低功耗蓝牙加密和数据安全 [英] Bluetooth Low Energy encryption and data safety
问题描述
我需要通过智能手机(iOS 和 Android)和嵌入式设备(CC2540 芯片)之间的低功耗蓝牙 (BLE) 数据连接发送一些敏感数据.
I need to send some sensitive data over a Bluetooth Low Energy (BLE) data connection between a smartphone (iOS & Android) and an embedded device (CC2540 chip).
由于我不认为手机上的应用程序代码不会被黑客入侵,因此我需要依靠 BLE 安全性将我的加密包一次又一次地从服务器传送到设备(我必须假设任何第二次尝试递送包裹,都必须来自攻击者).
Since I don't consider the app-code on the phones to be safe from hacking, I need to rely on BLE safety to get my encrypted package delivered from the server to the device once and once only (I must assume that any second attempt to deliver the package, must be from an attacker).
我已经浏览了几天的网络,想了解我的数据是否安全,以及在什么条件下.很遗憾,我无法对我的问题给出简单的答案.
I have been browsing the net a few days now, to find out if my data is safe, and under which conditions. Unfortunately I haven't been able to come up with a simple answer to my questions.
如果我将手机与设备配对,我的数据是否安全?- 我想是的,尽管我知道配对过程本身存在缺陷,因此理论上某些中间人 (MITM) 可能会在配对过程中嗅探加密密钥,从而破坏连接.
Is my data safe if I pair the phone to the device? - I suppose so, though I understand that the pairing process itself is flawed, so it is theoretically possible for some man-in-the-middle (MITM) to sniff the encryption keys during the pairing process and thus compromise the connection.
我需要将每台设备与多部手机配对(但一次只能与一部手机进行通信).pr的最大配对数是多少?设备?- 不幸的是,我需要将大量手机与我的设备配对.
I need each device to be paired to several phones (but only communicating to one at a time). What's the maximum number of pairings pr. device? - unfortunately I need to pair a rather large number of phones to my device(s).
我能否从设备获取配对数据(长期密钥等)并将其存储在某个外部存储器中,以增加此限制.
Can I perhaps get the pairing data (Long term keys etc.) from the device and store it on some external memory, to increase this limit.
我能否在不配对的情况下与设备建立安全的数据连接,或者在需要时重新配对?- 对于 MITM 攻击,此程序的安全性如何?
Can I make a safe data connection to the device without pairing, or maybe by re-pairing when I need to do so? - How safe is this procedure with regards to MITM attacks?
我似乎找不到任何可以明确回答这些问题的文档.任何想法或指示将是最受欢迎的.
I can't seem to find any documents that answer these questions unambiguously. Any ideas or pointers will be most welcome.
推荐答案
这是我的两分钱:
AFAIK,BLE 配对/加密过程没有缺陷.然而,加密提供了三个级别的 MITM 保护:
AFAIK, BLE pairing/encryption process is not flawed. There are however three levels of MITM protection available with encryption:
- 无,这使用已知密钥 == 0,因此如果窃听者在配对过程中捕获了您的所有数据包,他可以跟踪您的加密连接.
- 低 MITM 保护,这是当您使用用户输入的密钥进行配对时,密钥 <1.000.000.在这里,窃听者只需要尝试一百万个密钥.
- 高 MITM 保护,使用带外密钥.这将为您的加密提供完整的 128 位强度,窃听者需要知道密钥才能跟踪对话,即使捕获了整个配对过程.由于 BLE 中没有密钥交换方法(至少目前是这样),这里最薄弱的一点是密钥分发,但这与在应用程序级别具有额外加密层时存在相同的问题.
这取决于实现.您的设备不必绑定,即与主机建立永久关系.如果设备没有绑定,则没有状态说明早期连接(交换数据除外,但这是应用程序域,而不是 BLE 堆栈).如果设备未绑定,则它们在下次连接以交换受保护数据时必须再次配对.如果设备已绑定,则无需应用程序/用户交互即可继续加密连接,安全级别与之前相同.对于一次性连接的设备,绑定没有意义,因此您可以进行无状态实现,对连接的设备数量没有限制.对于多次连接,您还可以有一个无状态的实现,这取决于您如何分发/存储密钥,然后独立于 BLE.不过,此处不同选项的可用性取决于您使用的设备/BLE 堆栈实现,但规范允许所有这些.
This is implementation dependant. Your device doesn't have to bond, i.e. establish a permanent relationship with the host. If the devices don't bond, there is no state telling about earlier connections (other than exchanged data, but that is application domain, not BLE stack). If the devices are not bonded, they would have to pair again the next time they connect to exchange protected data. If the devices are bonded, the encrypted connection can be continued without app/user interaction, with the same security level as earlier. For one-time-connect devices, bonding doesn't make sense, so you can have a stateless implementation with no restrictions on number of connected devices. For multiple-times-connect, you could also have a stateless implementation, depending on how you distribute/store the key(s) which is then independent of BLE. The availability of the different options here depends on the device/BLE stack implementation you are using, though, but the spec allows all this.
如果您绑定并交换长期密钥等,这些可以根据您正在构建的 BLE 实现,以您喜欢的方式存储.
If you bond and thus exchange long term keys etc, these can, dependent on the BLE implementation you're building on, be stored however you like.
正如我在 2. 中所说的,您无需绑定即可建立安全(加密)的连接.下次设备要建立安全连接时,它们需要再次配对.如果您出于某种原因不想/无法配对,那么您只能进行明文通信.
As I said under 2., you can establish a secure (encrypted) connection without bonding. The devices then need to pair again the next time they want to establish a secure connection. If you don't want to/aren't able to pair for some reason, then you can have only plaintext communication.
这篇关于低功耗蓝牙加密和数据安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
