32
ZQ500 Series User Guide
Figure 11: Bluetooth Security Modes
Security Mode 1
If a BT>/= 2.1 device is pairing
with a BT</= 2.0 device, it falls
back to BT 2.0 compatibility
mode and behaves the same as
BT 2.0. If both devices are BT
>/= 2.1, Secure Simple Pairing
must be used according to the
BT spec.
Security Mode 2
If a BT >/= 2.1 device is pairing
with a BT </= 2.0 device, it falls
back to BT 2.0 compatibility
mode and behaves the same as
BT 2.0. If both devices are BT
>/= 2.1, Secure Simple Pairing
must be used according to the
BT spec.
Security Mode 3
If a BT >/= 2.1 device is pairing
with a BT </= 2.0 device, it falls
back to BT 2.0 compatibility
mode and behaves the same as
BT 2.0. If both devices are BT
>/= 2.1, Secure Simple Pairing
must be used according to the
BT spec.
Security Mode 4: Simple Secure Pairing
Simple Secure Pairing: a new security architecture introduced supported in BT >= 2.1.
Service-level enforced, similar to mode 2. Mandatory when both devices are BT >= 2.1.
There are four association models currently supported by mode 4. Security requirements for
services must be classified as one of the following: authenticated link key required, unauthen-
ticated link key required, or no security required. SSP improves security through the addition
of ECDH public key cryptography for protection against passive eavesdropping and man-in-
the-middle (MITM) attacks during pairing.
Numeric Comparison Passkey Entry Just Works Out of Band (OOB)
Designed for situation
where both devices are
capable of displaying
a six-digit number and
allowing user to enter
“yes” or “no” response.
During pairing, user
enters “yes” if number
displayed on both devic-
es matches to complete
pairing. Differs from
the use of PINs in
legacy (BT<=2.0)
pairing because the
number displayed for
comparison is not used
for subsequent link key
generation, so even if it
is viewed or captured by
an attacker, it could not
be used to determine
the resulting link or
encryption key.
Designed for situation
where one device has
input capability but no
display (e.g. keyboard),
while other device has
a display. The device
with a display shows a
six-digit number, then
the user enters this
key on the device with
input. As with numeric
comparison, the six-dig-
it number is not used in
link key generation.
Designed for situation
where one (or both) of
the pairing devices has
neither a display nor
keyboard for entering
digits (e.g. Bluetooth
headset). It performs
authentication step 1
in the same manner as
as numeric compar-
ison, but the user
cannot verify that both
values match, so MITM
(man-in-the-middle) pro-
tection is not provided.
This is the only model
in SSP that does not
provide authenticated
link keys.
Designed for devices
that support a wireless
technology other than
Bluetooth (e.g. NFC)
for the purposes of
device discovery and
cryptographic value
exchange. In the case
of NFC, the OOB model
allows devices to pair
securely by simply tap-
ping one device against
the other, followed by
the user accepting the
pairing via a single
button push. Security
against eavesdropping
and MITM attacks is
dependant on the OOB
technology.
Each mode, except for Just Works, has Man-In-The-Middle
(MITM) protection, meaning no third device can view the data be-
ing passed between the two devices involved. The SSP mode is
usually negotiated automatically based on the capabilities of both
the master and slave. Lower security modes can be disabled via
the bluetooth.minimum _ security _ mode SGD. The
bluetooth.minimum _ security _ mode SGD sets the lowest
security level at which the printer will establish a Bluetooth con-
nection. The printer will always connect at a higher security lev-
el if requested by the master device. To change the security
mode and security settings in the ZQ510 printer, use Zebra Setup
Utilities.
To Next Page
Loading...