Professional Documents
Culture Documents
The SMP (Security Manager Protocol) offers applications running over a Bluetooth Low
Energy stack access to the following types of services:
Device Authentication
Device Authorization
Data Integrity
Data Confidentiality
Data privacy
What services and keys are used for the communication between two devices are established
during the SMP Pairing procedure which is performed by the SMP and set up by the
Application according to its needs.
Code
IO
OOB
Capability Data
Flag
AuthReq
Bondin
g Flags
Maximum
Initiator
Responde
Encryptio
Key
Key
MITM Reserved n Key Size Distribution Distributio
Bits
Bytes
1
1
IO Capability
0x00
DisplayOnly
0x01
DisplayYesNo
0x02
Bonding Flag
0x0
0
No
Bonding
KeyboardOnly
0x0
1
Bonding
0x03
NoInpoutNoOut
put
0x1
0
Reserved
0x04
KeyboardDispla
y
0x1
1
Reserved
0x050xFF
Reserved
0x01
0x020xFF
Reserved
Subfield
EncKey
IdKey
Sign
Bits
Bytes
The value of the IO Capability field is set up by devices according to the following table from
the BLE4.1 spec:
Rese
The OOB Data Flag is set to 1 if the application/device requires and supports exchanging
data through an Out-of-band method.
The MITM flag is set in the AuthReq field if the Application requires Man-in-the-middle
protection.
The Bonding Flags in the AuthReq field are set if the application requires bonding.
The minimum Encryption Key Size is set up by the application with a value between 7 Bytes
(56 bits) and 16 Bytes (128 bits) in steps of 1 byte. Keys which are less than 128 bits are
padded with zeroes starting with the lowest address: 128 bit key 0x123456789ABCDEF0123456789ABCDEF0, 56 bit key 0x0000000000000000003456789ABCDEF0.
The Initiator and Responder key distribution fields are set depending on what keys must be
exchanged between two devices in phase 3 of the pairing process.
The Initiator is always the Link Layer Master (GAP Central) and the Responder is always the
Link Layer Slave (GAP Peripheral) in a connection.
Authentication
The second step of the pairing procedure is the Authentication step which is performed based
on the information exchanged in the previous step in the Pairing Request and Pairing
Response messages.
In this step the Temporary Key is generated. There are 3 ways of generating the TK in BLE
(described below): Just Works, OOB, and Passkey Entry. The priority of these methods is the
following: if both devices have set the OOB flag than the OOB method is used regardless of
the other flags in the Pairing Request and Response. If the OOB flag is not set on at least one
of the devices then the MITM flag is checked. If both devices have not set the MITM flag
then the just works method is chosen (IO capabilities are ignored), else the pairing algorithm
is chosen based on the IO Capabilities.
The following table describes the relation between the TK and the pairing methods.
MITM
Protectio
n
Notes
Just
Works
0 (zero)
NO
No authentication
Passkey
Entry
YES
Authenticated
Interface allows
displaying or
entering values
Authenticated
Out Of
Band
YES
After the TK is obtained the devices generate the STK. The STK generation procedure is
detailed in the following table for the Initiator and the Responder
Intiator
Responder
Notes
Distribution of keys
The third phase of the pairing procedure is the distribution of the keys. The keys are
distributed using specific SMP packets. The keys are encrypted with the STK and once stored
in a security database must have the same properties (authentication, MITM protection) as the
STK. The keys which can be distributed are: (LTK, EDIV and Rand), IRK, CSRK.
The distributed EDIV and Rand values are transmitted in clear text by the master device to
the slave device during encrypted session setup.
The BD_ADDR of devices is also distributed in this phase.
Only the security information specified in the Pairing Request and response is distributed.
The distribution is done in the following order specified by the standard:
1. LTK by the slave
2. EDIV and Rand by the slave
3. IRK by the slave
4. BD ADDR by the slave
5. CSRK by the slave
6. LTK by the master
7. EDIV and Rand by the master
8. IRK by the master
9. BD_ADDR by the master
10. CSRK by the master