GAP Security — Modes, Procedures, Privacy & Random Addresses

Chapter 14 · Sections 14.6.4.3–14.8 · Bonding · LE Security Modes 1 & 2 · Data Signing · Privacy Feature · Random Device Address · Chapter 14 Summary

SEO Keywords

BLE LE Security Mode 1 four levels authenticated encrypted BLE Security Mode 2 data signing CSRK 12-octet BLE Secure Connections Only Mode Level 4 BLE authentication authorization encryption GAP BLE privacy feature RPA rotation prevent tracking BLE Random Device Address static private resolvable IRK BlueZ btmgmt security encryption bonding

14.6.4.3 — Bonding Procedure Optional — Peripheral & Central

Storing Security Keys for Future Reconnections

Bonding is triggered when a service on the peer device requires it. The Security Manager of the Central initiates pairing. If both sides are in Bondable Mode, they complete the SM pairing procedure (Chapter 11) and write the resulting keys into their persistent security databases so future connections can re-encrypt without repeating the full pairing exchange.

Figure 14.19 — Bonding Procedure

Central (Host SM / Controller) Peripheral (Host SM / Controller)

Link Establishment complete

Service access requires bonding?

Enable Bondable Mode

Security Manager Pairing Procedure (initiated by Central)

Store bonding info in security DB

/* View bonded device security database in BlueZ:            */
cat /var/lib/bluetooth/AA:BB:CC:DD:EE:FF/11:22:33:44:55:66/info
/* [LongTermKey]                                             */
/* Key=aabbccdd11223344aabbccdd11223344                      */
/* Authenticated=1   (1=MITM protected, 0=Just Works)        */
/* EncSize=16                                                */

/* Bond a device via btmgmt (LE transport = -t 1):           */
sudo btmgmt pair -t 1 11:22:33:44:55:66

14.7 — Security Overview

Security is optional for LE devices — implemented only when services need to be protected. After connection, each device’s Security Manager specifies the mode for all subsequent transactions. Requirements can apply at device level or per individual service.

Two Security Modes (Table 14.9)

LE Security Mode 1 — encryption
LE Security Mode 2 — data signing

Both excluded for Broadcaster and Observer

Four Security Procedures (Table 14.10)

Authentication Procedure
Authorization Procedure
Connection Data Signing
Authenticate Signed Data

All optional for Peripheral and Central

14.7.1 — LE Security Mode 1 Encryption-Based

Four Levels of Increasing Protection

Mode 1 covers all encryption-based security in BLE. Each level satisfies all requirements of the levels below it. A Level 3 or Level 4 connection also satisfies LE Security Mode 2 requirements.

Level 1 No Security No authentication, no encryption. Any device can connect and access.

Level 2 Unauthenticated + Encrypted Just Works pairing — link encrypted, no MITM protection.

Level 3 Authenticated + Encrypted Passkey or OOB pairing with MITM protection, link encrypted.

Level 4 LE Secure Connections + Authenticated + Encrypted ECDH P-256 — strongest available, BLE 4.2+.

Backward compatibility: A Level 4 connection satisfies requirements for Levels 1, 2, 3, and LE Security Mode 2. A service requiring Level 2 will work fine on a Level 3 or 4 connection.

14.7.2 — LE Security Mode 2 Data Signing

PDU-Level Integrity Without Link Encryption

Mode 2 signs each PDU with a CSRK-based 12-byte signature instead of encrypting the whole link. This avoids the latency and battery cost of encryption handshakes while still verifying the sender’s identity and protecting against tampering. Data signing is skipped entirely when the connection is already in Mode 1 Levels 2, 3, or 4.

Level 1 — Unauthenticated pairing with data signing. CSRK distributed during Just Works pairing.

Level 2 — Authenticated pairing with data signing. CSRK from MITM-protected pairing — stronger identity assurance.

14.7.3 — Secure Connections-Only Mode

No Legacy Pairing Accepted — Level 4 or Nothing

A device in this mode allows only LE Security Mode 1 Level 4 (authenticated LE Secure Connections with encryption) or services that have no security requirement (Level 1). Every legacy pairing attempt is rejected. This mode suits medical devices, payment terminals, and industrial controllers where accepting weaker pairing is not permissible.

/* Enable Secure Connections Only mode with btmgmt:           */
sudo btmgmt sc-only on

/* Any Pairing Request with SC bit = 0 is now rejected        */
/* Error returned: SMP_AUTH_REQUIREMENTS (0x03)               */

/* Verify the flag is set:                                    */
sudo btmgmt info | grep -i "secure connections"

14.7.4 — Authentication Procedure

Checking and Upgrading Security Before Service Access

Authentication covers Mode 1 and is initiated after a connection is established. Authentication is achieved through encryption — the security of that encryption depends on what pairing method was used. Two pairing types are defined:

Authenticated pairing — pairing was done with MITM protection (Passkey Entry or OOB)
Unauthenticated pairing — pairing was done with no MITM protection (Just Works)

Server receiving a service request: Before responding, the server checks whether the current link security satisfies the service’s security settings. If insufficient, it returns an ATT Error Response with the appropriate error code. The client must upgrade security and retry.

Client sending a service request: The client compares the target service’s required security level against the current connection’s security. If insufficient, the client initiates the appropriate procedure (pairing or encryption setup) before sending the actual request.

14.7.5 — Authorization Procedure

A user-confirmation gate above authentication. Even after successful authentication, a device may require the user to explicitly approve access to a specific service. The user actively confirms before the operation is permitted. This is an application-level decision, separate from the pairing state of the connection.

14.7.6 — Encryption Procedure

Slave initiates: Slave sends a Security Request to the Master asking it to start encryption. (Explained in Chapter 11.)

Master initiates: Master directly starts the encrypted session using a stored LTK or by performing fresh pairing.

BLE 4.2 rule: If encryption fails and any device is using a Resolvable Private Address, that address must be discarded immediately and a new one generated.

14.7.7 — Data Signing

12-Byte CSRK Signature — Fast Authenticated Transfers Without Encryption

Data signing is used in Mode 2 when fast connection setup and data transfer are more important than link confidentiality. The sender appends a 12-byte authentication signature to the data PDU using the Connection Data Signing Procedure. The receiver verifies it using the Authenticate Signed Data Procedure. Encrypting an entire link takes time and battery — signing individual PDUs is much cheaper.

Figure 14.20 — Data Signing on an Unencrypted Connection

Central (Host SM) Peripheral (Host SM)

Link established — no encryption

Connection Data Signing Procedure: sign with CSRK → append 12-octet signature

→

PDU + 12-byte signature received

Authenticate Signed Data Procedure: verify signature with stored CSRK

/* Data signing uses ATT opcode 0xD2 (Signed Write Command)  */
/* PDU = Opcode(1) + Handle(2) + Value(n) + Signature(12)   */
/* Signature = 4-byte counter + 8-byte AES-CMAC(CSRK, data) */
/* Counter prevents replay of captured signed PDUs           */

/* CSRK stored in BlueZ bonding info:                        */
grep -A2 SignatureKey \
  /var/lib/bluetooth/AA:BB:CC:DD:EE:FF/11:22:33:44:55:66/info
/* [LocalSignatureKey]  → our CSRK, distributed to peer     */
/* [RemoteSignatureKey] → peer CSRK, used to verify their PDUs */

14.7.8 — Privacy Feature

Rotating Addresses to Block Passive Location Tracking

Many LE devices are worn on the body — watches, fitness bands, heart rate monitors, medical patches. A fixed Bluetooth address allows any receiver to track that person’s location by correlating transmissions at different physical points over time. The privacy feature prevents this by changing the device’s advertised address frequently.

A Peripheral supporting privacy exposes two characteristics in its GAP service:

Peripheral Privacy Flag (UUID 0x2A02 — Mandatory): Value 1 means privacy is enabled. If the characteristic is writable, the Central can remotely toggle privacy on or off without physical access to the Peripheral.

Reconnection Address (UUID 0x2A03 — Optional): Each time the Central connects, it writes a fresh address here. The Peripheral uses this address as the target in ADV_DIRECT_IND for the next directed connectable event. The Central may also add this address to its White List to filter other devices.

BLE 4.2 — Resolving List in Controller: The Host can load IRKs directly into the Controller. The Controller resolves Resolvable Private Addresses on its own before notifying the Host, eliminating the processing overhead of host-side address resolution.

/* Enable privacy (Resolvable Private Address) in BlueZ:     */
sudo btmgmt privacy on

/* Configure RPA rotation interval (default 15 minutes):     */
/* /etc/bluetooth/main.conf                                  */
/* [Policy]                                                  */
/* PrivacyTimeout = 900   # seconds                          */

/* View IRK stored for a bonded device:                      */
grep -A2 IdentityResolvingKey \
  /var/lib/bluetooth/AA:BB:CC:DD:EE:FF/11:22:33:44:55:66/info
/* Key=aabb...  ← IRK used to resolve this device's RPA      */

/* BlueZ loads IRKs into Controller resolving list (4.2+)    */
/* See hci_sync.c: hci_le_add_device_to_resolving_list_sync() */

14.7.9 — Random Device Address Types

Four Leaves on the Address Type Tree

GAP defines the complete taxonomy of LE device addresses. A device can use either its permanent public address or one of three types of random address.

Figure 14.21 — Device Address Type Hierarchy for LE Devices

Device Address (48-bit)
Public Device Address
IEEE OUI registered — permanent
Random Device Address
Static
Private
Non-resolvable
Resolvable (RPA)

Static Address: Randomly generated — once per power cycle or kept permanently. Cannot change while the device is powered on. If the static address changes between sessions, bonded peers holding the old address will fail to reconnect.

Private Non-resolvable: Changes periodically. Nobody — including bonded devices — can trace it back to the real device identity. Provides true anonymity at the cost of breaking reconnection for bonded peers.

Private Resolvable (RPA): Changes periodically. Devices holding the matching IRK can derive the real identity and reconnect seamlessly. Passive observers see only a stream of constantly-changing addresses. This is the standard production privacy mechanism in BLE 4.2+.

/* Enable RPA rotation in BlueZ:                             */
sudo btmgmt privacy on && sudo btmgmt power on

/* btmon shows current RPA being used:                       */
sudo btmon 2>&1 | grep "Random Address"
/* Random Address: 5d:a2:f1:xx:xx:xx (type: resolvable)      */

/* BlueZ automatically adds bonded device IRKs to            */
/* the Controller resolving list (BLE 4.2+ hardware):        */
/* hci_le_add_device_to_resolving_list_sync() in hci_sync.c  */
/* This allows Controller-side RPA resolution without        */
/* host wakeup for every advertising event                   */

14.8 — Chapter 14 Summary

What GAP Delivers Across the Stack

The Generic Access Profile is the bedrock every BLE device stands on. It defines the minimum protocol stack, the exact terminology for user interfaces, the structure of advertising data, how devices discover each other, how connections are made and terminated, and how all levels of security are applied. It also ensures consistent naming conventions between LE and BR/EDR — so “Bluetooth Device Name” and “Bluetooth Passkey” mean the same thing to users regardless of the underlying transport.

Next → Chapter 15 covers the GATT-based profiles that real products use: IAS, FMP, LLS, TPS, PXP, Battery, Device Info, Current Time, Health Thermometer, Blood Pressure, and IPSP for BLE IoT with IPv6 and 6LoWPAN.

embeddedpathashala.com

BLE GAP Security — Modes, Procedures, Privacy & Random Addresses