User manual
does not have the database storage resources for holding LTKs. Therefore the slave will distribute LTK, EDIV, and
Rand to the master device for storage. When a slave begins a new encrypted session with a previously linked
master device, it will request distribution of EDIV and Rand and will regenerate LTK.
Figure 23 - Encryption Response from Slave, Example
(ComProbe Frame Display, BPA 600 low energy capture)
A.2.6 Encrypting The Data Transmission
Data encryption begins with encrypting the link. The Session Key (SK) is created using a session key diversifier
(SKD). The first step in creating a SK is for the master device to send Link Layer encryption request message (LL_
ENC_REQ) that contains the SKD
master
. The SKD
master
is generated using the LTK. The slave receives SKD
master
,
generates SKD
slave
, and generates SK by concatenating parts of SKD
master
and SKD
slave
. The slave device responds
with an encryption response message (LL_ENC_RSP) that contains SKD
slave
; the master will create the same SK.
Now that a SK has been calculated, the master and slave devices will now begin a handshake process. The slave
will transmit unencrypted LL_START_ENC_REQ, but sets the slave to receive encrypted data using the recently
calculated SK. The master responds with encrypted LL_START_ENC_RSP that uses the same SK just calculated and
setting the master to receive encrypted data. Once the slave receives the master’s encrypted LL_START_ENC_RSP
message and responds with an encrypted LL_START_ENC_RSP message the Bluetooth low energy devices can
now begin transmitting and receiving encrypted data.
A.2.7 IRK and CSRK Revisited
Earlier in this paper it was stated that LTK would be the focus, however the IRK and CSRK were mentioned. We
revisit these keys because they are used in situations that require a lesser level of security. First let us note that
IRK and CSRK are passed in an encrypted link along with LTK and EDIV.
Use of the IRK and CSRK attempt to place an identity on devices operating in a piconet. The probability that two
devices will have the same IRK and generate the same random number is low, but not absolute.
IRK and Bluetooth low energy Privacy Feature
Bluetooth low energy has a feature that reduces the ability of an attacker to track a device over a long period buy
frequently and randomly changing an advertising device's address. This is the privacy feature. This feature is not
used in the discovery mode and procedures but is used in the connection mode and procedures.
If the advertising device was previously discovered and has returned to an advertising state, the device must be
identifiable by trusted devices in future connections without going through discovery procedure again. The IRK
stored in the trusted device will overcome the problem of maintaining privacy while saving discovery
computational load and connection time. The advertising devices IRK was passed to the master device during
initial bonding. The a master device will use the IRK to identify the advertiser as a trusted device.
CSRK and Signing for Authentication
Bluetooth low energy supports the ability to authenticate data sent over an unencrypted ATT bearer between two
devices in a trust relationship. If authenticated pairing has occurred and encryption is not required (security mode
2) data signing is used if CSRK has been exchanged. The sending device attaches a digital signature after the data in
Appendicies TELEDYNE LECROY
Frontline BPA low energy Hardware & Software User Manual 226