User manual

ManualsBrandsLECROY ManualsLaboratory Test EquipmentFrontline BPA Low Energy

231

232

233

234

235

236

237

238

239

240

c. the Identity Resolving Key (IRK) used to generate a private address.

Of primary interest in this paper is the LTK. CSRK and IRK are covered briefly at the end.

Bluetooth low energy uses the same pairing process as Classic Bluetooth: Secure Simple Pairing (SSP). During SSP

initially each device determines its capability for input and output (IO). The input can be None, Yes/No, or

Keyboard with Keyboard having the ability to input a number. The output can be either None or Display with

Display having the ability to display a 6-digit number. For each device in a paring link the IO capability determines

their ability to create encryption shared secret keys.

The Pairing Request message is transmitted from the initiator containing the IO capabilities, authentication data

availability, authentication requirements, key size requirements, and other data. A Pairing Response message is

transmitted from the responder and contains much of the same information as the initiators Pairing Request

message thus confirming that a pairing is successfully negotiated.

Figure 18 - Sample Initiator Pairing Request

Decode (ComProbe Frame Display, BPA 600

low energy capture)

In the sample SMP decode, in the figure at the right, note the

“keys” identified. Creating a shared, secret key is an

evolutionary process that involves several intermediary keys.

The resulting keys include,

1. IRK: 128-bit key used to generate and resolve random

address.

2. CSRK: 128-bit key used to sign data and verify

signatures on the receiving device.

3. LTK: 128-bit key used to generate the session key for

an encrypted connection.

4. Encrypted Diversifier (EDIV): 16-bit stored value used

to identify the LTK. A new EDIV is generated each

time a new LTK is distributed.

5. Random Number (RAND): 64-bit stored value used to

identify the LTK. A new RAND is generated each time

a unique LTK is distributed.

Of particular importance to decrypting the encrypted data on a Bluetooth low energy link is LTK, EDIV, and RAND.

A.2.3 Pairing Methods

The two devices in the link use the IO capabilities from Pairing Request and Pairing Response packet data to

determine which of two pairing methods to use for generation of the Temporary Key (TK). The two methods are

Just Works and Passkey Entry

. An example of when Just Works method is appropriate is when the IO capability

input = None and output = None. An example of when Passkey Entry would be appropriate would be if input=

Keyboard and output = Display. There are 25 combinations that result in 13 Just Works methods and 12 Passkey

Entry methods.

In Just Works the TK = 0. In the Passkey Entry method,

A third method, Out Of Band (OOB), performs the same as Pass Key, but through another external link such as

NFC.

Appendicies TELEDYNE LECROY

Frontline BPA low energy Hardware & Software User Manual 224