SlideShare a Scribd company logo

DC4420 Bluetooth Security

C
Craig Heath

Bluetooth has been around now for 20 years; over that time the number of security features in the specification has greatly increased, but many of those security features are optional and may or may not be implemented by device vendors. This talk gives a brief overview of the evolution of Bluetooth security features, then going into detail on how the security characteristics of a Bluetooth connection are determined, depending on which features are implemented by the vendors of the devices involved. We conclude by covering the questions that vendors need to answer, to determine whether the security of their device is adequate for its intended purpose.

Technology
1 of 17
Download to read offline
Bluetooth Security: Where are we now and how did we get here? Craig Heath @heathcr 29 Oct 2019 DC4420
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security: Topics 29 Oct 2019 2  (very) brief history of Bluetooth  (very) high-level architecture overview  Security features by version  How device security capabilities interact  What vendors should tell you, but don’t  What security-sensitive users should do
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth Core Specification History 29 Oct 2019 3 Year Version Main Features Pages 1999 1.0 Basic Rate (BR) 1082 2001 1.1 interoperability fixes 1084 2003 1.2 frequency hopping 1200 2004 2.0 Enhanced Data Rate (EDR) 1230 2007 2.1 Secure Simple Pairing (SSP) 1420 2009 3.0 High Speed (HS / AMP) 1712 2010 4.0 Low Energy (LE) 2302 2013 4.1 LTE-friendly, IoT enhancements 2684 2014 4.2 Low power IPv6 support 2772 2017 5.0 Improved range/speed, connectionless beacons 2822 2019 5.1 Indoor positioning, power optimisation 2985
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth Architecture Overview 29 Oct 2019 4 HCI HostAudio L2CAP BNEP RFCOMM SDP OBEX PAN Applications TCSAVCTP GATT SMP OPP Other BR/EDR profiles … A2DP, AVCRP LE profiles … Baseband Radio Link Controller Link Manager (LMP) Controller ATT Generic Access Profile Generic protocols Application profiles SPP Application Presentation Session Transport Network Data Link Physical Software/Hardware Component View Network Layer View (approximate)
© Franklin Heath Ltd c b CC BY 4.0 Security Features of Bluetooth Versions 29 Oct 2019 5 Version Security Enhancements <= 2.0 BR/EDR Security Modes 1, 2 and 3 2.1 Secure Simple Pairing (SSP) + Security Mode 4 3.0 no significant changes 4.0 LE Security Modes 1 and 2 4.1 BR/EDR “Secure Connections” 4.2 LE Secure Connections, LE Privacy 5.0 no significant changes 5.1 no significant changes
© Franklin Heath Ltd c b CC BY 4.0 How Security Modes and Levels are Determined 29 Oct 2019 6 1. A pairing “association model” is chosen based on the capabilities of the 2 devices  Out-of-Band authentication tokens  I/O capabilities (e.g. keyboard input) 2. Either or both of the devices may request Secure Connections and/or Man-in-the-Middle protection 3. The key establishment protocol is negotiated 4. A persistent shared secret link key is then established for the pair of devices
© Franklin Heath Ltd c b CC BY 4.0 Pairing Association Models 29 Oct 2019 7  legacy PIN  Just Works  Passkey Entry  Numeric Comparison  Out-of-Band
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security Algorithms 29 Oct 2019 8 BR/EDR Versions LE Versions 1.0 2.1 4.1 4.0 4.2 (legacy) Secure Simple Pairing Secure Connections LE Legacy Pairing LE Secure Connections Key Exchange E21/E22 (SAFER+) ECDH P-192, HMAC-SHA-256 ECDH P-256, HMAC-SHA-256 AES-128 ECDH P-256, AES-CMAC Authentication E1 (SAFER+) HMAC-SHA-256 AES-CCM Encryption E0 (Massey-Rueppel) AES-CCM
© Franklin Heath Ltd c b CC BY 4.0 Security Modes After Pairing 29 Oct 2019 9 BR/EDR Versions BR/EDR Security Modes LE Versions LE Security Modes legacy (PIN) All Mode 2 or 3 None - Just Works 2.1+ Mode 4 Levels 0, 1 or 2 4.0+ Mode 1 Level 1 or 2, or Mode 2 Level 1 Passkey Entry 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Out of Band 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Numeric Comparison 2.1+ Mode 4 all levels* 4.2+ Mode 1 or Mode 2 all levels* * BR/EDR Mode 4 Level 4 and LE Mode 1 Level 4 are only available if both devices support Secure Connections
© Franklin Heath Ltd c b CC BY 4.0 BR/EDR Security Mode 4 Levels 29 Oct 2019 10 Mode 4 Security Level Man-in-the- Middle Protection User Interaction During Pairing Data Confidentiality 0 No No No 1 No Minimal No 2 No Minimal Standard 3 Yes Yes Standard 4 Yes Yes Strong
© Franklin Heath Ltd c b CC BY 4.0 LE Security Modes and Levels 29 Oct 2019 11 Bluetooth LE Security Mode and Level Authenticated Pairing Data Integrity Data Confidentiality Mode 1 Level 1 No No No Mode 2 Level 1 No Yes No Mode 1 Level 2 No Yes Standard Mode 2 Level 2 Yes Yes No Mode 1 Level 3 Yes Yes Standard Mode 1 Level 4 Yes Yes Strong
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth Secure Simple Pairing Association Models 29 Oct 2019 12 Table 1A Initiator: OOB flag Yes No Responder: OOBflag Yes OOB OOB No OOB Table 1B Table 1B Initiator: MITM flag Yes No Responder: MITMflag Yes Table 1C Table 1C No Table 1C Just Works Table 1C Initiator IO Capability KeyboardOnly DisplayYesNo DisplayOnly NoInputNoOutput ResponderIOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo Passkey Entry Numeric Compar­- ison Just Works Just Works DisplayOnly Passkey Entry Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works
© Franklin Heath Ltd c b CC BY 4.0 Bluetooth LE Pairing Association Models 29 Oct 2019 13 Table 2A Initiator: OOB flag On Off SC flag SC flag On Off On Off Responder:OOBflag On SCflag On OOB OOB OOB Table 2B Off OOB OOB Table 2B Table 2B Off SCflag On OOB Table 2B Table 2B Table 2B Off Table 2B Table 2B Table 2B Table 2B Table 2B Initiator: MITM flag On Off Responder: MITMflag On Table 2C Table 2C Off Table 2C Just Works Table 2C Initiator: IO Capability KeyboardOnly KeyboardDisplay DisplayYesNo DisplayOnly NoInputNoOutput SC flag SC flag On Off On Off Responder:IOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works KeyboardDisplay SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Passkey Entry Passkey Entry Just Works Off Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Just Works Just Works Just Works Off Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works DisplayOnly Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works Just Works Just Works Just Works
© Franklin Heath Ltd c b CC BY 4.0 What does “Qualification” Mean? 29 Oct 2019 14  What Bluetooth SIG conformance testing is called  Conformance test suites  Implementation eXtra Information for Testing (IXIT)  Implementation Conformance Statement (ICS)  Public listing  Older specification versions are deprecated, and as of this year are starting to be completely withdrawn
© Franklin Heath Ltd c b CC BY 4.0 Questions Bluetooth Device Vendors Should Answer 29 Oct 2019 15  Is it qualified against a Bluetooth Core Specification version of 4.2 or better?  Does it include the optional Secure Connections feature?  (If LE or dual-mode) Does it include the optional LE Privacy feature?  Does it have the “Secure Connections Only” mode? How selected?  If not, what minimum security attributes are implemented for each Bluetooth service offered?  What minimum effective encryption key length is enforced?  Is there a maximum effective encryption key length enforced?  Does it request Man-in-the-Middle protection during pairing?
© Franklin Heath Ltd c b CC BY 4.0 What Else Can Security-Sensitive Device Admins Do? 29 Oct 2019 16  Devices *and accessories* must be maintained with regular security patches.  When connecting two devices (or a device and an accessory), at least one of the pair must have Secure Connections Only mode turned on.  Tethering of devices using the Bluetooth PAN profile should be discouraged.  Users of Bluetooth BR/EDR accessories should be made aware that they may be exposing trackable device identification.  If it *really* matters: Vendor claims should be validated by independent testing to verify that appropriate security modes, levels and key lengths are being used in practice.
© Franklin Heath Ltd c b CC BY 4.0 Thank You! 29 Oct 2019 craig@franklinheath.co.uk @heathcr @franklinheath 17

Recommended

CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2
Nil Menon
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3
Irsandi Hasan
 
Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1
Hamza Malik
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
Irsandi Hasan
 
Ccna v5-S1-Chapter 4
Ccna v5-S1-Chapter 4Ccna v5-S1-Chapter 4
Ccna v5-S1-Chapter 4
Hamza Malik
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
FIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Case Study: Performance Comparison of Mulitmodal BiometricsFIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Alliance
 
Raspberry PI Based Home Appliances Control System using Microcontroller
Raspberry PI Based Home Appliances Control System using MicrocontrollerRaspberry PI Based Home Appliances Control System using Microcontroller
Raspberry PI Based Home Appliances Control System using Microcontroller
ijtsrd
 

Recommended

CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2
Nil Menon
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3
Irsandi Hasan
 
Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1Ccna v5-S1-Chapter 1
Ccna v5-S1-Chapter 1
Hamza Malik
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
Irsandi Hasan
 
Ccna v5-S1-Chapter 4
Ccna v5-S1-Chapter 4Ccna v5-S1-Chapter 4
Ccna v5-S1-Chapter 4
Hamza Malik
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
FIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Case Study: Performance Comparison of Mulitmodal BiometricsFIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Case Study: Performance Comparison of Mulitmodal Biometrics
FIDO Alliance
 
Raspberry PI Based Home Appliances Control System using Microcontroller
Raspberry PI Based Home Appliances Control System using MicrocontrollerRaspberry PI Based Home Appliances Control System using Microcontroller
Raspberry PI Based Home Appliances Control System using Microcontroller
ijtsrd
 
CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2
Irsandi Hasan
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
Irsandi Hasan
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
Hamza Malik
 
CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5
Irsandi Hasan
 
Performance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPPerformance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIP
ijtsrd
 
Chapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating SystemChapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating System
Yaser Rahmati
 
Profinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownProfinet security and safety update - Peter Brown
Profinet security and safety update - Peter Brown
PROFIBUS and PROFINET InternationaI - PI UK
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2
Irsandi Hasan
 
Itn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkItn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the network
joehurst87
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
Irsandi Hasan
 
Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1 Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1
NFC Forum
 
Bluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPTBluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPT
Bilal Maqbool ツ
 
Bluetooth
BluetoothBluetooth
Bluetooth
Pankaj Nayak
 
Bluetooth (1).ppt
Bluetooth (1).pptBluetooth (1).ppt
Bluetooth (1).ppt
ShabirAli20
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
Roshini5096
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
asiamohamed1909
 
Io t protocols overview
Io t protocols overviewIo t protocols overview
Io t protocols overview
Clint Smith
 
Bluetooth
BluetoothBluetooth
Bluetooth
Sarah Saqib
 
Bluetooth 17 18
Bluetooth 17 18Bluetooth 17 18
Bluetooth 17 18
rajeshvbe
 
It fundamentals
It fundamentalsIt fundamentals
It fundamentals
Florencepascual1
 
Manual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacionManual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacionJose Montilla
 
Bluetooth Presentation
Bluetooth PresentationBluetooth Presentation
Bluetooth Presentation
guest664c3f
 

More Related Content

What's hot

CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2
Irsandi Hasan
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
Irsandi Hasan
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
Hamza Malik
 
CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5
Irsandi Hasan
 
Performance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPPerformance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIP
ijtsrd
 
Chapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating SystemChapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating System
Yaser Rahmati
 
Profinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownProfinet security and safety update - Peter Brown
Profinet security and safety update - Peter Brown
PROFIBUS and PROFINET InternationaI - PI UK
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2
Irsandi Hasan
 
Itn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkItn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the network
joehurst87
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
Irsandi Hasan
 

What's hot (10)

CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2
 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
 
CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5CCNA RS_ITN - Chapter 5
CCNA RS_ITN - Chapter 5
 
Performance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPPerformance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIP
 
Chapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating SystemChapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating System
 
Profinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownProfinet security and safety update - Peter Brown
Profinet security and safety update - Peter Brown
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2
 
Itn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the networkItn instructor ppt_chapter1 - exploring the network
Itn instructor ppt_chapter1 - exploring the network
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 

Similar to DC4420 Bluetooth Security

Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1 Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1
NFC Forum
 
Bluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPTBluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPT
Bilal Maqbool ツ
 
Bluetooth
BluetoothBluetooth
Bluetooth
Pankaj Nayak
 
Bluetooth (1).ppt
Bluetooth (1).pptBluetooth (1).ppt
Bluetooth (1).ppt
ShabirAli20
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
Roshini5096
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
asiamohamed1909
 
Io t protocols overview
Io t protocols overviewIo t protocols overview
Io t protocols overview
Clint Smith
 
Bluetooth
BluetoothBluetooth
Bluetooth
Sarah Saqib
 
Bluetooth 17 18
Bluetooth 17 18Bluetooth 17 18
Bluetooth 17 18
rajeshvbe
 
It fundamentals
It fundamentalsIt fundamentals
It fundamentals
Florencepascual1
 
Manual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacionManual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacionJose Montilla
 
Bluetooth Presentation
Bluetooth PresentationBluetooth Presentation
Bluetooth Presentation
guest664c3f
 
IT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIOIT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIO
Serena Rinaldi Lambiase
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile device
Anaren, Inc.
 
Bluetooth
BluetoothBluetooth
Bluetooth
Mohit Patodia
 
Bluetooth
BluetoothBluetooth
Bluetooth
Daniel Muñoz Melendez
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
kashyap velpuru
 
Demo of bluetooh
Demo of bluetoohDemo of bluetooh
Demo of bluetooh
akshay
 
Bluetooth Technology
Bluetooth TechnologyBluetooth Technology
Bluetooth TechnologyManish Sharma
 
A Brief Introduction to Bluetooth Low Energy (BLE) on iOS
A Brief Introduction to Bluetooth Low Energy (BLE) on iOSA Brief Introduction to Bluetooth Low Energy (BLE) on iOS
A Brief Introduction to Bluetooth Low Energy (BLE) on iOS
Matt Whitlock
 

Similar to DC4420 Bluetooth Security (20)

Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1 Bluetooth Secure Simple Pairing Using NFC Part 1
Bluetooth Secure Simple Pairing Using NFC Part 1
 
Bluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPTBluetooth 27 01-12 PPT
Bluetooth 27 01-12 PPT
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth (1).ppt
Bluetooth (1).pptBluetooth (1).ppt
Bluetooth (1).ppt
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
 
Io t protocols overview
Io t protocols overviewIo t protocols overview
Io t protocols overview
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth 17 18
Bluetooth 17 18Bluetooth 17 18
Bluetooth 17 18
 
It fundamentals
It fundamentalsIt fundamentals
It fundamentals
 
Manual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacionManual b420 tarjeta de comunicacion
Manual b420 tarjeta de comunicacion
 
Bluetooth Presentation
Bluetooth PresentationBluetooth Presentation
Bluetooth Presentation
 
IT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIOIT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIO
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile device
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
 
Demo of bluetooh
Demo of bluetoohDemo of bluetooh
Demo of bluetooh
 
Bluetooth Technology
Bluetooth TechnologyBluetooth Technology
Bluetooth Technology
 
A Brief Introduction to Bluetooth Low Energy (BLE) on iOS
A Brief Introduction to Bluetooth Low Energy (BLE) on iOSA Brief Introduction to Bluetooth Low Energy (BLE) on iOS
A Brief Introduction to Bluetooth Low Energy (BLE) on iOS
 

More from Craig Heath

What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Craig Heath
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Craig Heath
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
Craig Heath
 

More from Craig Heath (8)

What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
 

Recently uploaded

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

DC4420 Bluetooth Security

  • 1. Bluetooth Security: Where are we now and how did we get here? Craig Heath @heathcr 29 Oct 2019 DC4420
  • 2. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security: Topics 29 Oct 2019 2  (very) brief history of Bluetooth  (very) high-level architecture overview  Security features by version  How device security capabilities interact  What vendors should tell you, but don’t  What security-sensitive users should do
  • 3. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Core Specification History 29 Oct 2019 3 Year Version Main Features Pages 1999 1.0 Basic Rate (BR) 1082 2001 1.1 interoperability fixes 1084 2003 1.2 frequency hopping 1200 2004 2.0 Enhanced Data Rate (EDR) 1230 2007 2.1 Secure Simple Pairing (SSP) 1420 2009 3.0 High Speed (HS / AMP) 1712 2010 4.0 Low Energy (LE) 2302 2013 4.1 LTE-friendly, IoT enhancements 2684 2014 4.2 Low power IPv6 support 2772 2017 5.0 Improved range/speed, connectionless beacons 2822 2019 5.1 Indoor positioning, power optimisation 2985
  • 4. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Architecture Overview 29 Oct 2019 4 HCI HostAudio L2CAP BNEP RFCOMM SDP OBEX PAN Applications TCSAVCTP GATT SMP OPP Other BR/EDR profiles … A2DP, AVCRP LE profiles … Baseband Radio Link Controller Link Manager (LMP) Controller ATT Generic Access Profile Generic protocols Application profiles SPP Application Presentation Session Transport Network Data Link Physical Software/Hardware Component View Network Layer View (approximate)
  • 5. © Franklin Heath Ltd c b CC BY 4.0 Security Features of Bluetooth Versions 29 Oct 2019 5 Version Security Enhancements <= 2.0 BR/EDR Security Modes 1, 2 and 3 2.1 Secure Simple Pairing (SSP) + Security Mode 4 3.0 no significant changes 4.0 LE Security Modes 1 and 2 4.1 BR/EDR “Secure Connections” 4.2 LE Secure Connections, LE Privacy 5.0 no significant changes 5.1 no significant changes
  • 6. © Franklin Heath Ltd c b CC BY 4.0 How Security Modes and Levels are Determined 29 Oct 2019 6 1. A pairing “association model” is chosen based on the capabilities of the 2 devices  Out-of-Band authentication tokens  I/O capabilities (e.g. keyboard input) 2. Either or both of the devices may request Secure Connections and/or Man-in-the-Middle protection 3. The key establishment protocol is negotiated 4. A persistent shared secret link key is then established for the pair of devices
  • 7. © Franklin Heath Ltd c b CC BY 4.0 Pairing Association Models 29 Oct 2019 7  legacy PIN  Just Works  Passkey Entry  Numeric Comparison  Out-of-Band
  • 8. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Security Algorithms 29 Oct 2019 8 BR/EDR Versions LE Versions 1.0 2.1 4.1 4.0 4.2 (legacy) Secure Simple Pairing Secure Connections LE Legacy Pairing LE Secure Connections Key Exchange E21/E22 (SAFER+) ECDH P-192, HMAC-SHA-256 ECDH P-256, HMAC-SHA-256 AES-128 ECDH P-256, AES-CMAC Authentication E1 (SAFER+) HMAC-SHA-256 AES-CCM Encryption E0 (Massey-Rueppel) AES-CCM
  • 9. © Franklin Heath Ltd c b CC BY 4.0 Security Modes After Pairing 29 Oct 2019 9 BR/EDR Versions BR/EDR Security Modes LE Versions LE Security Modes legacy (PIN) All Mode 2 or 3 None - Just Works 2.1+ Mode 4 Levels 0, 1 or 2 4.0+ Mode 1 Level 1 or 2, or Mode 2 Level 1 Passkey Entry 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Out of Band 2.1+ Mode 4 all levels* 4.0+ Mode 1 or Mode 2 all levels* Numeric Comparison 2.1+ Mode 4 all levels* 4.2+ Mode 1 or Mode 2 all levels* * BR/EDR Mode 4 Level 4 and LE Mode 1 Level 4 are only available if both devices support Secure Connections
  • 10. © Franklin Heath Ltd c b CC BY 4.0 BR/EDR Security Mode 4 Levels 29 Oct 2019 10 Mode 4 Security Level Man-in-the- Middle Protection User Interaction During Pairing Data Confidentiality 0 No No No 1 No Minimal No 2 No Minimal Standard 3 Yes Yes Standard 4 Yes Yes Strong
  • 11. © Franklin Heath Ltd c b CC BY 4.0 LE Security Modes and Levels 29 Oct 2019 11 Bluetooth LE Security Mode and Level Authenticated Pairing Data Integrity Data Confidentiality Mode 1 Level 1 No No No Mode 2 Level 1 No Yes No Mode 1 Level 2 No Yes Standard Mode 2 Level 2 Yes Yes No Mode 1 Level 3 Yes Yes Standard Mode 1 Level 4 Yes Yes Strong
  • 12. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth Secure Simple Pairing Association Models 29 Oct 2019 12 Table 1A Initiator: OOB flag Yes No Responder: OOBflag Yes OOB OOB No OOB Table 1B Table 1B Initiator: MITM flag Yes No Responder: MITMflag Yes Table 1C Table 1C No Table 1C Just Works Table 1C Initiator IO Capability KeyboardOnly DisplayYesNo DisplayOnly NoInputNoOutput ResponderIOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo Passkey Entry Numeric Compar­- ison Just Works Just Works DisplayOnly Passkey Entry Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works
  • 13. © Franklin Heath Ltd c b CC BY 4.0 Bluetooth LE Pairing Association Models 29 Oct 2019 13 Table 2A Initiator: OOB flag On Off SC flag SC flag On Off On Off Responder:OOBflag On SCflag On OOB OOB OOB Table 2B Off OOB OOB Table 2B Table 2B Off SCflag On OOB Table 2B Table 2B Table 2B Off Table 2B Table 2B Table 2B Table 2B Table 2B Initiator: MITM flag On Off Responder: MITMflag On Table 2C Table 2C Off Table 2C Just Works Table 2C Initiator: IO Capability KeyboardOnly KeyboardDisplay DisplayYesNo DisplayOnly NoInputNoOutput SC flag SC flag On Off On Off Responder:IOCapability KeyboardOnly Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works KeyboardDisplay SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Passkey Entry Passkey Entry Just Works Off Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Passkey Entry Just Works DisplayYesNo SCflag On Passkey Entry Numeric Compar- ison Passkey Entry Numeric Compar- ison Just Works Just Works Just Works Off Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works DisplayOnly Passkey Entry Passkey Entry Passkey Entry Just Works Just Works Just Works Just Works NoInputNoOutput Just Works Just Works Just Works Just Works Just Works Just Works Just Works
  • 14. © Franklin Heath Ltd c b CC BY 4.0 What does “Qualification” Mean? 29 Oct 2019 14  What Bluetooth SIG conformance testing is called  Conformance test suites  Implementation eXtra Information for Testing (IXIT)  Implementation Conformance Statement (ICS)  Public listing  Older specification versions are deprecated, and as of this year are starting to be completely withdrawn
  • 15. © Franklin Heath Ltd c b CC BY 4.0 Questions Bluetooth Device Vendors Should Answer 29 Oct 2019 15  Is it qualified against a Bluetooth Core Specification version of 4.2 or better?  Does it include the optional Secure Connections feature?  (If LE or dual-mode) Does it include the optional LE Privacy feature?  Does it have the “Secure Connections Only” mode? How selected?  If not, what minimum security attributes are implemented for each Bluetooth service offered?  What minimum effective encryption key length is enforced?  Is there a maximum effective encryption key length enforced?  Does it request Man-in-the-Middle protection during pairing?
  • 16. © Franklin Heath Ltd c b CC BY 4.0 What Else Can Security-Sensitive Device Admins Do? 29 Oct 2019 16  Devices *and accessories* must be maintained with regular security patches.  When connecting two devices (or a device and an accessory), at least one of the pair must have Secure Connections Only mode turned on.  Tethering of devices using the Bluetooth PAN profile should be discouraged.  Users of Bluetooth BR/EDR accessories should be made aware that they may be exposing trackable device identification.  If it *really* matters: Vendor claims should be validated by independent testing to verify that appropriate security modes, levels and key lengths are being used in practice.
  • 17. © Franklin Heath Ltd c b CC BY 4.0 Thank You! 29 Oct 2019 craig@franklinheath.co.uk @heathcr @franklinheath 17