8.3.2
Bluetooth Security
The current Bluetooth specification defines security at the link level. Application-level security is not
specified. This allows application developers to define security mechanisms tailored to their specific
need. Link-level security occurs between devices, not users, while application-level security can be
implemented on a per-user basis. The Bluetooth specification defines security algorithms and
procedures required to authenticate devices, and if needed, encrypt the data flowing on the link
between the devices. Device authentication is a mandatory feature of Bluetooth while link encryption is
optional.
Pairing of Bluetooth devices is accomplished by creating an initialization key used to authenticate the
devices and create a link key for them. Entering a common personal identification number (PIN) in the
devices being paired generates the initialization key. The PIN is never sent over the air. By default, the
Bluetooth stack responds with no key when a key is requested (it is up to user to respond to the key
request event). Authentication of Bluetooth devices is based-upon a challenge-response transaction.
Bluetooth allows for a PIN or passkey used to create other 128-bit keys used for security and
encryption. The encryption key is derived from the link key used to authenticate the pairing devices.
Also worthy of note is the limited range and fast frequency hopping of the Bluetooth radios that makes
long distance eavesdropping difficult.
Recommendations are:
•
Perform pairing in a secure environment
•
Keep PIN codes private and do not store the PIN codes in the device
•
Implement application-level security
8.3.3
Bluetooth Profiles
The LEX L10g supports the following Bluetooth services:
•
Generic Access Profile (GAP) — Use for device discovery and authentication.
•
Service Discovery Protocol (SDAP) — Handles the search for known and specific services and
general services.
•
Serial Port Profile (SPP) — Sets up a virtual serial port and connects two Bluetooth enabled
devices. For example, connecting the device to a printer.
•
Human Interface Device Profile (HID) — Allows Bluetooth keyboards, pointing devices, gaming
devices and remote monitoring devices to connect to the device.
•
Object Push Profile (OPP) — Allows the device to push and pull objects to and from a push server.
•
Dial-up Networking (DUN) — Allows the device to access the Internet and other dial-up services
using a Bluetooth enabled mobile phone.
•
Hands-Free Profile (HFP) — Allows a hands-free device, such as a Bluetooth headset, to place and
receive calls on the device.
•
Advanced Audio Distribution Profile (A2DP) — Allows the device to stream stereo-quality audio to a
wireless headset or wireless stereo speakers.
•
Audio/Video Remote Control Profile (AVRCP) — Allows the device to control televisions, hi-fi
equipment, etc.
•
General Object Exchange Profile (GOEP) — Provides a basis for other data profiles. Based on
OBEX and sometimes referred to as such.
•
Handsfree Profile (HFP) — Allow car hands-free kits to communicate with mobile phones in the car.
MN002858A01-A
Chapter 8: Wireless
143
Summary of Contents for LEX L10g
Page 2: ......
Page 4: ...This page intentionally left blank ...
Page 8: ...This page intentionally left blank ...
Page 18: ...This page intentionally left blank ...
Page 20: ...This page intentionally left blank ...
Page 24: ...This page intentionally left blank ...
Page 30: ...This page intentionally left blank ...
Page 108: ...This page intentionally left blank ...
Page 128: ...This page intentionally left blank ...
Page 150: ...This page intentionally left blank ...
Page 156: ...This page intentionally left blank ...