Page 497 - From GMS to LTE
P. 497

Bluetooth and Bluetooth Low Energy  483

                 A service may be used by all authenticated devices without prior authorization by the
               ●
                user. This requires a one‐time pairing.
                 A service may be used once or for a certain duration after authentication and
               ●
                authorization by the user.
                 A service may be used by a certain device after authentication and one‐time
               ●
                authorization by the user.
                Furthermore, some Bluetooth stacks offer the display of short notices on the screen if
               a service is accessed by a remote device. The notice is displayed for informational
                 purposes only, as access is automatically granted.


               7.5.6  Security Modes
               The point at which ciphering and authorization are performed during the establishment
               of an authenticated connection depends on the implementation of the Bluetooth stack
               and the configuration of the user. The Bluetooth standard describes four possible
               configurations.
                If security mode 1 is used for a service, no authentication is required and the connection
               is not encrypted. This mode is most suitable for the transmission of address book and
               calendar entries between two devices. In many cases, the devices used for this purpose
               have not previously been paired.
                For security mode 2, the user decides if authentication, ciphering and authorization
               are necessary when a service is used. Many Bluetooth PC stacks allow individual con-
               figuration for each service. Security mode 1 therefore corresponds to using security
               mode 2 for a service without authentication and ciphering.
                If a service uses security mode 3, authentication and ciphering of the connection are
               automatically ensured by the Bluetooth chip. Both procedures are performed during
               the first communication between the two link managers, that is, even before an L2CAP
               connection is established. For incoming communication requests, the Bluetooth con-
               troller thus has to ask the Bluetooth device database for the link key via the HCI inter-
               face. If no pairing has previously been performed with the remote device, the host
               cannot return a link key to the Bluetooth controller and thus the connection will fail.
               Security mode 3 is best suited for devices that only need to communicate with previ-
               ously paired remote devices. Thus, this mode is not suitable for devices like mobile
               phones, which allow non‐authenticated connections for the transfer of an electronic
               business card.
                With version 2.1 of the Bluetooth specification, security mode 4 was introduced,
               which can be used with the Secure Simple Pairing mechanisms described above. This
               mode is similar to security mode 2 described above, as a security category is selected on
               a per‐application basis:

                 A secured link key is required, which necessitates that the initial pairing was
               ●
                  performed  with  one  of  the  Numeric  Comparison,  Out‐of‐Band  or  Passkey
                protocols.
                 A nonsecured link key is required, that is, the Just Works protocol was used during
               ●
                the pairing.
                 No security is required at all.
               ●
   492   493   494   495   496   497   498   499   500   501   502