Our Bluetooth 5.0 smartBASIC modules (BL652, BL653, BL654) have the capability of supporting LE Secure Connections Pairing as well as encryption. LE Secure Connection is an enhanced security feature introduced in Bluetooth v4.2. It uses a Federal Information Processing Standards (FIPS) compliant algorithm called Elliptic Curve Diffie Hellman (ECDH) for key generation.
LE Secure Connections, supports four association models:
- Just Works
- Numeric Comparison (Only for LE Secure Connections)
- Passkey Entry
- Out of Band (OOB)
Additional information about LE Secure Connections and the models can be found here: www.bluetooth.com.
Our Bluetooth 4.0 smartBASIC modules (BT900 /BL600 /BL620) support Simple Secure Pairing and Encryption
Additional information about Simple Secure Pairing can be found here:
lairdconnect.com/resources/newsroom/secure-ble-pairing-iot
lairdconnect.com/resources/white-papers/ble-and-lairds-bl6x0-series-bt900-modules-guide-security-and-privacy
We recommend reviewing the Pairing, Bonding and Security Manager functions in the BL6xx/BT900 smartBASIC Extensions User Guides. The full security of the Bluetooth/Bluetooth Low Energy connection will depend largely on how the smartBASIC application is written, and what the input/output capabilities are of the devices that are connecting. If either device will not have any input/output capabilities then pairing will have to default to Just Works, which is the least secure pairing method. However there are additional layers of security that can be added to increase protection from hacking when the Just Works pairing model is used.
With Bluetooth Low Energy, to further secure the connection, it is recommended that the metadata for the characteristic attributes are configured for Encryption with man-in-the-middle protection for characteristic value access. This will prevent anyone from accessing data on the module without proper encryption keys. (See BleAttrMetadataEx
in the BL6xx/BT900 smartBASIC Extensions User Guides.) Additionally, when using Just Works pairing, or any time additional security is required, we recommend adding a challenge/response question to the application layer, with a timer, which expects the connecting device to respond to the challenge question in a specified period of time after a connection has occurred. If the correct response is not received within that time period the application would force a disconnection. Finally, whisper mode pairing can be used during the pairing process as an additional layer of security. This is accomplished by reducing the Tx power while pairing using BleTxPwrWhilePairing
as per the BL6xx/BT900 smartBASIC Extensions User Guide, which will reduce the radius which a hacker would need to breach in order to capture or spoof the encryption procedure.