1.3 Overview

Bluetooth is one of the most common communication technologies that is used to enable scenarios that involve two different devices [BT40]. For security purposes, it is necessary to ensure that the communication channel between the two devices is secure and authenticated. The process by which this is done in Bluetooth is known as Bluetooth pairing [BT-SEC].

There are many different ways to pair two devices that are using Bluetooth. The most secure pairing methods typically involve user input, such as numeric PIN comparison; however, a device might not be able to accept user input or a manufacturer can choose to skip this step. Skipping the user input step lowers the security of the connection and enables man in the middle (MITM) and other similar attacks. Traditional Bluetooth pairing also requires devices to be in a discoverable mode (see [BT-GAP]). In this mode, the server device advertises its presence.

The Automatic Bluetooth Pairing Protocol enables a client to establish a secure, authenticated Bluetooth connection with a server. The protocol does not require any user interaction at the time of pairing, nor does it require either device to be in discoverable mode. Prior to using the Automatic Bluetooth Pairing Protocol, the Bluetooth MAC address of the server device and a shared secret have to be exchanged between the two devices by using an OOB mechanism.

After the Bluetooth MAC address and shared secret information is available on both devices, the client sends a PairingRequired message (section 2.2.3.2) to the server. This message is used to inform the server of the MAC address of the client.

The server has to be able to accept a PairingRequired message and when the message is received, send a ReadyToPair message (section 2.2.3.4) in response. The server then readies itself to accept Bluetooth pairing from the client.

The client then initiates the Bluetooth pairing by using the Bluetooth Numeric Comparison Protocol [BT-SEC] during which the pairing parameters are negotiated between the client and server. The pairing parameters include a six digit confirmation value (PIN) and a link key.

To authenticate the client and server devices, both sides are required to have the same numeric value and the same shared secret. To accomplish the authentication, the server generates a 128-byte pseudo-random number and sends it to the client. The client then calculates the response as a hash of the challenge, the shared key, and the six digit confirmation value (the PIN that was previously negotiated between the client and the server) by using SHA-256 [FIPS180-4] and sends it to the server. The client and server then perform a similar challenge/response authentication process initiated by the client.

Each side accepts the pairing after it receives a satisfactory response to its challenge.

Establishing a secure, authenticated Bluetooth connection

Figure 1: Establishing a secure, authenticated Bluetooth connection