www.ti.com
Gap Bond Manager (GAPBondMgr)
37
SWRU271H–October 2010–Revised April 2019
Submit Documentation Feedback
Copyright © 2010–2019, Texas Instruments Incorporated
The Bluetooth Low Energy Protocol Stack
5.4 Gap Bond Manager (GAPBondMgr)
The GAPBondMgr profile handles the initiation of security features during a Bluetooth Low Energy
connection. Some data may be readable or writeable only in an authenticated connection. Table 5-1
defines the terminology used in Bluetooth Low Energy security.
Table 5-1. GAP Bond Manager Security Terms
Term Description
Pairing The process of exchanging keys
Encryption Data is encrypted after pairing, or re-encryption (a subsequent
connection where keys are looked up from nonvolatile memory)
Authentication The pairing process completed with MITM (Man in the Middle)
protection (passcode, NFC, and so forth).
Bonding Storing the encryption keys in nonvolatile memory to use for the
next encryption sequence.
Authorization An additional application level key exchange in addition to
authentication
OOB Out of Band. Keys are not exchanged wirelessly, but rather over
some other source such as serial port or NFC. This also
provides MITM protection.
MITM Man in the Middle Protection. This prevents an attacker from
listening to the keys transferred wirelessly to break the
encryption.
Just Works Pairing method where keys are transferred wirelessly without
MITM.
The general process to establish security is:
1. Pair the keys (exchanging keys through the following methods).
A. Just Works (to send the keys wirelessly)
B. MITM (to use a passcode to create a key)
2. Encrypt the link with keys from step 1.
3. Bond the keys (store keys in secure flash [SNV]).
4. When reconnected, use the keys stored in SNV to encrypt the link.
NOTE: You can skip steps. For example, you can to skip bonding and just re-pair after
reconnecting. The GAPBondMgr uses the SNV flash area to store bond information. For
more information on SNV, see Section 6.10
5.4.1 Overview of Bluetooth Low Energy Security
This section describes Bluetooth Low Energy security methods. For more information, see Device
Information Service (Bluetooth Specification), Version 1.0 (24-May-2011).
When connected, the devices can go through a process called pairing. When paired, keys are established
that encrypt and can authenticate the link. Either device may require a passkey to complete the pairing
process. This process is called man in the middle (MITM) protection. You could create this passcode with
a value such as 000000. Alternatively, the passcode can be a predetermined randomly-generated value
displayed on the device. After the correct passkey is displayed and entered, the devices exchange
security keys to encrypt and authenticate the link. The input and output capabilities of the devices in the
pairing request must match to make authentication is possible.
In many cases, the same central and peripheral devices often connect and disconnect from each other.
Bluetooth Low Energy has a security feature that lets the devices exchange a long-term set of security
keys when pairing. With this long-term set of security keys, re-pairing is unnecessary when reconnecting
in the future. This feature is called bonding and it lets the devices store the security keys and quickly
reestablish encryption and authentication after reconnecting without going through the pairing process.
To Next Page
Loading...
Need help?
General
