BM70 Security Features

Last modified by Microchip on 2023/11/09 09:03

Contents

Overview
Pairing Methods Supported
Bonding Capability
Applying a Security Level to a Connection
- Flow of Control
- Host MCU Interaction with BM70

This page covers Bluetooth^® Low Energy security features offered in the BM70 module. You should have a working knowledge of BLE security to gain a complete understanding of the way the BM7x operates and provides security.

Overview

The GAP Layer defines modes and procedures which relate to the security of a connection. The BM70 supports LE Security Mode 1 with four security levels as specified by the definitions in the GAP layer. In general, LE Security Mode 1 gains security by using encryption, and this will only be done after the connection has been established.

To keep it simple, when two connected devices that initially do not have security wish to do something that requires security, the devices must first pair. Pairing involves authenticating the identity of two devices, encrypting the link, and then distributing keys used for encryption (bonding). The diagram below tries to capture what pairing involves. The level of security gained from all this is determined from the pairing method used and this is selected based on the I/O capabilities of each device.

Established connection (pairing)

The Pairing Procedure is typically initiated by the Generic Attribute Profile (GATT) Client after attempting to read a characteristic on the GATT Server that requires authenticated access.

Pairing Methods Supported

BM70 supports the following pairing methods:

Just Works (unauthenticated)
Passkey Display (authenticated)
Numeric Comparison (authenticated)

The term "authenticated" here means the pairing method gives enough security to protect against “Man in the Middle” attacks. The term "unauthenticated" means the pairing method does not protect against “Man in the Middle” attacks, but pairing still occurs, keys are exchanged, and the link can still be encrypted.

Just Works and Passkey Display methods are considered LE Legacy pairing methods (available in BLE v4.0/v4.1). BLE v4.2 added the Numeric Comparison method, which meets the requirements of the Payment Card Industry (PCI) for Pin Transaction Security (PTS) Point of Interaction (POI) financial transactions, where BLE v4.2 must be used and the device must support Security Mode 1 level 3 or 4.

These methods are supported via the following I/O capability settings, which are available on BM70:

No Input No Output
Display Only
Display Yes/No
Keyboard Only
Keyboard Display

The following table determines the pairing method (and thus the security level achieved) based on the BM70 device's capabilities.

Note that in a typical security scenario, the smartphone plays the role of Initiator and since it has both a keyboard and a display, it has a fixed I/O capability (Keyboard Display), while a BM70-based Peripheral device would typically have the ability to Display (Send) a PIN key to the phone for verification (Display Yes/No I/O capability):

Pairing method table

Q. For cells containing two pairing methods (i.e. Passkey Display + Numeric Comparison, which one is used?

A. The method used depends on the capability of the peer device that is connecting to the BM70 (BM70 supports BLE 4.0/4.1/4.2).

BLE 4.2 peers will use Numeric Comparison, while BLE 4.0/4.1 peers will use Passkey Display.

Bonding Capability

BM70 is capable of bonding with up to 8 peers. A "link priority" setting is also associated with each key set, indicating how recently the peer was connected with (1 being newest and 8 being oldest).

When trying to bond/pair when the list is full, the module should return an error code in the command complete event. The error should indicate insufficient resources or memory. It is up to the host to delete a device to make room for the new one and retry the pairing sequence.

Applying a Security Level to a Connection

The first step is to establish the desired connection security level for the application.

Next, the characteristic attributes requiring authenticated access need to be configured as such.

Finally, the appropriate BM70 static/dynamic configuration parameters need to be configured in the module to enable a security level change to take place in a connection, and to be automatically applied to all subsequent re-connections.

Flow of Control

The diagram below shows the flow of control between a BM7x (acting as a GATT Server) and a peer device (smartphone, etc.). The BM70 is connected to an MCU Host via the UART interface (BM70-to-Host packets not shown):

Flow of control between a BM7x and a peer device

Host MCU Interaction with BM70

The status/control messages (packets) that occur between the host and BM7x during the pairing process are based on the type of pairing method selected. The diagram below shows an example of the interaction based on the Passkey Display method with the BM7x being an 'Initiator' or ‘Responder’:

Interaction based on the Passkey Display method with the BM7x being an 'Initiator' or ‘Responder’

Please refer to the "BLEDK3 Command Set" user's guide for complete details on the Pairing and Security-related op-codes available.