Figure 10.2 LAN with access points and central secure access server.

10.2.4 Initial connection

Once the DT has got the service ID and pass-key configuration, it will be able to connect to the network. This can be done in several different ways. We will give a sample procedure. It is a rough description of the protocol and interactions with the network, and the details are left out. Figure 10.3 illustrates the different actions.

Below, the different steps are outlined:

1.The DT connects to the NAcP using the Bluetooth inquiry/paging procedure.

2.The DT acts as a service discovery protocol (SDP) client and searches for the LAN access service record on the NAcP. The DT receives the service ID of the LAN service provider. The NAcP may perform a similar service discovery sequence on the DT to obtain the DT ID.

3.The DT checks that it knows the service ID received over the SDP protocol. Otherwise, the DT interrupts the connection procedure.

4.The DT asks the internal service database for the pass-key corresponding to the service ID.

5.The corresponding pass-key in the internal database is returned to the DT.

6.The NAcP uses a dedicated protocol to send the public key of the network together with the alias address of the network to the DT. The alias address is needed by the DT in order to look up the correct link key for authentication of the access points at the Bluetooth link level.

7.The DT validates the DH value that it receives using the pass-key it found in step 5 (see Section 8.5 for the details).

2.Service discovery sequence

3.Service ID validation

4.Pass-key request

(service ID)

5. Pass-key

DT service database

6.Server public key + network alias

7.DH key validation

8.DT public key + encrypted pass-key + [alias address]

9.DT parameters

10.Derive link_key/

12. Derive link key

Access server

13. Store link key and

14. Store link key DT device or alias address and network alias

DT key database

15.Authentication

16.Encrypted link

Figure 10.3 Initial connection to the access network.

8.The DT sends its own public DH key together with an encrypted pass-key and optionally an alias address (if the DT wants to be anonymous) to the NAcP.

9.The NAcP connects to the access server through a secure connection and sends the parameters it received in step 8 together with the DT ID to the access server.

10.The access server derives the DH shared secret, decrypts the pass-key, and verifies it against the pass-key value corresponding to the received

DT ID, which is stored in its database. The access server derives a Bluetooth link key from the DH shared secret.

11.The access server returns the link key derived in step 10 to the NAcP.

12.The DT also calculates the DH shared secret and derives a link key from it.

13.The access server stores the new link key together with the DT Bluetooth address (fixed or alias) in its database.

14.The DT stores the new link key as a CAK together with the network alias address in the DT key database.

15.The DT and NAcP perform a mutual baseband authentication using the newly derived link key.

16.Optionally the Bluetooth link is encrypted.

Through the procedure described above, both the network and the DT are equipped with the necessary security parameters for making subsequent access to the network quick and convenient.

10.2.5 Subsequent access to NAcPs

Finally, we describe how subsequent access can be made securely and efficiently using the CAK and alias authentication. The procedure works fine for the DT with both security mode 2 and security mode 3. For subsequent access, the NAcPs could also use security mode 3. However, security mode 3 does not work well with the initial access procedure, and security mode 2 is the preferred mode of operation for the NAcPs. If the DT connects to the LAN for the fist time, authentication and encryption are performed according to the description in Section 10.2.4. For all other cases, the procedure is as described in Figure 10.4.

Below, the different steps of the secure connection establishment are outlined:

1.The DT connects to the NAcP using the Bluetooth inquiry/paging procedure.

2.The NAcP sends its alias address to the DT through a dedicated LM command (see Section 8.5 in Chapter 8 for the details).

3.The DT optionally (if it is anonymous) also sends its alias address to the NAcP.

4.The DT uses the alias address to find the right CAK in its key database.

5.The DT finds the link key (CAK) to use for the connection.

2.Alias address

3.Alias address

4.Link key request

(alias address)

5. Link key

Access server

8.Authentication

9.Encrypted link

Figure 10.4 Subsequent access to the network.

6.The NAcP connects to the access server through a secure connection and requests the link key for the received device or alias address.

7.The access server finds the requested link key and returns the link to the NAcP.

8.The DT and NAcP perform a mutual baseband authentication using the found link key.

9.Optionally, the Bluetooth link is encrypted.

The procedure described above completes the secure connection establishment between the DT and the NAcP. If the DT runs in anonymous mode, it may also choose to update its alias address after authentication and encryption are enabled. Then the NAcP must send the updated alias address to the access server. The NAcP, on the other hand, does not have any anonymity requirement and can always keep the same alias.

The procedure in Figure 10.4 can be repeated whenever the DT moves and would like to connect to a new NAcP. In this way, secure roaming between access points is achieved.