Bluetooth low energy Encryption
The Long Term Key (LTK) in Bluetooth low energy is similar to the Link Key in Classic Bluetooth. It is a persistent key that is stored in both devices and used to derive a fresh encryption key each time the devices go encrypted. In the Sodera Security pane the LTK is entered in the Link Key field so the following discussion will use Link Key instead of LTK.
Click here to learn more about the Long Term
The Long Term Key is similar to the Link key in Classic; it is a persistent key that is stored in both devices and used to derive a fresh encryption key each time the devices go encrypted.
There are a few differences though:
In Classic the Link key is derived from inputs from both devices and is calculated in the same way independently by both devices and then stored persistently. The link key itself is never transmitted over the air during pairing.
In LE, the long term key is generated solely on the slave device and then, during pairing, is distributed to a master device that wants to establish an encrypted connection to that slave in the future. Thus the long term key is transmitted over the air, albeit encrypted with a one-time key derived during the pairing process and discarded afterward (the so called short term key).
Unlike the link key, this long term key is directional, i.e. it is only used to for connections from the master to the slave (referring to the roles of the devices during the pairing process). If the devices also want to connect the other way round in the future, the device in the master role (during the pairing process) also needs to send its own long term key to the device in the slave role during the pairing process (also encrypted with the short term key of course), so that the device which was in the slave during the pairing process can be a master in the future and connect to the device which was master during the pairing process (but then would be in a slave role).
Since most simple LE devices are only ever slave and never master at all, the second long term key exchange is optional during the pairing process.
Bluetooth low energy Static Address Link Key Required
In this example a low energy device requires Link Key entry for the Frontline software to decrypt the data. To enter the Link Key click on Enter link key and type or paste in the Link Key in hex format.
Note: It is not necessary to precede the Link Key with "0x" to signify a hex format. The software will automatically add "0x" to the front of the Link Key.
Bluetooth low energy Enter Link Key
Press the Enter key or click outside the Link Key box. If the Link Key is valid the box will be green, beneath the Link Key will appear "Valid, and the Status will show an open, green lock indicating that decryption is enabled.
If the Link Key is not valid the box will be red, beneath the entered Link Key will appear "Invalid", and the Status will show a closed, red lock indicating that decryption is not enabled.
Bluetooth low energy Valid Link Key
Bluetooth low energy Invalid Link Key
Legacy Just Works Pairing
In this example the devices under test useLegacy Just Works pairing to calculate a Short-Term Key (STK) in order to securely transfer the device's Long-Term Key (LTK). The LTK is then used to encrypt the subsequent security contexts.
Bluetooth low energy Piconet Public Key and Private Key Encryption
PIN is a six-digit decimal number. If a passkey is required by the device "Enter passkey" will appear in the device's PIN/TK field.
Bluetooth low energy Passkey Decryption Not Enabled
This example uses Passkey Pairing to enable decryption. The user clicks on "Enter passkey" in the device PIN/TK field.
Bluetooth low energy Passkey Entry
Press Enter or click outside the field. If the Passkey is correct it will appear in the PIN/TK field with "Valid" appearing below the passkey, Link Key field will automatically fill with the Link Key that will show "Valid" and appear green. The Status field will show an open, green lock to show that encryption is enabled and the analyzer can show decrypted data.
If the entered Passkey is incorrect, the PIN/TK field will be red and "Invalid" will appear below the entered PIIN. The Status field will show a closed, red lock to indicate that encryption is not enabled.
Bluetooth low energy Passkey Decryption Enabled
Bluetooth low energy Passkey Invalid
Legacy Out-of-Band(OOB) Pairing
Out-of-Band (OOB) data is a 16-digit hexadecimal code preceded by "0x" which the devices exchange via a channel that is different than the le transmission itself. This channel is called OOB. For off-the-shelf devices we cannot sniff OOB data, but in the lab you may have access to the data exchanged through this channel.
If a device requires OOB data the device Link Key field will show "Enter OOB TK".