Bluetooth Mesh Drives Security

By: Ron Lowman, Product Marketing Manager

Bluetooth-enabled devices have been a target of many documented hacks including Blueprinting, Bluesnarfing, Bluebugging, Bluejacking, Bluesmack and now most recently BlueBorne. BlueBorne intercepts communications in seconds, and subsequently enables hackers to download malicious software without requiring a file download – a frightening thought for consumers using and interacting with smart phones, tablets, wearables, beacons and personal assistants. These Bluetooth-enabled devices transmit and receive private user information that consumers expect to be secure. This article discusses how the introduction of Bluetooth mesh will remedy current vulnerabilities and drive a more secure and private IoT world. 

Introduction of Bluetooth Mesh

In July of 2017, the Bluetooth Special Interest Group (SIG) introduced Bluetooth mesh networking, continuing its upgrades to Bluetooth 4.2 with low energy technology and Bluetooth 5 specifications. Bluetooth 4.2 added optional security features while Bluetooth 5 added longer distances, better reliability, more data throughput, and faster data rates. Bluetooth mesh allows Bluetooth devices to create a network targeting applications like smart cities and factories. The specification enables a many-to-many network topology, connecting a few or a few thousand devices to one another. Bluetooth mesh’s features enable the adoption of Bluetooth in wireless sensor networks but instead of routing the data as the 802.15.4 standard specifies, Bluetooth mesh uses a simpler approach of flooding the data to the network.

A 2016 survey from On World shows the satisfaction of wireless sensor network capabilities decreasing from an already low level. Dissatisfaction increased with respect to the level of integration, battery life, cost and range capabilities of IoT wireless communication technologies. 

Figure 1: Survey respondents are increasingly dissatisfied with current IoT capabilities (Source: On World)

Figure 1: Survey respondents are increasingly dissatisfied with current IoT capabilities (Source: On World)

As the chart shows, costs are one of the biggest disappointments from 2014 to 2016. Bluetooth’s high level of use contributes to cost reductions, and die size has improved over the past 18 months. Bluetooth’s low memory footprint and small die size make it a perfect technology for chip integration. Battery life is a constant priority and even though other standards like the 802.15.4 technologies use less power than Bluetooth, the difference is minimal and remedied by integration into a single SoC rather than separate chipset implementations.

However, wireless sensor networks have their own set of security vulnerabilities. Hackers exploit these with node capture attacks, side channel attacks, denial of service attacks, routing attacks, replication attacks, time synchronization attacks, Sybil attacks and more. Upgrades to the Bluetooth Low Energy specifications address these concerns by, for example, making security a requirement in the Bluetooth mesh specification. 

Bluetooth is Pervasive, But is it Secure?

Bluetooth is easy to use, low cost, low power, and a de facto standard for wireless connectivity in beacons, wearables, and computer peripherals. However, Bluetooth has had a reputation for being easily hackable. Bluetooth has become a popular target for hackers because it is in all mobile phones where valuable personal and financial data is commonly stored. Some silicon providers are claiming their solutions are immune to BlueBorne and other vulnerabilities. Deeply embedded operating system developers and users have claimed very limited exposure to the new vulnerabilities. This is partially because deeply embedded designs (non-mobile) are developed with many different RTOS, stacks and software solutions unlike the mobile phones that are dominated by systems built on Android.

It’s still common practice for many Bluetooth Low Energy devices to send unencrypted data in peer-to-peer connections. Logically, this unsecured connection is because security is optional in current Bluetooth Low Energy Generic Attributes (GATT) devices. Secondly, developers see extra risk and cost associated with implementing security. If there are limited repercussions to avoiding security, and big hurdles to implementing security, many choose to forgo any security features.

Nevertheless, there is a very active trend to adopt security features. However, many products fail to properly design security into their system, making it ineffective and easily bypassed. Improper implementations can often be due to cost and complexity, ineffective controls during development, or a simple lack of security experience.

Bluetooth mesh can be adopted with firmware updates, presenting a new opportunity for securing IoT edge devices with Bluetooth connectivity with proper implementation of the security hardware components. 

Bluetooth Mesh Security Requirements and Implementation

Requiring security will move the market to consider and plan for security from the ground up, ensuring a quality security development process throughout the design cycle. From Bluetooth IP, security IP and processor IP selections, to final software and application testing of mobile apps, Bluetooth mesh requires security that works as intended. The Bluetooth SIG has specified the encryption and authentication of all mesh messages, which is a very important step in securing Bluetooth devices in the IoT environment.

For example, per a security researcher at the DEF CON hacker conference in 2016, “Many Bluetooth Low Energy smart locks can be hacked and opened by unauthorized users, but their manufacturers seem to want to do nothing about it.” Today, Bluetooth mesh requires lock manufacturers to implement proper security features in their devices.

Bluetooth mesh security uses three types of security keys: Network Keys, AppKeys and Device Keys. While the Device Keys provision and configure a node, the Network Keys set up each node as a member of a network. The AppKeys secure messages at the network layer to ensure messages from different applications only access the proper information. Advanced Encryption Standard-Counter with CBC-MAC (AES-CCM) is the basic encryption and authentication cipher used.

From a bottoms-up security implementation, many Bluetooth-enabled products will need to begin with a Random Number Generator. From that point forward, encryption/decryption and key generation can occur in varying ways depending on power usage profiles, performance requirements, and cost and complexity trade-offs. Doing these tasks in hardware can increase performance, lower power consumption and ensure a more secure implementation.

The chip architecture should implement the necessary functions in hardware, when appropriate, and ensure a proper utilization of hardware by the firmware and software developers during their development cycle. Designers should plan interoperability testing with secure implementations of Bluetooth mesh with partners throughout all the layers of the protocol. Bluetooth mesh requires security at multiple layers, making it a driving force in wireless connectivity for the Internet of Things.

Conclusion

Bluetooth is pervasive in mobile devices, beacons, wearables and audio headsets. The adoption of Bluetooth 5 expands the technology beyond nearables and hearables to new applications such as smart homes. Bluetooth mesh moves the technology even further, supporting networks of devices both large and small. But most importantly, Bluetooth mesh makes security a requirement, not an option.

The Synopsys DesignWare Bluetooth Low Energy Link Layer and PHY IP solutions, compliant with Bluetooth 5 and Bluetooth mesh, deliver random number generation and crypto acceleration hardware as optional features to enable a secure product. Synopsys’ DesignWare Security IP solutions include NIST-compliant true random number generators and an array of options for crypto acceleration to best fit power, area and performance optimizations. Synopsys’ DesignWare ARC Secure IP Subsystem addresses security threats in embedded SIM and other high-value embedded applications, and provides a programmable hardware root of trust to protect against malware, tampering and exploitation of communication protocols in SoCs. Beyond the Bluetooth, processor, security, and subsystem IP, Synopsys is collaborating with industry leaders such as InfoSec Global supporting their Agile Crypto Solutions, and Rambus with CryptoManager infrastructure and key provisioning services, to better react to new threats leveraging Synopsys IP and firmware updates.

Adoption of industry leading wireless and security IP, software, and services is essential to address almost daily security vulnerabilities, starting from the design concept phase. Bluetooth mesh enables better, and proper security adoptions for Bluetooth-enabled devices.