8

I would like to know what are the differences between Secure Simple Pairing and Secure Connections in Bluetooth v4.2.

Between BR/EDR legacy, BR/EDR, LE, LE legacy, I don't get it.

Piloux58
  • 81
  • 1
  • 1
  • 3
  • Recently I stumbled on exact question, and didn't find the answear. Did you manage to find the answear by yourself? As far as I understand this, it SEEMS to me, that Secure Simple Pairing and Secure Connections is the same, but I'm not sure. – yak Oct 23 '16 at 12:15

1 Answers1

11

Most answers to your questions are given in the spec Bluetooth Core, VOL1.PartA.5

Timeline

The following suites exist:

BR/EDR

  • Prior to version 2.1 => BR/EDR legacy
  • Version 2.1 => BR/EDR (uses Secure Simple Pairing)
  • Version 4.2 => BR/EDR (uses Secure Connections)

LE

  • Version 4.0 and 4.1 => LE legacy (uses Secure Simple Pairing)
  • Version 4.2 => LE (uses Secure Connections)

Legacy

It all started with the initial security algorithms (BR/EDR legacy) for the following security features:

  • pairing
  • bonding
  • device authentication
  • message encryption
  • message integrity

The algorithms used in BR/EDR legacy were not FIPS approved.

Secure Simple Pairing

This was introduced in version 2.1. Secure Simple Pairing uses FIPS-approved algorithms for pairing and message integrity and so in essence it upgraded the security of BR/EDR legacy, which is why we call this new one BR/EDR security.

Version 4.0 ported the exact same security model as BR/EDR to Low Energy (LE), with the following exceptions:

  • no Numeric Comparison equivalent
  • Just Works and Passkey Entry do not provide passive eavesdropping protection, because ECDH is not used in LE 4.0.

Secure Connections

In version 4.1, the Secure Connections feature was added to BR/EDR. This was an upgrade to the existing Secure Simple Pairing algorithms for pairing, device authentication, and message integrity. See table for a comparison with the Simple Pairing method for BR/EDR (not LE!): [BR/EDR Algorithms; Vol 2, Part H

Version 4.2 then upgraded LE as well. One of the main improvements was the adoption of ECDH for pairing. It also modified the Numeric Comparison association model to be used on Bluetooth LE. LE pairing used in 4.0 and 4.1 is since then referred to as LE Legacy. LE Secure Connections and BR/EDR Secure Connections are functionally equal.

One last word on the association methods

  • Numeric Comparison protects against passive and active attacks;
  • Just works protects against passive attacks IF ECDH is used, and never protects against active attacks;
  • Passkey entry protects against passive attacks IF ECDH is used, and should protect against an active MITM attack (although there are some doubts about that, e.g. Padovan .
  • Out Of Band security depends on the OOB method that is used.
Michael
  • 5,393
  • 2
  • 32
  • 57
  • Thank you, I've read the specification but it was somehow not very clear to me (those terms, lots of them ...) so I was overwhelmed by the information given. Your explanation is clear and simple. Thank you. – yak Oct 24 '16 at 11:28
  • Just one question about the pairing methods (Just works, OOB, etc.) are they the same in each pairing model? – yak Oct 28 '16 at 09:31
  • 3
    No, they are not. You basically again have three categories: Legacy (insecure), Secure Simple Pairing (pretty secure), and Secure connections (secure). These categories contain the methods you refer to, except for the Legacy category (which only contains the PIN method if I'm not mistaken). Section 5.2 really explains it well on only 3 pages. – Michael Oct 31 '16 at 07:31
  • You pasted the table where you compared pairing methods for BR/EDR. I'm just wondering, if you would delete the second column from this table (the one with the Legacy header), such table could be used to compare security mechanisms and available paring methods in LE, right? – Brian Brown Nov 06 '16 at 18:16
  • 2
    @BrianBrown, for a large part, but not entirely: LE SSP does not use ECDH, whereas BR/EDR SSP (table) does use ECDH. LE Secure connections and BR/EDR Secure connections are equal, but LE SSP and BR/EDR SSP are not (see the two bullet points which list the differences in my answer). (I even think that there's also a difference in message authentication: LE uses authenticated encryption in both modes, whereas I don't think BR/EDR does in SSP.) – Michael Nov 06 '16 at 18:26
  • Ok, thank you again. The last question, if you do not mind. BTW, its quite hard to find exact information in specification, at least for me. Anyway, is this: http://pasteboard.co/o57iHWlJJ.png a good comparison for LE security mechanisms? I did some reading, and it seems ok, but I'm not quite sure. – Brian Brown Nov 06 '16 at 20:03
  • Please see http://security.stackexchange.com/a/142104/38069 – Michael Nov 08 '16 at 07:15