User Tools


Security

BLE Security Overview

TruConnect supports Security Mode 1 (encryption) with its first three levels:

  • Level 1 : No encryption - default
  • Level 2 : Unauthenticated/“Just works” encryption with no passkey
  • Level 3 : Authenticated encryption with a passkey

TruConnect encryption is managed with two encryption variables:

TruConnect supports encryption using three of the possible key types: “Just Works” (keyless), keyed with a 6 digit pin code, or keyed with a 128 bit hex string.

The table below provides details of the available systems.

References are to Specification of the Bluetooth System, core package version 4.0. See https://www.bluetooth.org.

Enabled
bl e e
Key
bl e k
Advantages Disadvantages Use Case BLE pairing procedure BLE security mode
no N/A no security or encryption involved, should work with any device data is sent in clear text When eavesdropping is not an issue none Mode 1 Level 1
yes none Simplest to use, just works with a range of devices Does not protect against “Man in the Middle” attack When the other device has no IO capabilities to enter a pin code or when the user is not concerned about “Man in the Middle” attack Just Works Procedure (Vol 3, Part H, 2.3.5.2) Mode 1 Level 2
yes 6 digit pin code Gives better protection, works best with smart phones A 6 digit key is vulnerable to a brute force attack.
If an attacker manages to capture the pairing procedure security keys can be obtained (also known as a “Passive Eavesdropper” attack)
When the other device has pin code input capabilities, such as a smart phone Pass key entry Procedure (Vol 3, Part H, 2.3.5.3) Mode 1 Level 3
yes 128 bit hex string Gives the best protection Not possible to pair with smart phones When the other device is also an ACKme BLE module, or the other device has OOB (out of band) capabilities OOB Procedure (Vol 3, Part H, 2.3.5.4) Mode 1 Level 3