Google Git
Sign in
apache / mynewt-site / 8528acea806ecedcedbaec90568a1524b3ae623d / . / v1_10_0 / network / ble_sec.html
blob: 920f9911f8cefab1736bd9963cc096f1b04a8e30 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>NimBLE Security &mdash; Apache Mynewt latest documentation</title>
<link rel="shortcut icon" href="../_static/mynewt-logo-only-newt32x32.png"/>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/sphinx_theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/bootstrap-3.0.3.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/v2.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/custom.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/restructuredtext.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/overrides.css" type="text/css" />
<link rel="index" title="Index"
href="../genindex.html"/>
<link rel="search" title="Search" href="../search.html"/>
<link rel="top" title="Apache Mynewt latest documentation" href="../index.html"/>
<link rel="up" title="BLE User Guide" href="index.html"/>
<link rel="next" title="NimBLE Setup" href="ble_setup/ble_setup_intro.html"/>
<link rel="prev" title="BLE User Guide" href="index.html"/>
<script src="../_static/js/modernizr.min.js"></script>
<script>
(function(i, s, o, g, r, a, m) {
i["GoogleAnalyticsObject"] = r;
(i[r] =
i[r] ||
function() {
(i[r].q = i[r].q || []).push(arguments);
}),
(i[r].l = 1 * new Date());
(a = s.createElement(o)), (m = s.getElementsByTagName(o)[0]);
a.async = 1;
a.src = g;
m.parentNode.insertBefore(a, m);
})(window, document, "script", "//www.google-analytics.com/analytics.js", "ga");
ga("create", "UA-72162311-1", "auto");
ga("send", "pageview");
</script>
</head>
<body class="not-front page-documentation" role="document" >
<div id="wrapper">
<div class="container">
<div id="banner" class="row v2-main-banner">
<a class="logo-cell" href="/">
<img class="logo" src="../_static/img/logo.png">
</a>
<div class="tagline-cell">
<h4 class="tagline">An OS to build, deploy and securely manage billions of devices</h4>
</div>
<div class="news-cell">
<div class="well">
<h4>Latest News:</h4> <a href="/download">Apache Mynewt 1.11.0, Apache NimBLE 1.6.0 </a> released September 7, 2023)
</div>
</div>
</div>
</div>
<header>
<nav id="navbar" class="navbar navbar-inverse" role="navigation">
<div class="container">
<!-- Collapsed navigation -->
<div class="navbar-header">
<!-- Expander button -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<!-- Expanded navigation -->
<div class="navbar-collapse collapse">
<!-- Main navigation -->
<ul class="nav navbar-nav navbar-right">
<li>
<a href="/"><i class="fa fa-home" style="font-size: larger;"></i></a>
</li>
<li class="important">
<a href="/quick-start/">Quick Start</a>
</li>
<li>
<a href="/about/">About</a>
</li>
<li>
<a href="/talks/">Talks</a>
</li>
<li class="active">
<a href="/documentation/">Documentation</a>
</li>
<li>
<a href="/download/">Download</a>
</li>
<li>
<a href="/community/">Community</a>
</li>
<li>
<a href="/events/">Events</a>
</li>
</ul>
<!-- Search, Navigation and Repo links -->
<ul class="nav navbar-nav navbar-right">
</ul>
</div>
</div>
</nav>
</header>
<!-- STARTS MAIN CONTENT -->
<div id="main-content">
<div id="breadcrumb">
<div class="container">
<a href="/documentation/">Docs</a> /
<a href="index.html">BLE User Guide</a> /
NimBLE Security
<div class="sourcelink">
<a href="https://github.com/apache/mynewt-nimble/edit/master/docs/ble_sec.rst" class="icon icon-github"
rel="nofollow"> Edit on GitHub</a>
</div>
</div>
</div>
<!-- STARTS CONTAINER -->
<div class="container">
<!-- STARTS .content -->
<div id="content" class="row">
<!-- STARTS .container-sidebar -->
<div class="container-sidebar col-xs-12 col-sm-3">
<div id="docSidebar" class="sticky-container">
<div role="search" class="sphinx-search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search documentation" class="search-documentation" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<!-- Note: only works when deployed -->
<select class="form-control" onchange="if (this.value) window.location.href=this.value">
<option value="/latest" selected>
Version: latest
</option>
<option value="/v1_11_0" >
Version: 1.11.0
</option>
<option value="/v1_10_0" selected="selected" >
Version: 1.10.0
</option>
<option value="/v1_9_0" >
Version: 1.9.0
</option>
<option value="/v1_8_0" >
Version: 1.8.0
</option>
<option value="/v1_7_0" >
Version: 1.7.0
</option>
<option value="/v1_6_0" >
Version: 1.6.0
</option>
<option value="/v1_5_0" >
Version: 1.5.0
</option>
<option value="/v1_4_0" >
Version: 1.4.0
</option>
<option value="/v1_3_0/os/introduction" >
Version: 1.3.0
</option>
<option value="/v1_2_0/os/introduction" >
Version: 1.2.0
</option>
<option value="/v1_1_0/os/introduction" >
Version: 1.1.0
</option>
<option value="/v1_0_0/os/introduction" >
Version: 1.0.0
</option>
<option value="/v0_9_0/os/introduction" >
Version: 0.9.0
</option>
</select>
<div class="region region-sidebar">
<div class="docs-menu">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../get_started/index.html">Setup &amp; Get Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="../concepts.html">Concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../tutorials/tutorials.html">Tutorials</a></li>
<li class="toctree-l1"><a class="reference internal" href="../external_links.html">Third-party Resources</a></li>
<li class="toctree-l1"><a class="reference internal" href="../os/os_user_guide.html">OS User Guide</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">BLE User Guide</a><ul class="current">
<li class="toctree-l2 current"><a class="current reference internal" href="#">NimBLE Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="ble_setup/ble_setup_intro.html">NimBLE Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="ble_hs/ble_hs.html">NimBLE Host</a></li>
<li class="toctree-l2"><a class="reference internal" href="btshell/btshell_api.html">btshell Usage API</a></li>
<li class="toctree-l2"><a class="reference internal" href="mesh/index.html">Bluetooth Mesh</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../newt/index.html">Newt Tool Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="../newtmgr/index.html">Newt Manager Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="../mynewt_faq/index.html">Mynewt FAQ</a></li>
<li class="toctree-l1"><a class="reference internal" href="../misc/index.html">Appendix</a></li>
</ul>
</div>
</div>
</div>
<!-- ENDS STICKY CONTAINER -->
</div>
<!-- ENDS .container-sidebar -->
<div class="col-xs-12 col-sm-9">
<div class="alert alert-warning">
<p>
Version 1.10.0 is not the most recent version of the
Apache Mynewt documentation. Click <a href="/latest">here</a> to
read the latest version.
</p>
</div>
<div class="">
<div class="rst-content">
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="nimble-security">
<h1>NimBLE Security<a class="headerlink" href="#nimble-security" title="Permalink to this headline"></a></h1>
<p>The Bluetooth Low Energy security model includes five distinct security
concepts as listed below. For detailed specifications, see BLUETOOTH
SPECIFICATION Version 4.2 [Vol 1, Part A].</p>
<ul class="simple">
<li><p><strong>Pairing</strong>: The process for creating one or more shared secret keys.
In LE a single link key is generated by combining contributions from
each device into a link key used during pairing.</p></li>
<li><p><strong>Bonding</strong>: The act of storing the keys created during pairing for
use in subsequent connections in order to form a trusted device pair.</p></li>
<li><p><strong>Device authentication</strong>: Verification that the two devices have the
same keys (verify device identity)</p></li>
<li><p><strong>Encryption</strong>: Keeps message confidential. Encryption in Bluetooth
LE uses AES-CCM cryptography and is performed in the <em>Controller</em>.</p></li>
<li><p><strong>Message integrity</strong>: Protects against message forgeries.</p></li>
</ul>
<p>Bluetooth LE uses four association models depending on the I/O
capabilities of the devices.</p>
<ul class="simple">
<li><p><strong>Just Works</strong>: designed for scenarios where at least one of the
devices does not have a display capable of displaying a six digit
number nor does it have a keyboard capable of entering six decimal
digits.</p></li>
<li><p><strong>Numeric Comparison</strong>: designed for scenarios where both devices are
capable of displaying a six digit number and both are capable of
having the user enter “yes” or “no”. A good example of this model is
the cell phone / PC scenario.</p></li>
<li><p><strong>Out of Band</strong>: designed for scenarios where an Out of Band
mechanism is used to both discover the devices as well as to exchange
or transfer cryptographic numbers used in the pairing process.</p></li>
<li><p><strong>Passkey Entry</strong>: designed for the scenario where one device has
input capability but does not have the capability to display six
digits and the other device has output capabilities. A good example
of this model is the PC and keyboard scenario.</p></li>
</ul>
<div class="section" id="key-generation">
<h2>Key Generation<a class="headerlink" href="#key-generation" title="Permalink to this headline"></a></h2>
<p>Key generation for all purposes in Bluetooth LE is performed by the
<em>Host</em> on each LE device independent of any other LE device.</p>
</div>
<div class="section" id="privacy-feature">
<h2>Privacy Feature<a class="headerlink" href="#privacy-feature" title="Permalink to this headline"></a></h2>
<p>Bluetooth LE supports an optional feature during connection mode and
connection procedures that reduces the ability to track a LE device over
a period of time by changing the Bluetooth device address on a frequent
basis.</p>
<p>There are two variants of the privacy feature.</p>
<ul class="simple">
<li><p>In the first variant, private addresses are resolved and generated by
the <em>Host</em>.</p></li>
<li><p>In the second variant, private addresses are resolved and generated
by the <em>Controller</em> without involving the Host after the Host
provides the Controller device identity information. The Host may
provide the Controller with a complete resolving list or a subset of
the resolving list. Device filtering becomes possible in the second
variant when address resolution is performed in the Controller
because the peer’s device identity address can be resolved prior to
checking whether it is in the white list.</p></li>
</ul>
<p><strong>Note</strong>: When address resolution is performed exclusively in the Host,
a device may experience increased power consumption because device
filtering must be disabled. For more details on the privacy feature,
refer to BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] (Published
02 December 2014), Page 592.</p>
</div>
</div>
</div>
</div>
<div class="rst-footer-buttons row" role="navigation" aria-label="footer navigation">
<a href="ble_setup/ble_setup_intro.html" class="btn btn-neutral float-right" title="NimBLE Setup" accesskey="n">Next: NimBLE Setup <span class="fa fa-arrow-circle-right"></span></a>
<a href="index.html" class="btn btn-neutral" title="BLE User Guide" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous: BLE User Guide</a>
</div>
</div>
</div>
</div>
<!-- ENDS CONTENT SECTION -->
</div>
<!-- ENDS .content -->
</div>
</div>
<footer>
<div class="container">
<div class="row">
<div class="col-xs-12">
<p class="copyright">Apache Mynewt is available under Apache License, version 2.0.</p>
</div>
<div class="col-xs-12">
<div class="logos">
<img src="../_static/img/asf_logo_wide_small.png" alt="Apache" title="Apache">
<small class="footnote">
Apache Mynewt, Mynewt, Apache, the Apache feather logo, and the Apache Mynewt project logo are either
registered trademarks or trademarks of the Apache Software Foundation in the United States and other countries.
</small>
<a href="">
<img src="../_static/img/add_to_slack.png" alt="Slack Icon" title="Join our Slack Community" />
</a>
</div>
</div>
</div>
</div>
</footer>
</div>
<!-- ENDS #wrapper -->
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'latest',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt',
LINK_SUFFIX: '.html'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/bootstrap-3.0.3.min.js"></script>
<script type="text/javascript" src="../_static/js/affix.js"></script>
<script type="text/javascript" src="../_static/js/main.js"></script>
</body>
</html>