Analysis of Bluetooth pairing protocol one
Bluetooth pairing process of Bluetooth connection whole essential part, the purpose of the pairing is shared by various methods to create a link key (Link Key) , the key is used for authentication between the authentication and encryption devices are connected to each other to interact The data makes Bluetooth technology more secure. The key can be used not only in the current connection, but also in the subsequent reconnection process of the two devices. However, if the link keys of the two parties are inconsistent during the authentication process, the pairing process must be restarted to create a new link Link Key is used in the new connection interaction process.
The link key (Link Key) is reported to the protocol stack Host through the HCI command HCI_Link_Key_Notification and saved. The storage path: /data/misc/bluedroid/bt_config.conf
The storage content is as follows:
Bluetooth Core Specification defines two standard pairing procedures:
- PIN code pairing : the pairing process used by the Bluetooth core protocol 2.0 and previous versions.
- SSP safe and simple pairing : Secure Simple Pairing, a new pairing process of the Bluetooth core protocol 2.1 and later versions, due to higher security and more convenient operation than PIN code pairing, so Bluetooth devices on the market now This pairing process is basically used.
The trigger timing of the two pairing processes is in the authentication process (Authentication Requested), requesting the Link Key from the protocol stack Host, and the Host replies that there is no link key, so that the chip starts the pairing process. Next, we briefly introduce the PIN code pairing process, and then focus on analyzing the SSP safe and simple pairing.
PIN code pairing When pairing in
this way, you need to enter a 4-digit decimal number. The pairing parties enter the same number, then the pairing process can successfully create a shared link key (Link Key).
The main process is as follows:
SSP Secure Simple Pairing
The main purpose of the newly added SSP Secure Simple Pairing is to simplify the pairing process for users, and the secondary purpose is to maintain or improve the security of Bluetooth wireless technology. Since in many technologies and products, the degree of high security and ease of use are often opposite, from the end user's point of view, the ultimate goal is to maximize security while minimizing complexity.
The safe and simple pairing process has the following two safety goals:
- Prevent passive eavesdropping
- Prevent man-in-the-middle (MITM) attacks
The SSP process determines which of the following models to use based on the I/O capabilities of the two paired and connected Bluetooth devices:
1. Numeric Comparison : Digital comparison model. Both paired and connected Bluetooth devices have a screen showing a six-digit number, and There is an option for the user to input "Yes" or "No".
The range of the 6 digits displayed is: 000000~999999. The user compares whether the numbers displayed on the two devices are the same. The pairing can be successful after confirming Yes on even each device, which can effectively prevent MITM attacks.
Usage scenarios: mobile phones, car machines, personal computers and other devices with screens that can display six digits and provide Yes/No options for pairing.
2. Passkey Entry : Password input model. One of the paired connected devices has input capability but not the ability to display six digits, and the other device has the ability to output and display six digits. Only a device with input capabilities correctly enters the six-digit number displayed on another device, and the pairing can be successful, effectively preventing MITM attacks.
Usage scenario: For a combination of mobile phone and Bluetooth keyboard, one device has only input capability, and the other device has output display capability.
3. Just Works : working model, at least one of the paired connected devices does not have a display capable of displaying six digits, nor a keyboard capable of inputting six digits. This model uses a numeric comparison similar to Numeric Comparison, but does not show the six digits to the user. The application can simply ask the user to accept the connection. Since the pairing process cannot be seen, and the pairing is always agreed, it cannot prevent MITM attacks.
Usage scenario: Bluetooth headsets are paired with other devices, because most Bluetooth headsets have no display or digital input function.
4. Out Of Band : OOB for short. Two paired devices exchange pairing information through other means, such as Bluetooth speakers with NFC function, but this model is rarely used, so I won't explain it too much in this article.
The above four models are safe and simple pairing SSP models. Each model has its own usage scenario. According to the specific conditions of the paired connection device, it is determined which model to use to let the user determine whether to pair. For details, please refer to Vol 1 -> Part A -> 5.2.4 Association models of the Bluetooth core protocol "Core_v5.2.pdf".
This article will stop here for the analysis of the Bluetooth pairing protocol, and the next article will continue to analyze the complete process of SSP. Interested friends are welcome to private message and leave a message to discuss together.
For more interconnection technologies, please pay attention to the WeChat public account: Connectivity
