913 Bluetooth Security
913.1 Overview
Bluetooth security is critical for IoT deployments, protecting everything from smart locks and medical devices to payment terminals and industrial sensors. This comprehensive guide covers pairing methods, encryption architecture, key management, and defense-in-depth strategies for secure BLE implementations.
In one sentence: BLE security depends on the pairing method, not just encryption - “Just Works” provides no MITM protection, while Numeric Comparison and Out-of-Band pairing defend against active attackers during setup.
Remember this: Always match pairing method to threat model: use OOB or Numeric Comparison for security-critical devices (locks, medical, payments), and add application-layer authorization for sensitive commands even after secure pairing.
913.2 Chapter Guide
This topic is covered across three focused chapters:
913.2.1 Bluetooth Security: Pairing Methods
Difficulty: Intermediate | Reading Time: ~15 minutes
Learn the fundamentals of BLE pairing and authentication:
- Four pairing methods: Just Works, Passkey Entry, Numeric Comparison, and Out-of-Band
- Why “Just Works” provides no MITM protection and when to avoid it
- Three-phase BLE pairing process (feature exchange, STK generation, key distribution)
- Bonding vs pairing trade-offs for IoT deployments
- Common beginner mistakes and how to avoid them
913.2.2 Bluetooth Security: Encryption and Key Management
Difficulty: Advanced | Reading Time: ~20 minutes
Deep dive into BLE encryption architecture and security decisions:
- BLE encryption architecture (Legacy, LE Secure Connections, BR/EDR)
- Key hierarchy: LTK, IRK, CSRK and their roles
- Security decision framework for choosing the right protection level
- Best practices for secure pairing and key storage
- Common pitfalls: displayless device security, bonded key protection
913.2.3 Bluetooth Security: Labs and Defense-in-Depth
Difficulty: Advanced | Reading Time: ~25 minutes
Hands-on labs and comprehensive security strategies:
- Interactive ESP32 BLE security demonstration lab
- Challenges: security mode comparison, packet interception, brute-force protection
- Defense-in-depth: four layers from physical to data protection
- BLE attack timeline across device lifecycle
- Visual reference gallery and knowledge check assessments
913.3 Prerequisites
Before diving into these chapters, you should be familiar with:
- Bluetooth Fundamentals and Architecture: Understanding BLE pairing, bonding, and connection establishment
- Bluetooth Implementations and Labs: Hands-on experience with BLE development
- Basic Cryptography Concepts: Familiarity with encryption, authentication, and key exchange principles (AES, ECDH)
Deep Dives:
- Bluetooth Fundamentals and Architecture - Core BLE concepts and protocol stack
- Bluetooth Applications and Labs - Real-world use cases for secure BLE
- Bluetooth Implementations and Labs - Hands-on security implementation
Comparisons:
- Wi-Fi Security and Provisioning - Compare BLE vs Wi-Fi security approaches
- NFC Security and Comparisons - Out-of-band pairing alternatives
Security Context:
- Security and Privacy Overview - Broader IoT security principles
- Device Security - Securing IoT devices at hardware level
- Encryption Architecture and Levels - Understanding encryption fundamentals
Learning Resources:
- Quizzes Hub - Test your Bluetooth security knowledge
- Videos Hub - Visual explanations of BLE security concepts
913.4 Quick Reference
913.4.1 Pairing Method Security Comparison
| Method | MITM Protection | Best Use Case |
|---|---|---|
| Just Works | None | Public beacons only |
| Passkey Entry | Moderate | Keyboards, mice |
| Numeric Comparison | Strong | Smartphones, tablets |
| Out of Band (OOB) | Very Strong | Smart locks, medical, payments |
913.4.2 Security Quick Tips
Do:
- Use Numeric Comparison or OOB for sensitive applications
- Enable LE Secure Connections (BLE 4.2+)
- Store keys in hardware-backed keystore
- Implement application-layer authorization
- Update firmware regularly
Don’t:
- Use “Just Works” for anything requiring security
- Assume encryption means complete security
- Rely on Bluetooth range for protection
- Skip authorization for sensitive commands
913.5 What’s Next
Start with Bluetooth Security: Pairing Methods if you’re new to BLE security, or jump directly to the topic most relevant to your needs.
After completing all three chapters, continue to the Bluetooth Comprehensive Review for integrated case studies and assessment questions.