Requiring security will move the market to consider and plan for security from the ground up, ensuring a quality security development process throughout the design cycle. From Bluetooth IP, security IP and processor IP selections, to final software and application testing of mobile apps, Bluetooth mesh requires security that works as intended. The Bluetooth SIG has specified the encryption and authentication of all mesh messages, which is a very important step in securing Bluetooth devices in the IoT environment.
For example, per a security researcher at the DEF CON hacker conference in 2016, “Many Bluetooth Low Energy smart locks can be hacked and opened by unauthorized users, but their manufacturers seem to want to do nothing about it.” Today, Bluetooth mesh requires lock manufacturers to implement proper security features in their devices.
Bluetooth mesh security uses three types of security keys: Network Keys, AppKeys and Device Keys. While the Device Keys provision and configure a node, the Network Keys set up each node as a member of a network. The AppKeys secure messages at the network layer to ensure messages from different applications only access the proper information. Advanced Encryption Standard-Counter with CBC-MAC (AES-CCM) is the basic encryption and authentication cipher used.
From a bottoms-up security implementation, many Bluetooth-enabled products will need to begin with a Random Number Generator. From that point forward, encryption/decryption and key generation can occur in varying ways depending on power usage profiles, performance requirements, and cost and complexity trade-offs. Doing these tasks in hardware can increase performance, lower power consumption and ensure a more secure implementation.
The chip architecture should implement the necessary functions in hardware, when appropriate, and ensure a proper utilization of hardware by the firmware and software developers during their development cycle. Designers should plan interoperability testing with secure implementations of Bluetooth mesh with partners throughout all the layers of the protocol. Bluetooth mesh requires security at multiple layers, making it a driving force in wireless connectivity for the Internet of Things.