Security

BLE Security Overview

ZentriOS BLE supports Security Mode 1 (encryption) with its first three levels:

ZentriOS BLE encryption is managed with two encryption variables:

ZentriOS BLE supports encryption using three of the possible key types: "Just Works" (keyless), keyed with a 6 digit pin code, or keyed with a 128 bit hex string.

The table below provides details of the available systems.

References are to Specification of the Bluetooth System, core package version 4.0. See https://www.bluetooth.org.

Enabled
bl e e
Key
bl e k
AdvantagesDisadvantagesUse CaseBLE pairing procedureBLE security mode
noN/Ano security or encryption involved, should work with any devicedata is sent in clear textWhen eavesdropping is not an issuenoneMode 1 Level 1
yesnoneSimplest to use, just works with a range of devicesDoes not protect against "Man in the Middle" attackWhen the other device has no IO capabilities to enter a pin code or when the user is not concerned about "Man in the Middle" attackJust Works Procedure (Vol 3, Part H, 2.3.5.2)Mode 1 Level 2
yes6 digit pin codeGives better protection, works best with smart phonesA 6 digit key is vulnerable to a brute force attack.
If an attacker manages to capture the pairing procedure security keys can be obtained (also known as a "Passive Eavesdropper" attack)
When the other device has pin code input capabilities, such as a smart phonePass key entry Procedure (Vol 3, Part H, 2.3.5.3)Mode 1 Level 3
yes128 bit hex stringGives the best protectionNot possible to pair with smart phonesWhen the other device is also a Zentri BLE module, or the other device has OOB (out of band) capabilitiesOOB Procedure (Vol 3, Part H, 2.3.5.4)Mode 1 Level 3