Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bluetooth Secure Simple Pairing Using NFC Part 1
1. Bluetooth Secure Simple
Pairing Using NFC
Part 1
2014 NFC World Congress
September 24, 2014 | Marseille, France
2. Presenter:
Tore Austad
Senior R&D Engineer, Wireless Design, Nordic Semiconductor ASA, Norway
Tore Austad has worked at Nordic Semiconductor ASA for 15 years as a Senior R&D engineer. Tore has been involved in
development projects for ultra-low power wireless ICs for the 433 MHz, 915 MHz and 2.4 GHz ISM bands. For the last two
years, Tore has focused on how to combine NFC and Bluetooth Low Energy technologies and ways to improve the user
experience.
Tore has been a member and an active contributor to the NFC Forum Reference Application Framework Working Group
from 2012 to 2014.
Nordic Semiconductor ASA
2
3. Outline
• Bluetooth LE Technology overview
• NFC Technology overview and the NFC Forum
• The NFC Forum Connection Handover specification
• The NFC Forum BT SSP using NFC application document
• Success factors
• Example of products in the market
• Demonstration with Windows 8 / Android
• Question and Answers
3
4. Bluetooth Low Energy Technology
Overview
• Essentials
• Revision history and Terminology
• LE Features
• GAP and SM
4
5. Bluetooth Technology: Essentials
Standard for Personal Area Network based on
Ericsson research
Short range, low power
Frequency hopping spread spectrum (FHSS)
2.4 GHz ISM band
Bluetooth Special Interest Group formed in
1998
20,000+ SIG member companies
Billions of products shipped
http://www.bluetooth.com/Pages/History-of-Bluetooth.aspx
http://www.bluetooth.com/Pages/Board-of-Directors.aspx
5
6. Bluetooth Technology: Revision
History
• Significant specification revisions:
• Bluetooth 1.1 (2002): 1 Mb/s, first widely implemented version
• Bluetooth 2.0 + EDR (2004): Adds 2Mb/s and 3Mb/s data rates
• Bluetooth 2.1 + EDR (2007): Secure Simple Pairing
• Bluetooth 3.0 + HS (2009): Adds alternate PHY (802.11 initially)
Bluetooth 4.0 + HS (2010): EDR, HS and low energy
Bluetooth Simple Secure Pairing Using NFC Application Document:
Version 1.0 Bluetooth 2.1 SSP
Version 1.1 Bluetooth 2.1 for BR/EDR with SSP
+ Bluetooth 4.0 Out of Band pairing for LE
Bluetooth 4.1 (December 2013):
https://www.bluetooth.org/en-us/specification/adopted-specifications
6
7. Bluetooth Technology:
Terminology
7
BR/EDR/HS 1.1 2.0 3.0 BR/EDR/HS 4.0 Dual Mode (+LE) LE 4.0 Single Mode
Figure from: http://www.bluetooth.com/pages/Bluetooth-Brand.aspx
8. Bluetooth LE Technology:
Configurations
GENERIC ACCESS PROFILE (GAP): This profile defines the generic
procedures related to discovery of Bluetooth devices (idle mode
procedures) and link management aspects of connecting to
Bluetooth devices (connecting mode procedures). It also defines
procedures related to use of different security levels. In addition,
this profile includes common format requirements for
parameters accessible on the user interface level.
GENERIC ATTRIBUTE PROFILE (GATT): This specification defines
the Generic Attribute Profile that describes a service framework
using the Attribute Protocol for discovering services, and for
reading and writing characteristic values on a peer device.
ATTRIBUTE PROTOCOL (ATT): This specification defines the
Attribute Protocol; a protocol for discovering, reading, and
writing attributes on a peer device
SECURITY MANAGER (SM) defines the protocol and behavior to
manage pairing, authentication and encryption between LE
devices.
LOGICAL LINK CONTROL AND ADAPTATION PROTOCOL
SPECIFICATION (L2CAP) supports higher level protocol
multiplexing, packet segmentation and reassembly, and the
conveying of quality of service information. The protocol state
machine, packet format, and composition are described in this
document.
8
Figure from: https://developer.bluetooth.org/TechnologyOverview/Pages/BLE.aspx
Bluetooth core specification version 4.0
9. Bluetooth Technology:
LE Key Features
PHY compatible with all 4.0 Bluetooth devices
Simple to use
– API available on Windows, Apple and Android
Low complexity
– Cheap
– Low memory footprint
Ultra Low Power
– Small packets
– Short RX and TX windows
– Race to idle
• Turn radio on as seldom as possible
• Turn radio off as soon as possible
Coin-cell battery 1+ year
Fast connection in 6 ms and teardown
9
10. Bluetooth LE Technology:
Generic Access Profile Overview
Generic Access Profile
– Common to BR/EDR and BLE
– Mandatory for all BLE profiles
– Procedures to discover and connect to
devices
– Roles
• Peripheral (Slave)
• Central (Master)
• Broadcaster (Advertiser)
• Observer (Scanner)
– Security
• Creating bonds with peer devices
• Attribute access security requirements
• Privacy
– Advertising data format
GAP Overview
10
Figure from: https://developer.bluetooth.org/TechnologyOverview/Pages/BLE.aspx
Generic Access Profile: BT Core specification 4.0 Volume 3 part C
11. Bluetooth LE Technology:
Security Manager Profile Overview
Security Manager Protocol
– Handles pairing and bonding
– Security parameter negotiation
– Encryption key generation and
distribution
SM Overview
11
Figure from: https://developer.bluetooth.org/TechnologyOverview/Pages/BLE.aspx
Generic Access Profile: BT Core specification 4.0 Volume 3 part C
13. Bluetooth LE Technology:
Security Principles Overview
GAP (Generic Access Profile) defines the security modes and
procedures
SM (Security Manager Protocol) defines the protocol BT ADDR : Public vs. Random
• Fixed length 48 bits (+1 bit defining Public/Random)
• Public Address is unique
• Random Address can be freely generated
• Static address does not change over time (never or only if power-cycled)
• Private address changes over time to offer additional security (Privacy)
Security modes and levels
• Defined at GAP level
• Security Mode 1 (3 levels)
• Level 1 : No security (No authentication and no
encryption)
• Level 2 : Unauthenticated pairing with encryption
(Unauthenticated = no MITM)
• Level 3 : Authenticated pairing with encryption
13
Generic Access Profile: BT Core specification 4.0 Volume 3 part C section 10.2 and 10.8
14. Bluetooth LE Technology:
Pairing and Bonding
Pairing is a three-phase procedure to establish keys to use for
an encrypted link
Pairing phase 1 allows 2 devices to exchange their
input/output capabilities, which will decide what security
scheme can be used
Phase 2 and 3 allows 2 devices to share keys that will be
used at different stages of security features
3 phases :
– Phase 1 : Pairing request & response
– Phase 2 : Pairing over SM protocol + short-term
encryption
– Phase 3 : Keys exchange + long-term encryption
Bonding devices store encryption keys for later
secure communication.
14
Security Manager: BT Core specification 4.0 Volume 3 part H section 2
15. Bluetooth LE Technology:
Pairing Process
Initiator Responder
Phase 1
Phase 3
Established LL connection
Pair ing_Request
Pair ing_Response
Pair ing over SMP
Establishment of encrypted connection with key generated in phase 2
Key Distribution
Phase 2
Key Distribution
Key Distribution
15
Security Manager: BT Core specification 4.0 Volume 3 part H section 2
16. Bluetooth LE Technology:
Pairing Algorithms
Just Works
– No key entered, suits sensors well (limited user
interface)
Passkey Entry
– Requires advanced user interface, e.g., keyboard
OOB (Out Of Band)
– Previously securely shared information that can be
used to replace the key in Passkey Entry
MITM (Man-In-The-Middle) requires Passkey Entry
or Out of Band
– OOB link need to be Man-In-The-Middle resistant (Bluetooth core spec.
Volume 3 part H, section 2.3.5.4)
16
Security Manager: BT Core specification 4.0 Volume 3 part H section 2
17. Bluetooth LE Technology:
Pairing IO Capabilities
17
Security Manager: BT Core specification 4.0 Volume 3 part H section 2
18. Bluetooth LE Technology:
Pairing Algorithms
18
Security Manager: BT Core specification 4.0 Volume 3 part H section 2
19. Bluetooth LE Technology:
Pairing Process
Just
work
Passkey
Entry
OOB
19
Security Manager: BT Core specification 4.0 Volume 3 part H section 5.3
20. NFC Technology
– NFC Forum Specification Architecture
– NFC Forum Specifications
20
21. NFC Forum Architecture:
By utilizing the key elements in existing and recognized standards like ISO/IEC 18092 and
ISO/IEC 14443-2,3,4, as well as JIS X6319-4, the NFC Forum Specifications form a technology
standard that harmonizes and extends existing contactless standards, unlocking the full
capabilities of NFC technology across the different contactless operating modes: peer-to-peer
mode, reader/writer mode, and card emulation mode.
21
22. NFC Forum Architecture
Scope for this workshop
Bluetooth Secure
Simple Pairing Using
NFC Appl. Document
NFC Forum NDEF
Technical Specification
Bluetooth Simple Secure Pairing using NFC application
document is independent of Digital and RF Analog sub
technology.
NFC Forum Connection
Handover Technical
Specification
22
23. NFC Forum Mission & Goals
• Develop standards-based Near Field Communication specifications that
define a modular architecture and interoperability parameters for NFC
devices and protocols
• Encourage the development of products using NFC Forum specifications
• Work to ensure that products claiming NFC capabilities comply with NFC
Forum specifications
• Educate consumers and enterprises globally about NFC
Specification and
Application Documents
Compliance Branding
23
25. NFC Forum Connection Handover
Specification: Terms
Specification groups devices into three terms:
1. Handover Requestor:
• NFC Forum device that initiates the handover operation
2. Handover Selector:
• NFC Forum device or NFC Forum Tag that responds to the Handover
Requestor
3. Handover Mediator:
• NFC Forum device that can facilitate connection between two other NFC-enabled
devices
Specification groups handover cases into three schemes:
1. Static Handover:
• Provision of an NDEF message to an NFC Forum device containing alternative carrier
information that may be used for further data exchange
2. Negotiated Handover:
• Exchange of NDEF messages between two NFC Forum devices to agree on one or
several alternative carriers and associated parameter set for further data exchange
3. Mediated Handover:
• Exchange of NDEF messages between two NFC-enabled devices via a third NFC Forum
device (handover mediator) to agree on one or several alternative carriers and
associated parameter set for further data exchange.
25
26. NFC Forum Connection Handover
Specification: Static Handover
Handover Requestor Handover Selector
Read NFC Forum Tag
NDEF with Handover Select record
Data exchange on, e.g. , BT-LE
26
27. The Pairing Process with the Use of NFC:
Static Handover
Case: A user purchases a headset and wants to use it with his telephone
The user does the tap
The telephone contains a
BT device and an NFC reader
The headset contains a
BT device and an NFC Tag
The telephone will start reading the NFC Tag with NFC technology.
NDEF message on Tag will contain a
Bluetooth carrier configuration data record that contains
Bluetooth address = Headset Device address
Generic access profile = Headset
Local name = “Cool Headset”
27
28. The Pairing Process with the Use of NFC:
Static Handover
Case: A user purchases a headset and wants to use it with his telephone
User is prompted on screen: “Do
you want to connect to Headset
‘Cool Headset’?”
The telephone starts
Bluetooth scanning for a
device with ‘Headset
device Address’ after it
has read the NFC tag
The headset starts
Bluetooth advertising
with its own ‘Headset
device Address’ after
the NFC Tag content is
read.
Advertising for X number of minutes
Bluetooth link is established by a simple
intuitive user interaction
28
29. The Pairing Process with the Use of NFC:
Static Handover
Case: Depending on application, the user may start or stop music by a tap
29
30. NFC Forum Connection Handover
Specification: Negotiated Handover
Handover Requestor Handover Selector
NDEF with Handover Request
NDEF with Handover Select record
NDEF with Handover Request
NDEF with Handover Select record
Data exchange on, e.g., BT-LE
30
31. The Pairing Process with the Use of NFC:
Negotiated Handover
Case: Two users want to pair their telephones
The users do the tap
The telephone contains a
BT device and a NFC Device
The headset contains a
BT device and a NFC device
The first telephone will send a Handover request message
containing a set of carrier configuration data records.
Bluetooth BR/EDR
Bluetooth LE
WLAN
Each with a set of configuration data
The second one will respond with a set of carrier configuration
data records, each with configuration data.
31
32. The Pairing Process with the Use of NFC:
Negotiated Handover
Case: Two users wants to pair their telephones
Depending on application,
the users may be
prompted to connect on
one of the common
carriers.
The Handover requestor
may change its
configuration to adopt to
the received configuration
data or send a new
request with updated
configuration
The telephone will make itself
connectable on the alternative
carrier(s)
The telephone will make itself
connectable on the alternative
carrier(s)
Connection on the alternative carrier
32
34. NFC Forum Connection Handover
Technical Specification
Revision History
Version 1.1 November 2008
– Static Handover and Negotiated Handover
Version 1.2 July 2010
– Adds LLCP message transport and collision
resolution
Version 1.3 January 2014
– Adds Mediated Handover
Version 1.3 is a superset of 1.2 and 1.2 is a superset of
version 1.1.
You only need to relate to the latest version.
34
35. NFC Forum BT SSP Using NFC
Application Document
– Objectives
– Document structure
– Record types for LE and BR/EDR
– AD and EIR data
– Mandatory and optional data types
– Bluetooth references
35
36. Bluetooth® Secure Simple Pairing
Using NFC: Objectives
Application document:
– The document is administered by the NFC Forum
– The document is jointly developed and approved by the
NFC-Forum and the Bluetooth Special Interest Group
(SIG)
What is described in the document:
– The application document only describes the Bluetooth specific
content in the “carrier configuration record” pointed to by the
alternative carrier record described in the connection handover
specification.
– Connection handover message composition is described in the
Connection Handover specification and the NDEF structure is defined
in the NFC Forum NDEF specification.
– Bluetooth data types and pairing process are described in Bluetooth
specifications
36
37. Bluetooth® Secure Simple Pairing
Using NFC: Document Structure
• Version 1.0, October 2011, contains
recommendations for BT-BR/EDR
• Version 1.1, January 2014,
recommendations for BT-LE added
Common section for BT-BR/EDR
Section only relevant for BT-BR/EDR
This section is equal to version 1.0.1 of the
document
Section only relevant for BT-LE
This sections are new to version 1.1 of the
document
Examples for Negotiated,
Static and simplified Tag Format
Different sub-sections for BR/EDR and
LE. BR/EDR examples are equal to
version 1.0.1. LE examples are new for
this version
37
38. Bluetooth® Secure Simple Pairing / LE
OOB Pairing Using NFC: Record Types
Mime types
– One Mime type defined for the NDEF record type name for Bluetooth BR/EDR
configuration data record: application/vnd.bluetooth.ep.oob
– One Mime type defined for the NDEF record type name for Bluetooth LE
configuration data record: application/vnd.bluetooth.le.oob
– Mime types defined by Internet Assigned Numbers Authority (IANA)
• http://www.iana.org/assignments/media-types/media-types.xhtml#application
– May define both BR/EDR and LE in same handover message, then need two
carrier data configuration records with different record type name
( MIME = Multipurpose Internet Mail Extensions )
38
39. Bluetooth® Secure Simple Pairing Using NFC:
AD and EIR Data
The format used in the Bluetooth configuration data record is
the Extended Inquiry Response (EIR) data format for
Bluetooth BR/EDR and the Advertising and Scan Response
Data (AD) format for Bluetooth LE.
1. The EIR and AD formats are described in Bluetooth Core
specification
2. The different EIR and AD types are described in the Bluetooth Core
specification Supplement
3. EIR and AD data types values can be found in Bluetooth Assigned
numbers
Examples of EIR and AD types are
• Local name
• Security keys
• Manufacturer data
• Appearance
EIR and AD data types are defined by Bluetooth SIG
39
40. Bluetooth® Secure Simple Pairing Using NFC:
Mandatory and Optional Configuration Data
Mandatory data types
– Some data types are defined as mandatory
– Bluetooth BR/EDR mandatory data
• Bluetooth device address
– Bluetooth LE mandatory data
• LE Bluetooth device address
• LE Role
Optional data types
– All other EIR or AD types may be included in the carrier
configuration record
– The receiver of the EIR or AD types may use or may
ignore any of the optional data types
40
41. Bluetooth® Secure Simple Pairing Using NFC:
Bluetooth References
Bluetooth core specification
– The application document refers to version 4.0
– Core specification Addendum
Bluetooth core specification Supplement
– Version v4
Bluetooth Assigned Numbers
– Values for EIR and AD data types
All specifications are free to download:
– https://www.bluetooth.org/en-us/specification/adopted-specifications
– https://www.bluetooth.org/en-us/specification/assigned-numbers
41
42. Bluetooth® Secure Simple Pairing Using NFC:
NFC Forum References
Bluetooth® Secure Simple Pairing Using NFC
Application Document
NFC Forum Connection Handover Technical
Specification
NFC Forum NFC Data Exchange Format (NDEF)
Technical Specification
All specifications are free to download:
http://nfc-forum.
org/our-work/
specifications-and-
application-documents/
specificati
ons/nfc-forum-technical-specifications/
42
44. Success Factors: Interoperability
First key to success is a good user experience across different
products
• The user must not experience that BT-pairing using NFC is
possible only for some products. E.g., possible with Vendor
A and not possible with Vendor B.
• Use NFC-Forum-compliant devices when implementing
Ensure interoperability on device level.
• Follow recommendations from the NFC Forum and the
Bluetooth Special Interest Group
The two organizations have given recommendations so
that all can implement the same way. If not, market
fragmentation will appear.
44
45. Success Factors: Interoperability
• Do interoperability testing
• In-house with different target products
• At Bluetooth UnPlugfests
• At NFC Forum Plugfests
• An NFC Forum plugfest is:
“NFC Forum Plugfest events are designed to create a safe real-world
environment where developers can verify device interaction across
product implementations. All testing is confidential.”
http://nfc-forum.org/our-work/compliance/plugfest-events/
• A Bluetooth UnPlugFest is:
“UnPlugFest (UPF) events are nonprofit interoperability testing events organized
for the benefit of Bluetooth SIG members to improve the interoperability of
Bluetooth® enabled devices. The events are held three times a year, once in each
region — Europe, Asia and North America. The UPF’s sole purpose is to improve
the interoperability of all Bluetooth enabled devices. Unreleased and
unannounced products and prototypes are tested in this confidential forum.”
https://www.bluetooth.org/en-us/news-events/upcoming-events/
testing-events/unplugfest
45
46. Success Factors: Compliance
• Do compliance testing
• End product needs to comply on all layers
• Physical layer
• Protocol levels
• No compliance > poor or no interoperability
• NFC Forum Certification Program:
• Use products that comply with the NFC Forum specifications and that
have passed certification.
• Be sure that analog test-cases pass after integration of certified parts
into end product.
http://nfc-forum.org/our-work/compliance/certification-program/
• Only use Bluetooth qualified products
https://www.bluetooth.org/en-us/test-qualification/qualification-overview
46
47. Success Factors: Use of N-Mark
• The user needs to know where to touch the devices
• The N-Mark will guide the user to where to make the tap
http://nfc-forum.org/our-work/nfc-branding/
n-mark/
47
48. Connection Handover White Paper
Just Announced!
48
• Informative guide for
developers
• Hands on tips for
using Connection
Handover
• Free download:
• http://nfc-forum.
org/connection-handover/
49. Examples of Products in the Market
– Products in the market
– New possibilities
49
51. Opportunities for Bluetooth Pairing with NFC
The Internet of Things
• Expectation for products are large
• Huge number of products will have Bluetooth Low Energy
• Huge number of products will have limited user interface
Many people find the Bluetooth pairing process to be difficult
and instruction manual must be studied or help from retailer is
needed to complete.
The combination of NFC and Bluetooth offers the user an
simple and intuitive method to initiate the pairing.
• Just tap the N-marks together and follow instructions
on the screen.
Opportunity: Every product that contains a Bluetooth link
aimed for pairing.
51
52. Opportunities for Bluetooth LE Pairing with
NFC
Opportunities
• Activity trackers
• Toys
• Advanced sport equipment
• Industrial sensors
• Watches
• Gaming
• Healthcare
• PC Peripherals
• Automation
• Mobile accessories
• …..
• ….
52
54. Windows 8 and Android Support
• Windows 8.1 supports connection handover to Bluetooth
• Many Android phones with NFC and Bluetooth support
connection handover to Bluetooth
Recommendation for connection handover to Bluetooth LE
released Q1/2014
54
55. Windows 8 and Android Support
• Windows 8.1 supports connection handover to Bluetooth
• Many Android phones with NFC and Bluetooth support
connection handover to Bluetooth
Recommendation for connection handover to Bluetooth LE
released Q1/2014
55
56. Questions and Answers
– 20 minutes Q&A period
– You may also visit:
– http://nfc-forum.org/what-is-nfc/resources/
– http://nfc-forum.org/contact-us/
56