Wireless Computing
[an error occurred while processing this directive]

Introduction to Wireless

Wireless Technologies


Network Security



Valid XHTML 1.0!

Bluetooth Security

Security Basics - 802.11 - 802.11 Solutions - Bluetooth

Like 802.11 security, Bluetooth is not meant to be an end-to-end security protocol, but actually only a means of security for the wireless portions of the network.

Bluetooth features three security modes:

  • Security Mode 1: Nonsecure: In nonsecure mode, a device will not initiate security procedures and authentication and encryption are completely bypassed.
  • Security Mode 2: Service-level enforced security: In this mode, security procedures are begun after channels are established at the Logical Link Control and Adaptation Protocol level. A security manager controls access to different services and devices by using policies and “trust” levels.
  • Security Mode 3: Link-level security: In mode 3, a device starts security procedures before channel establishment. Authentication, both unidirectional and mutual, and encryption are both supported, through the use of a secret link key between devices. The link key is generated the first time two devices communicate.

Link key generation:

Two devices communicating for the first time will go through an initialization phase; they will be “associated” at that point. The link key generation begins when the user enters identical PINs into both devices, which the devices use to generate their secret link keys. One of Bluetooth's security strengths is that in subsequent communications between devices, the link key is never transmitted outside of the device; the link key is simply used in cryptographic algorithms to generate matching sequences.


In Bluetooth, authentication is achieved through a challenge-response scheme whose purpose is to verify that the device requesting access has knowledge of the secret link key. The requesting device first sends its unique device address to the verifying device. The verifying device then sends a 128-bit random challenge from a random number generator. both devices use the E1 algorithm on the random challenge, the device address, and the link key to yield a 32-bit result. The verifier then compares the two results and authenticates the requesting device if the results match.

authentication with bluetooth

Bluetooth blocks repeated link key-cracking attempts by exponentially increasing the amount of time mandated between attempts. This technique fails against attackers who perform offline attacks to search the space of all PINs.


Bluetooth encrypts its data transmissions with a stream cipher called E0. The key stream used is generated through an algorithm that takes the following values as input: the device address, a random number, a slot number, and an encryption key. The encryption key is produced from an internal key generator that takes as input: the link key, a random number, and a value from the authentication procedure. The key stream used to encrypt each data packet changes on a per-packet basis because the slot number is different each time, but all other variables remain static.

encryption with bluetooth

Top of page