post on :
    LinkedIn