
Everybody is concerned about security today. Bluetooth with the advent of mesh networking and 5.0 has been designed with security as the foremost priority. Currently Bluetooth Low Energy (LE), GATT devices can provide a range of security implementations that are specified in the Bluetooth core specifications. Mesh Bluetooth security is focused on the security of more than individual devices or peer connections, it is concerned with the security of the entire ecosystem.
The basic security framework includes the following:
- Mesh messages are encrypted and authenticated
- Subnets of the mesh network can be provided with each cryptographically distinct and secure from each other.
- Security keys can be changed via a key refresh procedure.
- Obfuscation of messages makes it difficult to track messages and provides privacy node protection
- Replay attack protection is provided.
- Nodes can be eliminated from the network of which eliminates trashcan attacks
- Secure Device provisioning is provided.
Two cryptographic security functions are used in the Bluetooth mesh stack
AES CMAC and AES-CCM
Cipher based Message Authentication Code (CMAC) is an algorithm which can generate a fixed length, 128 bit message authentication value for any variable length input.
AES-CCM is a generic authenticated encryption algorithm, which is intended for use with cryptographic clock ciphers. In the Bluetooth mesh specification, AES-CCM is used as the fundamental encryption and authentication methodology.