In June 2007, Wibree technology was incorporated into the Bluetooth Technology Alliance (SIG) and renamed ULP (ultra-low energy) Bluetooth [1]. It inherits the advantages of the traditional Bluetooth specification, is optimized for use, and consumes less energy and lower costs, and is used for simple data transmission of small equipment parts.
As a very low power consumption Bluetooth technology, Wibree has become part of the Bluetooth specification and is a new low-power wireless technology, which opens up new market opportunities and innovation space for the industry. Due to the wireless communication, ULP Bluetooth faces the risk of interception of transmission data just like traditional Bluetooth. So how to ensure the safety of ULP Bluetooth application is a core issue in the design of ULP Bluetooth technology.
Based on the technical draft [2] of Bluetooth SIG, this article discusses the security structure of ULP Bluetooth technology, introduces the address generation of ULP Bluetooth, and specifically studies the principles and related processes of ULP Bluetooth authentication, key generation and matching.
2. ULP Bluetooth security architecture [3]
Security is an essential part of the ULP Bluetooth protocol, which provides protection of use and confidentiality of information. As shown in Figure 1, the ULP Bluetooth system has three logical components: UIP controller, ULP host, and HCI (host controller interface: between the UIP controller and the ULP host to provide communication services). The ULP controller consists of the physical layer and the link layer; the ULP host is mainly the L2CAP protocol of ULP; the upper layer is mainly the application layer protocol, and various profiles are applied in the upper layer. The security module is located in the link layer of the ULP controller and the L2CAP protocol of the ULP host, and the host controller provides control and data.
ULP Bluetooth works in the 2.4 GHz ISM (Industrial ScienTIfic Medical) frequency band, and its working center frequency is 2402 + K * 2MHz (K = 0 ~ 39), that is, the working frequency band width is 2 ~ 3.5MHz. It is divided into 40 physical channels, including 3 broadcast channels and 37 data channels.
The link layer in the structure has two working states: idle state and connected state, and the link layer can only work in one working state. At the same time, ULP Bluetooth devices also have 5 working modes: broadcast mode, scan mode, application mode, master device, slave device.
ULP L2CAP (Logic link control and adaptaTIon protocol) is above the link control protocol and belongs to the data link layer. L2CAP can provide connection-oriented and connectionless data services to upper layer protocols. L2CAP allows high-level protocols and applications to send and receive packets up to 64K bytes (L2CAP Service Data Unit, SDU).
The link encryption process in the link layer is the responsibility of the ULP host, and it also includes an encryption subprocess independently responsible for the link layer. The encryption process is initialized by the HCI_Setup_EncrypTIon command. After using this command, the ULP host of the master device indicates that the link layer is connected to a new encryption mode. As long as there is such a command from the ULP host, a SEC_EMPTY_REQ packet will be transmitted on the link layer connection.
In the time before the process indicated by the HCI_Command_Completed command is completed, no data packets from the ULP host are allowed after the HCI_Setup_EncrypTIon command.
3. ULP Bluetooth authentication and key generation process
3.1 ULP Bluetooth address ã€4】
ULP Bluetooth uses two types of addresses: device address and access address. The device address is subdivided into public and private device addresses. Each ULP device should be assigned a fixed 48-bit ULP Bluetooth public device address, and the address set by the private device is optional. A ULP device only displays its private address after proving its reliability. Each link layer connection has a pseudo-random 32-bit access address, generated by the applicant in the connection, and each link layer connection has a different access address. In the ULP Bluetooth system, only one data packet format can be used in both the broadcast channel data packet and the data channel data packet. As shown in Figure 2, each data contains 4 entities: header, sync word, PDU, and CRC. The synchronization word in the broadcast data packet is fixed, and the data packet synchronization word in the data channel is the access address of the link layer connection.
2222Bossgoo(China)Tecgnology.
(Bossgoo(China)Tecgnology)99 , https://www.tlqcjs.com