9 Wireless
88
9.11.2 Security
The current Bluetooth specification defines security at the link level. Application-level security is not specified.
This allows application developers to define security mechanisms tailored to their specific need. Link-level
security occurs between devices, not users, while application-level security can be implemented on a per-
user basis. The Bluetooth specification defines security algorithms and procedures required to authenticate
devices, and if needed, encrypt the data flowing on the link between the devices. Device authentication is a
mandatory feature of Bluetooth while link encryption is optional.
Pairing of Bluetooth devices is accomplished by creating an initialization key used to authenticate the
devices and create a link key for them. Entering a common personal identification number (PIN) in the
devices being paired generates the initialization key. The PIN is never sent over the air. By default, the
Bluetooth stack responds with no key when a key is requested (it is up to user to respond to the key request
event).
Authentication of Bluetooth devices is based-upon a challenge-response transaction. Bluetooth allows for
a PIN or passkey used to create other 128-bit keys used for security and encryption. The encryption key is
derived from the link key used to authenticate the pairing devices. Also worthy of note is the limited range
and fast frequency hopping of the Bluetooth radios that makes long-distance eavesdropping difficult.
Recommendations are:
•
Perform pairing in a secure environment
•
Keep PIN codes private and do not store the PIN codes in the device
•
Implement application-level security.
9.11.3 Bluetooth Profiles
The device supports the Bluetooth services listed in the table below:
Profile
Description
Service Discovery Protocol
(SDP)
Handles the search for known and specific services as well as general
services.
Serial Port Profile (SPP)
Allows use of RFCOMM protocol to emulate serial cable connection
between two Bluetooth peer devices. For example, connecting the
device to a printer.
Object Push Profile (OPP)
Allows the device to push and pull objects to and from a push server.
Advanced Audio Distribution
Profile (A2DP)
Allows the device to stream stereo-quality audio to a wireless headset
or wireless stereo speakers.
Audio/Video Remote Control
Profile (AVRCP)
Allows the device to control A/V equipment to which a user has access.
It may be used in concert with A2DP.
Personal Area Network (PAN)
Allows the use of Bluetooth Network Encapsulation Protocol to provide
L3 networking capabilities over a Bluetooth link. Only PANU role is
supported.
Human Interface Device Profile
(HID)
Allows Bluetooth keyboards, pointing devices, gaming devices and
remote monitoring devices to connect to the device.