0

How does BLE secure communications between devices?

BLE 4.0 supports AES128, and the key exchange is done using DH. However, it is often reported that BLE 4.0 has security issues. What specifically about the key exchange makes the communication channel insecure?

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
John M.
  • 311
  • 1
  • 2
  • 5
  • I'm seeing a lot of material on BLE 4.0 security issues. Can you include the research you've done and where your gaps in understanding are? – schroeder Oct 08 '15 at 14:32
  • 1
    Bluetooth Low Energy (BLE) 4+ uses AES128 but only 4.2 uses ECDH for the key exchange. 4.0 & 4.1 do not use ECDH. The problems stem from key exchange in bonding and pairing processes. http://stackoverflow.com/questions/17963954/bluetooth-low-energy-encryption-and-data-safety provides some information on controls but doesn’t sufficiently cover attacks. I’ll see if I can pull together a better post later. – Paraplastic2 Oct 08 '15 at 18:50
  • 4
    I’ve been trying to find a link to Mike Ryan’s paper but I can’t anymore. I started writing something but this http://security.stackexchange.com/questions/100443/security-of-bluetooth-low-energy-ble-link-layer-encryption?rq=1 covers your question pretty well. The references provide more details to dig deeper into issues than anyone could go into here. More so if you can find Mike Ryan’s paper. – Paraplastic2 Oct 16 '15 at 19:06

0 Answers0