Bluetooth Low Energy Security: Keys, Modes & Bluetooth 4.2

Published By

Bluetooth Low Energy was designed with an AES-128 encryption for security. While AES-128 is one of the most robust encryption schemes, it’s important to understand how keys are exchanged to really evaluate the true level of security.

BLE has five main keys:

• Temporary Key
• Short-Term Key
• Long-Term Key
• Identity Resolving Key
• Connection Signature Key

Security Keys: Bluetooth Pairing, Encryption & Authentication

The temporary key is used during the Bluetooth pairing process. The short term key is used as the key for encrypting a connection the very first time devices pair. The short term key is generated by using three pieces of information: the Temporary Key, and two random numbers, one generated by the slave and one generated by the master.

Once the connection is encrypted with the short term key, the other keys are distributed.  The Long Term Key replaces the short term key to encrypt the connection. The Identity Resolving Key is used for privacy. The Connection Signature Key is used for authentication.

With all this, can you be sure nobody can eavesdrop on the communication? In fact, with Bluetooth 4.0 and 4.1, a weakness exists at the temporary key generation. Encryption is like a chain -- it is as strong as the weakest link.

In Bluetooth 4.0 and 4.1, three options are specified for the short-term key:
• Just Works
• Passkey Entry
• Out of Band.

Bluetooth Pairing Modes: Just Works, Passkey Entry & OOB

“Just Works” is a mode designed to make the connection to Bluetooth Low Energy devices possible when very limited user interfaces prevent user entry or verification of pass key values. The temporary in this situation is zero. It is obvious this scenario is vulnerable to attacks.

The mode “Passkey Entry” is used when the user interfaces on both devices allow at least the display or entry of a number value. This value can take any integer between 0 and 999999. This number is not complex enough to withstand brute force attack. 

See related product


Adafruit Industries RF/Wireless Development Boards and Kits View

The last mode is the “Out Of Band” algorithm when the Temporary Key has been shared by using another technology than Bluetooth. NFC technology is the common one and is considered as secure. Bottom line, among the three modes to share the Temporary Key, only one can be considered as secure against eavesdropping.

Bluetooth 4.2 Low Energy

Bluetooth Low Energy 4.2 resolved this problem by implementing the Diffie-Hellman scheme. As often in encryption, this protocol is based on simple mathematics that is difficult to solve. Prime numbers are often the base of encryption protocols. 

If p is a large prime number, g an integer in {1,…,p} and x a chosen randomly in {1,…, p-1}, knowing the result , there is no known efficient algorithm to calculate x. Then, with two numbers x and y, it is very easy to perform exponential operation to end up with a key, but very hard to reverse the operation to discover the key.

If Alice and Bob want to share the key and there is an eavesdropper between them, the following steps are performed to share the key:

0316 Security for BLE In Article 1 V2

Several Diffie-Hellman variants exist. In Bluetooth 4.2, the Elliptic Curve Diffie-Hellman is implemented. Instead of a function modulo p, the problem to resolve is an elliptic curve in the form of  that is more complex mathematically but needs less bits to perform the operation and hence is more and more privileged. The Diffie-Hellman protocol makes the version 4.2 of Bluetooth Low Energy robust against eavesdroppers.

Related news articles

Latest News

Sorry, your filter selection returned no results.

We've updated our privacy policy. Please take a moment to review these changes. By clicking I Agree to Arrow Electronics Terms Of Use  and have read and understand the Privacy Policy and Cookie Policy.

Our website places cookies on your device to improve your experience and to improve our site. Read more about the cookies we use and how to disable them here. Cookies and tracking technologies may be used for marketing purposes.
By clicking “Accept”, you are consenting to placement of cookies on your device and to our use of tracking technologies. Click “Read More” below for more information and instructions on how to disable cookies and tracking technologies. While acceptance of cookies and tracking technologies is voluntary, disabling them may result in the website not working properly, and certain advertisements may be less relevant to you.
We respect your privacy. Read our privacy policy here