Security
BLE Security Overview
TruConnect supports Security Mode 1 (encryption) with its first three levels:
- Level 1 : No encryption - default
- Level 2 : Unauthenticated/"Just works" encryption with no passkey
- Level 3 : Authenticated encryption with a passkey
TruConnect encryption is managed with two encryption variables:
TruConnect supports encryption using three of the possible key types: "Just Works" (keyless), keyed with a 6 digit pin code, or keyed with a 128 bit hex string.
The table below provides details of the available systems.
References are to Specification of the Bluetooth System, core package version 4.0. See https://www.bluetooth.org.
Enabled bl e e | Key bl e k | Advantages | Disadvantages | Use Case | BLE pairing procedure | BLE security mode |
---|---|---|---|---|---|---|
no | N/A | no security or encryption involved, should work with any device | data is sent in clear text | When eavesdropping is not an issue | none | Mode 1 Level 1 |
yes | none | Simplest to use, just works with a range of devices | Does not protect against "Man in the Middle" attack | When the other device has no IO capabilities to enter a pin code or when the user is not concerned about "Man in the Middle" attack | Just Works Procedure (Vol 3, Part H, 2.3.5.2) | Mode 1 Level 2 |
yes | 6 digit pin code | Gives better protection, works best with smart phones | A 6 digit key is vulnerable to a brute force attack. If an attacker manages to capture the pairing procedure security keys can be obtained (also known as a "Passive Eavesdropper" attack) | When the other device has pin code input capabilities, such as a smart phone | Pass key entry Procedure (Vol 3, Part H, 2.3.5.3) | Mode 1 Level 3 |
yes | 128 bit hex string | Gives the best protection | Not possible to pair with smart phones | When the other device is also an ACKme BLE module, or the other device has OOB (out of band) capabilities | OOB Procedure (Vol 3, Part H, 2.3.5.4) | Mode 1 Level 3 |