Bluetooth Security

This is an area where the support from the Bluetooth stacks varies the most; some stacks support many security features and some hardly any. Most have support for actively requesting a bonding/pairing, but support for responding to a pairing request it less widespread.

Most of this applies to traditional Bluetooth pairing. Only the Microsoft stack on Windows 7 (and Vista+ServicePack) support the new Bluetooth v2.1 Secure Simple Pairing (SSP) feature. See below. SS1 Bluetopia apparently supports it but I've no device with v2.1 hardware.

Note that authentication/encryption is required for Bluetooth v2.1 connections. Thus even if one is connecting to a service that does not itself require authentication -- for instance the default OBEX server -- then authentication will be required. Thus in most cases you'll need to handle authentication, so on Win32 with the built-in Microsoft Bluetooth stack (which is the only platform that has a useable Secure Simple Pairing interface) then use BluetoothWin32Authentication with a callback function, and if creating an application that for instance sends adverts to all passing devices then just have the callback respond with e.Confirm=true. On a application with a UI then prompt the user before confirming, see below.

PairRequest & RemoveDevice

Firstly there is a facility to actively request a bond. The method is BluetoothSecurity.PairRequest(BluetoothAddress device, string pin). It is supported on most platforms: MSFT+Win32, MSFT+WM, Widcomm+both, and Bluetopia. It is not currently working on BlueSoleil. Contact me if you need that support.

The corresponding method to delete a bonding is BluetoothSecurity.RemoveDevice(BluetoothAddress device).

BluetoothClient and Listener -- responding to security required

Then we support the facility to specify a passphrase/pin that will be used when connecting with BluetoothClient/Listener if bonding is required (i.e. passively). This is the area where the support from the Bluetooth stacks varies the most, some stacks support many security features and some hardly any. Thus the support we can provide varies per platform.

On BluetoothClient we support SetPin(string pin) on MSFT+WM and on MSFT+Win32 (with some ‘behind the scenes’ complexity on the latter) and on Bluetopia. There is no support for this feature in the Widcomm API, we’ve tried implementing a solution but it will likely not work for general usage. Let me know if it works for you. There is also method SetPin(BluetoothAddress device, string pin), support for it is implemented on the two MSFT platforms only. (Note: The MSDN CE/WM documentation is slightly ambiguous and it’s not 100% clear that specifying the remote address there restricts the use of the pin to that device).

We’d like to provide similar support on BluetoothListener. However the lack of support from the platform APIs makes implementation even more difficult if not impossible there. We support SetPin(BluetoothAddress device, string pin), on the two MSFT platforms currently. It is best in that case to handle the authentication request event if available on your platform, see below.

Pairing events

Some platforms support raising an event to allow the program to respond to authentication events. This is useable on MSFT+Win32 stack. Support for it is in class BluetoothWin32Authentication, it is used internally by BluetoothClient but can be used directly by user code. It operates in two modes, firstly if an address and pin are specified it will then automatically respond if that device requires bonding, in the second mode a callback event is raised to user code when any device requires bonding. See the class documentation for examples and more information. It is useable for both traditional pairing and for v2.1 SSP.

There are five other methods on BluetoothSecurity, they are CE/WE only and apparently are for callback based bonding -- but are really only usable by CE system builders.

Support is possible on BlueSoleil and Bluetopia but is not implemented. Contact me if you need that support.

Secure Simple Pairing (SSP)

Only with the Microsoft stack on Windows 7 (and Vista+ServicePack) is there support for the new Bluetooth v2.1 Secure Simple Pairing (SSP). (Bluetopia apparently supports it but I've no device with v2.1 hardware).

The PairRequest function will initiate a pairing. To respond to/complete SSP pairings programatically one needs to use class BluetoothWin32Authentication, see BluetoothWin32Authentication. SetPin on BtCli/Lsnr will not handle SSP.

Version changes in SetPin

Historically we’ve had some changes over different versions in these two classes (for the MSFT support):

BluetoothClient v2.4 Widcomm v2.3 v2.2
Pin property n/a n/a n/a
SetPin(string pin) kind-of… ✔— when connected ✘— when not (NRE)
SetPin(BluetoothAddress device, string pin) ✔ — CE/WM ✘ — Win32


BluetoothListener v2.4 Widcomm v2.3 v2.2
SetPin(string pin) ✘ (NullRefEx)
SetPin(BluetoothAddress device, string pin)

Last edited Oct 5, 2011 at 8:59 AM by alanjmcf, version 17

Comments

ecching Sep 19 at 7:39 PM 
hi allan, i've seen your comments where you said to use pairrequest (bluetoothaddress, nothing) but when i do this using windows mobile i get an exception of value of null is not valid. i need to pair a serial device that don't have a pin. i am using inthehand 3.4. is there a class similar to bluetoothwin32authentication.