eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 31by having the devices agree on a Temporary Key (TK) mixed with some
random numbers to yield the STK. The STK itself is never transmitted
between devices. In phase three, the key from phase two is used to
distribute other keys needed for communications.
What may be the most secure of the four pairing methods is called
OutOfBand, OOB, so called because it involves authentication outside
the BLE communication channel. The Apple Watch is a good example.
For pairing, a swirling pattern of dots displays on the watch face. The
user points the camera of the iPhone to be paired at the watch face to
link the two.
Another strong pairing method is called Passkey Entry. Here a six-
digit value displays on one device and is entered manually into the other.
The two other pairing methods have more problematic security.
With Numeric Comparison pairing, devices to be paired both display the
same six-digit value. Pairing generally involves just hitting “OK” on both
devices. The main purpose of Numeric Comparison is to identify devices
to be paired rather than thwart bad actors. MITM attacks are possible.
The last pairing method, called Just Works, is said to be the most widely
used. It was intended for devices that lack a display. As in Numeric
Comparison, a six-digit value gets passed, but the six digits are all
zeros. Thus any nearby BLE device sending out a Just Works connection
request can pair up with those nearby that use the same pairing scheme.
The Just Works method has come into wide use because it
consumes less power than the other pairing methods. BLE schemes that
employ Just Works pairing may build-in other security measures that are
less power intensive, typically at the app level. For instance, the app can
ask users to enter credentials and deliver them (through encryption) to
the IoT devices to authenticate the connection.
Nevertheless, security researchers say vulnerabilities during pairing
constitute a severe security risk. For example, researchers at The Ohio
State University recently developed an automated app analysis tool and
used it to identify 1,757 vulnerable free BLE apps in Google Play store.
They also performed a field test in which 7.4% of 5,822 BLE devices
were vulnerable to unauthorized access.FINGERPRINTING
The Ohio State researchers also said their field test uncovered 5,509
BLE devices that were “finger printable” by attackers. The fingerprinting
involves the universally unique identifier (UUID) from the advertisement
packets broadcast by the BLE devices. UUIDs are typically 128-bit
hexadecimal strings. The point of broadcasting UUIDs is so a BLE peripheral
can advertise what services it provides, such as measuring a heart rate.
Thus some of the information in the UUID-- i.e. that defining the predefined
services-- is universal. Nearby mobile apps must know what the UUID
means to discover the device sending it out. Also, UUID packets are not
encrypted-- all other kinds of BLE packets are.
Ohio State researchers say this use of UUIDs is a design flaw. UUIDs
can be obtained from not only the BLE traffic but also from the IoT
companion mobile apps. Attackers can use UUID information to fingerprint
a BLE device this way: Attackers bent on mischief would first scan all
mobile apps in an app store, such as Google Play, to find all possible UUIDs,
allowing them to fingerprint all BLE devices statically. It is likely that multiple
apps use the same scheme-specific BLE chip or UUID configuration,
preventing any nearby attackers from precisely knowing which device the
victim is using. To further narrow things down, attackers can inspect the next
layer UUIDs (because BLE devices often organize UUIDs in a hierarchical
structure) and use the structure of the UUIDs to fingerprint a victim
BLE device. With the fingerprinted UUID information, they can sniff all
advertising packets nearby (e.g., a metropolitan area such as New York City)
to locate these devices. If mobile apps also tell them Just Works or weak
pairing is in use, attackers can directly exploit these BLE devices.
In tests, the researchers discovered 168,093 UUIDs, 13,566 of which
were unique, when they analyzed free BLE apps in Google Play. They
also point out that there are special receivers available that can be usedBLE SECURITY
The pairing protocol
in BLE. Problems arise
when the key exchanged
between the app and
the BLE device is zero or
hard-coded into the app,
where it can be discerned
by disassembly.Initiator ResponderPhase 1Phase 2Phase 3Established LL connection(Optional) Security_Request
Pairing_Request
Pairing_ResponsePairing over SMP:Key DistributionKey Distribution
Key DistributionLegacy pairing or Secure ConnectionsEstablishment or encrypted connection with key generated in phase 2Pairing in bluetooth