Should one create a bond with a Bluetooth LE device

by

Short answer: the correct, common, and reliable scenario is to bond. Bonding means the connection is secure and the link is trusted. It means that your local device will usually find the remote device even if its address is changing. Pairing/bonding is recommended practice in Bluetooth for security and privacy reasons.

Long answer: since its introduction, incremental versions of the Bluetooth spec have added features to improve the security and privacy of Bluetooth devices. Many devices will not allow you to exchange data or properly track them unless you are paired/bonded (The difference between bonding and pairing is that with bonding, the exchanged keys are stored in the database.)

In Bluetooth Low Energy, the pairing/bonding process consists of three stages:-

Phase 1 – Pairing Feature Exchange

The two connected devices exchange their IO capabilities (e.g. does the device have a keyboard), authentication requirements (e.g. to bond or not to bond) and supported key sizes.

Phase 2 – Authentication and Encryption

Using encryption algorithms a key is generated and used to encrypt the link (this is different for legacy and LESC pairing, but it is beyond the scope of this question).

Phase 3 – Key distribution

Several keys are exchanged between the devices including the CSRK (Connection Signature Resolving Key), the IRK (Identity Resolving Key) and the static address.

Of particular importance to your question is the IRK and the address. Since Bluetooth v4.0, a feature known as LE Privacy allowed the device to continuously change its address to reduce its track-ability. Malicious devices would not be able to track the device implementing this feature, as it actually looks like a series of different devices. In order to resolve the address, the devices need to be previously paired/bonded. If the remote device contains the IRK then it can use that and the random resolvable address to derive the Bluetooth device’s original address.

So, going over your criteria:-

  • The Bluetooth device is used frequently, but not continuously.

If you are going to disconnect/reconnect frequently, you can pair once with the device and store the keys (i.e. bond). Pairing is no longer needed afterwards as the same keys will be used to encrypt the connection upon disconnection/reconnection.

  • Reconnecting should happen as fast as possible

Connection and bonding are two different things. It will take the same amount of time to reconnect regardless of bonding being implemented. However, once the devices are reconnected, it will take some time for the connection to be re-encrypted.

  • Bluetooth address changes randomly when the device is powered down

This means that the device is utilising the LE privacy feature. Therefore your device should be bonded with it in order to resolve the private resolvable address.

  • The device’s name is unknown, null or random

This is usually the case with BLE. The devices are usually identifiable via their address. As such if your devices have previously bonded you will be able to resolve the changing address and identify the remote device.

  • The connection is encrypted

You cannot achieve an encrypted connection without pairing first (as per the 3 phases above). With bonding you are storing the keys in your database, therefore ensuring that you can use them in the future to re-encrypt the connection without having to go over the pairing phases.

  • The connection uses an overlying API that requires a Bluetooth Device
    as parameter for connection.

I am not sure what this means, but is irrelevant to the requirement for bonding.

For further reading on the subject, I recommend visiting the Bluetooth Specification Version 5.0, Vol 3, Part H, Section 2 Security Manager (page 2295)

More Related Contents:

  1. Android 4.3 Bluetooth Low Energy unstable
  2. Bluetooth Low Energy startScan on Android 6.0 does not find devices
  3. Location needs to be enabled for Bluetooth Low Energy Scanning on Android 6.0
  4. How to programmatically force bluetooth low energy service discovery on Android without using cache
  5. Android BLE API: GATT Notification not received
  6. Estimating beacon proximity/distance based on RSSI – Bluetooth LE
  7. Find all Bluetooth devices (headsets, phones etc) nearby, without forcing the devices in discoverable mode
  8. Which correct flag of autoConnect in connectGatt of BLE?
  9. Can an Android device act as an iBeacon?
  10. How many devices we can pair via Bluetooth of BLE to Android?
  11. Android sample bluetooth code to send a simple string via bluetooth
  12. Using the Android RecognizerIntent with a bluetooth headset
  13. Xamarin.Forms ListView: Set the highlight color of a tapped item
  14. How do I use SharedPreferences in Xamarin.Android?
  15. App not run in visual studio emulator for android in visual studio 2015
  16. How to receive serial data using android bluetooth
  17. Bluetooth and WIFI Printing for Android
  18. Multiple bluetooth connection
  19. Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE] even if app appears to not be installed
  20. How to get the battery level after connect to the BLE device?
  21. How to get bluetooth connected devices using BluetoothHeadset API
  22. Android 12 New Bluetooth Permissions
  23. How to unpair bluetooth device using android 2.1 sdk
  24. Android 2.1: How do I poll the RSSI value of an existing Bluetooth connection?
  25. Specifying a link key in android without pairing
  26. BLE obtain uuid encoded in advertising packet
  27. How to find the UUID of serial port Bluetooth device?
  28. Xamarin Android issue connecting via HTTPS to site with self-signed certificate: “Trust anchor for certification path not found.”
  29. GridLayoutManager – how to auto fit columns?
  30. getBluetoothService called with no BluetoothManagerCallback

Leave a Comment