Security

BLE Security Overview

TruConnect supports Security Mode 1 (encryption) with its first three levels:

TruConnect encryption is managed with two encryption variables:

TruConnect supports encryption using three of the possible key types: "Just Works" (keyless), keyed with a 6 digit pin code, or keyed with a 128 bit hex string.

The table below provides details of the available systems.

References are to Specification of the Bluetooth System, core package version 4.0. See https://www.bluetooth.org.

Enabled
bl e e
Key
bl e k
AdvantagesDisadvantagesUse CaseBLE pairing procedureBLE security mode
noN/Ano security or encryption involved, should work with any devicedata is sent in clear textWhen eavesdropping is not an issuenoneMode 1 Level 1
yesnoneSimplest to use, just works with a range of devicesDoes not protect against "Man in the Middle" attackWhen the other device has no IO capabilities to enter a pin code or when the user is not concerned about "Man in the Middle" attackJust Works Procedure (Vol 3, Part H, 2.3.5.2)Mode 1 Level 2
yes6 digit pin codeGives better protection, works best with smart phonesA 6 digit key is vulnerable to a brute force attack.
If an attacker manages to capture the pairing procedure security keys can be obtained (also known as a "Passive Eavesdropper" attack)
When the other device has pin code input capabilities, such as a smart phonePass key entry Procedure (Vol 3, Part H, 2.3.5.3)Mode 1 Level 3
yes128 bit hex stringGives the best protectionNot possible to pair with smart phonesWhen the other device is also an ACKme BLE module, or the other device has OOB (out of band) capabilitiesOOB Procedure (Vol 3, Part H, 2.3.5.4)Mode 1 Level 3