Emerging Tech: Security — The Need for Wireless Airspace Cybersecurity
Download now▶
Resources Video
Bluetooth Key Generation – Part 2
Summary
Excerpt From Bluetooth Vulnerabilities (Part 2) Webinar
CTO Dr. Brett Walkenhorst Explains Bluetooth Key Generation
In this short video, CTO Dr. Brett Walkenhorst describes the key generation process that occurs during Bluetooth connections. He details the difference between legacy pairing and secure connections (SC) pairing, both of which have varying nuances and security implications. For more secure connections, it’s advisable to use the latter of the two options. Even though this may mean limiting the number of devices with which you are communicating, the benefits of SC pairing significantly outweight the risks of legacy pairing if security is paramount for your organization.
Video Transcript
So we talked about legacy pairing and connections. So just really briefly, because this is gonna become important in a minute or two. Legacy pairing uses a couple of different mechanisms with limited entropy. When you use just works, a temporary key that is just set to zero. So all that happens then is some random numbers get shared by the two devices you hash those combinations together with that temporary key to create what's called a short term key, then you establish a Dolink and you then share the long term key.
So there's this process where you're just kinda stepping through, but there's there's really no entropy in that whole process So if I'm listening, I could just crack it. Similarly with past key entry. I'll talk about that in just a minute. With secure connections though, you're multiplying a point on an elliptic curve by your private key to create a public key, you share those keys across the air, You multiply the key you received by your own private key and you come up each of you independently with the same shared secrets.
So there's nothing that's been shared in in the clear that any attacker could use to get back to the crypto information that would allow them to derive that symmetric key. So that's a solid mechanism. And anytime you can use secure connections, you wanna do that. For security purposes, that might mean you don't end up talking to certain devices, but, you know, if security is paramount, that's what you wanna use.
We’d love to show you around
Learn how Bastille can help you prepare you for today’s ever-growing wireless threat landscape, and schedule a demo and we’ll be in touch shortly.