As a means of bringing wireless to simple and inexpensive devices, Bluetooth Low Energy, otherwise known as BLE or Bluetooth SMART, is impressive. It uses just a tenth of the power of classic Bluetooth by utilising fast connections, longer sleep modes and a concise messaging structure. The most rapid growth of BLE has initially been in consumer applications such as sport and body monitoring, beacons and home entertainment. The combination of ultra-low power, small size and low cost suggest some compelling cases for BLE in medical and industrial applications. However, there’s a snag: these applications suggest a need for stronger security. While security should be a top concern in all wireless applications, some use cases (especially in the medical field) involve much more sensitive data than others. For these, BLE security can benefit from a helping hand.
Like other secure channel protocols, Bluetooth has an initial phase (known as pairing) where two devices establish shared keys, followed by a traffic protection phase in which data is encrypted and authenticated using the shared keys. These keys can be saved for later use in a third phase known as bonding. This involves the devices storing the keys and values exchanged so that the pairing procedure is not required again, unless the bonding information is deleted from one of the devices.
BLE shares many of the security traits of Bluetooth, with some exceptions. Unlike classic Bluetooth, SAFER+ cryptography is used by BLE to generate keys for encryption and authentication. However, BLE in Bluetooth 4.0 and 4.1 don’t use the Diffie-Hellman method for key exchange during the pairing procedure; this method is only adopted for BLE in Bluetooth 4.2. This means BLE devices with the earlier versions of the BLE specification could become vulnerable to passive eavesdropping during the key exchange part of the process. In contrast, classic Bluetooth is unprotected only if an active eavesdropper is present during pairing and can act as the man-in-the-middle to relay the key exchange. In Bluetooth 4.0 and 4.1, BLE implements three of the four variants of Simple Secure Pairing used in classic Bluetooth: Just Works, Passkey Entry, and Out-Of-Band. The fourth, Public/Private Key Exchange, has since been added in version 4.2.
To enhance security during the pairing process, Laird – a world leading supplier of short-range wireless connectivity solutions, including Bluetooth wireless modules and development kits – has developed a unique approach to resolve this problem. This solution involves the transmission power being significantly decreased while pairing is in progress. Whisper Mode Pairing effectively limits the ‘bubble,’ a physical range, in which eavesdroppers would be able to listen in on the public key exchange in Phase 2. Laird screens out intruders by ensuring that the devices will not pair unless they are within close proximity to each other. For mobile healthcare applications, proximity pairing makes good sense. For instance, it enables clinicians to access individual patient information with a smartphone or tablet by being in close proximity to relevant medication packets or patient monitors.
Whisper Mode Pairing is available in Laird’s BL600 series of BLE modules, which are programmed using the smartBASIC programming language, an implementation of a structured BASIC programming language optimised for use on low-cost embedded systems with limited memory. This has additional cryptographic functions that can be used to encrypt/decrypt data, in addition to any encryption applied at the transport layer.
For OEMs looking to implement wireless solutions into their medical or industrial devices, Laird’s BL600 series proves that there’s no need to sacrifice security for a quality wireless connection. These modules ensure that users make trusted connections to the right device with ease and efficiency, building confidence in Bluetooth and other wireless protocols in general.