STM32WB BLE Secure Connections Overview

Slide Note
Embed
Share

This detailed content provides insights into the secure connections in STM32WB BLE devices, covering aspects such as BLE security methods, encryption techniques, pairing processes, key distribution, and security modes and levels. It emphasizes the use of Long Term Keys (LTK), Diffie-Hellman key exchange, Elliptic Curve Diffie-Hellman cryptography, and various security modes for link and application layers in BLE devices. The content explains the transition from legacy BLE connections to the more secure LE Secure Connections, highlighting the use of stronger security features in BLE 4.2 devices and above.

jeffreys_n
jeffreys_n Follow

Uploaded on Sep 20, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. STM32WB BLE Secure Connections (BT 4.2/5.0 (2M))

  2. BLE Security 2 BLE uses 4 pairing methods: Just Works Out of Band Passkey Entry Numeric comparison (only secure connections) 4.2 BLE uses 2 security levels: Legacy Pairing Short Temporary Key (STK). STK will be created to encrypt connection. Then, if bonding, LTK will be used for subsequent connections. Secure Connections Long Term Key (LTK). LTK will be created to encrypt connection and then exchange using Public Key Exchange (Diffie-Hellman)

  3. LE Pairing with Secure Connections Encryption 3 Peripheral (slave) Central (master) Pairing Request Phase I Pairing Response Public Key Exchange (Diffie-Hellman) Phase II Authentication Stage 1 (just works,#comparison,passkey,OOB Authentication Stage 2 (LTK computation) Establish LTK-based Encryption Key Distribution(IRK,CSRK) Phase III Key Distribution(IRK,CSRK)

  4. Authentication stage 1 (# comparison) 4

  5. Secure Connection (4.2 devices and above) 5 BLE 4.2 devices are backwards compatible with BLE 4.0 and 4.1 devices. BLE 4.2 are also capable of creating LE Secure connections. Instead of using a TK and STK, LE Secure Connections use a single Long Term Key (LTK) to encrypt the connection. This LTK is exchanged/generated using Elliptic Curve Diffie Hellman (ECDH) public key cryptography which offers stronger security compared to the original BLE key exchange protocol. In LE Secure Connections, both phase one and phase three of the pairing process are the same as they are in LE Legacy Connections. The differences occur during phase two of the pairing process. Both devices generate an ECDH key pair. The two devices will then exchange their public keys and then start exchanging values to generate LTK.

  6. Security Modes and Level 6 LE security Mode 1 (Link Layer): 1 no security 2 unauthenticated pairing with encryption 3 authenticated pairing with AES-CCM for link encryption 4 authenticated LE secure connections pairing with encryption. Use of Elliptic Curve Diffie-Hellman (ECDH) for Public Key generation and AES-CCM for link encryption. Authenticated Pairing Pairing is performed with MITM protection Unauthenticated Pairing Pairing is performed without MITM protection LE security Mode 2 (ATT layer): not implemented

  7. SECURITY AND NVM (example) 1/3 7 Peripheral (slave) Central (master) Device initialization aci_gap_IO_capability (keyboard/display) aci_gap_IO_capability (keyboard/display) aci_gap_set_auth_requirement (MITM, fixed pin=0x000012354, bonding=1,SC_Support=0x00) aci_gap_set_auth_requirement (MITM, no fixed pin, bonding=1,SC_Support=0x00) Create connection aci_gap_set_discoverable Aci_gap_create_connection CONNECT_REQ connection_complete connection_complete Pairing/ authentication/ encryption aci_gap_send_pairing_req aci_gap_pass_key_req_event aci_gap_pass_key_resp (0x00001234) hci_encryption_change(encryption enabled) hci_encryption_change(encryption enabled) event_blue_gap_pairing_complete event_blue_gap_pairing_complete

  8. SECURITY AND NVM (example) 2/3 8 Peripheral (slave) Central (master) aci_gap_terminate Bonded devices - Keys are stored in RAM and in Flash disconnection_complete_event disconnection_complete_event aci_gap_set_discoverable Aci_gap_create_connection Aci_gap_send_pairing_req (no force rebond) hci_encryption_change(encryption enabled) hci_encryption_change(encryption enabled) event_blue_gap_pairing_complete event_blue_gap_pairing_complete aci_gap_terminate disconnection_complete_event disconnection_complete_event

  9. SECURITY AND NVM (example) 3/3 9 Peripheral (slave) Central (master) Unplug (or HW reset) one or both devices Device initialization aci_gap_set_discoverable Aci_gap_create_connection Aci_gap_send_pairing_req (no force rebond) Bonded devices Keys are stored in RAM and in Flash hci_encryption_change(encryption enabled) hci_encryption_change(encryption enabled) event_blue_gap_pairing_complete event_blue_gap_pairing_complete aci_gap_terminate disconnection_complete_event disconnection_complete_event

  10. EXAMPLE LE security mode1 level4 1/3 10 Peripheral (slave) Central (master) aci_gap_IO_capability (display yesno) aci_gap_IO_capability (display yesno) aci_gap_set_auth_requirement (MITM, no fixed pin, bonding, SC_Support=SC only mode) aci_gap_set_auth_requirement (MITM, no fixed pin, bonding, SC_Support=SC only mode) aci_gap_set_discoverable ADV_IND . . aci_gap_create_connection (peripheral address) CONNECT_REQ Aci_gap_proc_complete_event Aci_gap_proc_complete_event

  11. EXAMPLE LE security mode1 level4 2/3 Pairing features exchange 11 Central (master) Peripheral (slave) PAIRING REQUEST(IO capability, AuthReq, Initiator key distribution, Responder key distribution) aci_gap_send_pairing_req PAIRING RESPONSE(IO capability, AuthReq, Initiator key distribution, Responder key distribution) Pairing Public key Pairing Public key PAIRING CONFIRM (confirm value calculated using the confirm value generation function)

  12. EXAMPLE LE security mode1 level4 3/3 12 Central (master) Peripheral (slave) PAIRING RANDOM (random value used to calculate the confirm value=Mrand) PAIRING RANDOM (random value used to calculate the confirm value=Srand) Pairing DHKey Check Pairing DHKey Check Aci_gap_numeric_comparison_value_event Aci_gap_numeric_comparison_value_event aci_gap_numeric_comparison_value_ confirm_yes_no(yes) aci_gap_numeric_comparison_value_ confirm_yes_no(yes) aci_gap_pairing_complete_event Encryption enabled aci_gap_pairing_complete_event Encryption enabled

Related


STM32WB BLE SW Application Sequencer Architecture Overview

STM32WB BLE SW Application Sequencer Architecture Overview

jakub
Understanding BLE Security in EECS 582 - Spring 2015

Understanding BLE Security in EECS 582 - Spring 2015

timo
Understanding Bluetooth Low Energy Addresses in IEEE 802.11-21/1535r0

Understanding Bluetooth Low Energy Addresses in IEEE 802.11-21/1535r0

elio
Accessing and Utilizing CPCSSN Secure Research Environment (SRE)

Accessing and Utilizing CPCSSN Secure Research Environment (SRE)

hodgins_c
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Overview of Loop Diagrams in Process Control Systems

Overview of Loop Diagrams in Process Control Systems

cyey541
Understanding Secure Act 2.0 Key Provisions

Understanding Secure Act 2.0 Key Provisions

argus
Introduction to SFTP & PGP Encryption for Secure Data Transfer

Introduction to SFTP & PGP Encryption for Secure Data Transfer

bunty
Ensuring Secure Testing Environments in Oregon Education System

Ensuring Secure Testing Environments in Oregon Education System

kate
Secure Computation Techniques in RAM Models with Efficient Automation

Secure Computation Techniques in RAM Models with Efficient Automation

terence
Actively Secure Arithmetic Computation and VOLE Study

Actively Secure Arithmetic Computation and VOLE Study

cayal
Enhancing Animal Telemetry Data Systems for Secure Collaboration

Enhancing Animal Telemetry Data Systems for Secure Collaboration

maon369
Understanding Secure Electronic Transactions (SET)

Understanding Secure Electronic Transactions (SET)

sobe_r
An Open-Source SPDM Implementation for Secure Device Communication

An Open-Source SPDM Implementation for Secure Device Communication

eley395
Exploring Secure Care Services in Scotland

Exploring Secure Care Services in Scotland

cammon_h
Understanding Secure PRFs and PRPs in Cryptography

Understanding Secure PRFs and PRPs in Cryptography

tanyah
Syntactic Notions of the First Level in Linguistics

Syntactic Notions of the First Level in Linguistics

neva
Modern Culvert Design Innovations in Tennessee's Transportation Infrastructure

Modern Culvert Design Innovations in Tennessee's Transportation Infrastructure

jaxx
Secure Method of Information Exchange: Overview of Hub Concept & Prototype

Secure Method of Information Exchange: Overview of Hub Concept & Prototype

naev_6
Introduction to Unix-like Systems and Shell Interaction

Introduction to Unix-like Systems and Shell Interaction

lilac
Guidelines for Verifying Transitional Credit and Important Authorities' Orders

Guidelines for Verifying Transitional Credit and Important Authorities' Orders

eshal
Communication Protocols for System Integration

Communication Protocols for System Integration

fro_sta
Secure Networking Best Practices for Municipalities

Secure Networking Best Practices for Municipalities

ianthe
Parsimoni – the European IoT/Edge OS. Secure, efficient, flexible.

Parsimoni – the European IoT/Edge OS. Secure, efficient, flexible.

thisbe

More Related Content

Enhancing Privacy in Crowdsourced Spectrum Allocation
Enhancing Privacy in Crowdsourced Spectrum Allocation
Advancements in Active Secure Multiparty Computation (MPC)
Advancements in Active Secure Multiparty Computation (MPC)
Secure Access to OAuth-Based Services in HTCondor Jobs
Secure Access to OAuth-Based Services in HTCondor Jobs
Enhancing Cybersecurity in University Research: Insights from SouthEast SECURE Program
Enhancing Cybersecurity in University Research: Insights from SouthEast SECURE Program
Evolution of Proofs in Cryptography
Evolution of Proofs in Cryptography
Secure Multiparty Computation: Enhancing Privacy in Data Sharing
Secure Multiparty Computation: Enhancing Privacy in Data Sharing
Comprehensive Remote Access Guide for Secure Resource Access Portal
Comprehensive Remote Access Guide for Secure Resource Access Portal
Advancements in Multi-Key Homomorphic Encryption Using TFHE
Advancements in Multi-Key Homomorphic Encryption Using TFHE
Understanding Secure Information Transmission in Cryptography
Understanding Secure Information Transmission in Cryptography
Exploring Secure Computation in the Age of Information
Exploring Secure Computation in the Age of Information
Secure Software Development Best Practices
Secure Software Development Best Practices
Secure Two-Party Computation and Basic Secret-Sharing Concepts
Secure Two-Party Computation and Basic Secret-Sharing Concepts
Healthcare Challenges in Secure Environments
Healthcare Challenges in Secure Environments
Research Data Classification and Secure Storage Options
Research Data Classification and Secure Storage Options
Linear Communication in Secure Multiparty Computation for Efficient and Fast Processing
Linear Communication in Secure Multiparty Computation for Efficient and Fast Processing
Step-by-Step Guide to Using secure.colostate.edu NetConnect
Step-by-Step Guide to Using secure.colostate.edu NetConnect
Stronger Connections Grant
Stronger Connections Grant
Networking Setup Overview for FAS2620 and FAS2240 Systems
Networking Setup Overview for FAS2620 and FAS2240 Systems
Solar Energy Generator Design Rendering and Prototype Details
Solar Energy Generator Design Rendering and Prototype Details
Ubiquitous and Secure Networks: SunSpot Development Platform Overview
Ubiquitous and Secure Networks: SunSpot Development Platform Overview
EPA Air Quality Monitoring System Overview
EPA Air Quality Monitoring System Overview
Exploring the Essence of Love and Relationships
Exploring the Essence of Love and Relationships
Exploring Connections Between PBIS and Community Schools
Exploring Connections Between PBIS and Community Schools
Different Approaches for Deployment of BSNL Franchisee OLT using BharatNet
Different Approaches for Deployment of BSNL Franchisee OLT using BharatNet