Information Technology Reference
4.1 Security levels
When two Bluetooth devices connect each other for the first time, both are able
to determine if the other one is reliable or not. A reliable (trusted) device have
access to all services and it is said to have a fixed relationship. An unreliable
(untrusted) device has a temporary relationship and has limited access to
services. Regarding the security services there are three levels [Mull]:
Services that require authentication and authorization : access is
automatically granted to the trusted device, while the not-trusted devices
must pass the authentication procedure.
Services that require authentication only : authorization is not required.
Services that are open to all devices : To ensure that the access is guar-
anteed and the devices do not require any form of authentication.
The security level of a service, in addition to authentication and authoriza-
tion, uses an extra attribute: encryption. In this, before access is granted, the
link should be sent in encrypted mode. This type of information with regard to
the services stored in the database of the security manager. If you have not
defined any level of security, then the default one is that one active: it requires
authentication and authorization for inbound connections, and only authentica-
tion for the outgoing connections. In general, the access granting to a service
does not guarantee access to other services on the same device and does not
automatically guarantee future or uncontrolled access on the same service on
the same device. Bluetooth General Access Profile ranks security in three ways
that affect the functionality and applications of a device:
Non-secure mode : no measure of security on the device has been
initialized and the safety function of the link level has been bypassed. In
this way the device works faster and consumes less energy. This mode is
used in applications where security is not strictly necessary.
Service-level Security Enforced Mode : A device starts the security
procedure only after the channel choice on the Logical Link Control and
Adaptation Protocol (L2CAP). In this mode applications with different
security requirements can coexist simultaneously in the run state. This
method thus provides flexibility between different types of applications.
Link-level Security Enforcement Mode : The device initializes the security
procedures at the lowest level of the protocol, before completing the link-
level on the Link Manager Protocol (LMP). Once the channel has been
established, a safe physical connection between devices is created. This
mode is used in critical applications where security is essential.
The methods for user authentication and for encryption of transmitted
information are set in the heart of the security specifications of the Bluetooth.