36 |
Bluetooth Security |
next packet. During this time (and, in principle, also during the 72 + 54 µs of plaintext access code and packet header), the payload key initialization can be run without interfering with the encryption or decryption process. The principle is shown in Figure 2.4.
2.4.4Unicast and broadcast
Broadcast encryption poses a slight problem due to the point-to-point paradigm used in Bluetooth. In principle, apart from itself, a slave device is only aware of the piconet master. Thus the slave has no security bonding to other slave members. Specifically, each link in the piconet uses different encryption keys, since they are all based on their respective link keys. If the master would like to send an encrypted message to all its slaves, it can do this using individually addressed messages (also known as unicast messages) which will introduce unnecessary overhead. A better alternative is for the master to change all link keys to a temporary key, the master key. Based on this, all devices are able to generate a common encryption key that can be used in broadcast transmissions that address all slaves simultaneously.
One drawback with this approach is that mixing secure unicast traffic and secure broadcast traffic is not possible. The user must settle for one of these at a time. The reason is in the packet structure and required initialization time for the payload key. A broadcast message is identified from the all-zero LT_ADDR, while unicast messages have nonzero LT_ADDR. This 3-bit address field is part of the payload header. Not until this information has been received and interpreted can the receiver decide whether the payload key should be based on the encryption key used for unicast or broadcast traffic. By then, there is far too little time (less than 48 µs) to generate the payload key before the packet payload is being received unless very fast hardware (i.e., involving high clock frequency) is used. This, however, would put unrealistic requirements on the ciphering hardware and increase cost as well as power consumption. It is, of course,
Run stream cipher |
Initialize key stream generator |
|
|
|
|
|
|
|
|
. . . |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Slot |
k |
Guard |
k + 1 |
|
k + 2 |
|
k + 3 |
|
number |
|
|
||||||
|
|
|
|
|
|
|
||
space
Figure 2.4 Operation of the encryption machinery.