In 2017, a security company discovered that hackers were using smart fish tanks to steal critical data. These fish tanks are equipped with intelligent sensors connected to the network, originally used to monitor data such as water temperature and tank cleanliness. Hackers successfully infiltrated the fish tank sensor network, stole a large amount of data, and sent the data to designated locations, causing significant economic and other losses to the enterprise where the fish tank is located. Therefore, data security in the Internet of Things is particularly important.
The Bluetooth communication protocol is often used as an IoT communication protocol and applied in various IoT scenarios. Bluetooth data can be captured through air packet capture, so it needs to be encrypted before sending. Even if someone intercepts the encrypted data, they cannot recognize and use it.
At present, most low-power Bluetooth BLE products on the market have AES encryption function. AES (Advanced Encryption Standard) is a standard for symmetric encryption algorithms, mainly used to protect the security of electronic data. AES supports key lengths of 128, 192, and 256 bits, with AES-128 being the most commonly used, which uses a 128 bit (16 byte) key for encryption and decryption operations. AES belongs to block ciphers, which operate on 128 bit (16 byte) data blocks at a time.
Below is a brief understanding of the AES encryption principle
Encryption process: The encrypted data A needs to be processed with a certain algorithm using the key KEY to obtain the encrypted data B.
Decryption process: Decryption is exactly the opposite of encryption. By performing a certain inverse operation algorithm on the encrypted data B and the key KEY, the pre encrypted data A can be obtained.
Therefore, when BLE connects to exchange data, plaintext data can be encrypted to ensure data confidentiality and resist attackers. Confidentiality refers to the inability of third-party attackers to intercept, decipher, or read the original content of a message due to the lack of a shared key for the encrypted link.
Two AES encryption forms for Bluetooth
Hardware support: Some Bluetooth chips integrate AES encryption modules during hardware design, which can directly support AES encryption function.
Software support: For Bluetooth chips without a hardware AES encryption module, AES encryption can be implemented through software. However, this approach may increase the power consumption and cost of the chip, and the encryption performance may not be as good as hardware encryption.
In addition to AES, some Bluetooth modules have a Random Number Generator. This function can be implemented through software or hardware. The main advantages are reflected in:
In terms of ensuring communication security, a random number generator can output non repeating and randomly varying numerical values. These values are the foundation for building multiple security mechanisms, such as authentication and encryption processes, which significantly enhance the security of Bluetooth communication.
In the competitive response mechanism, the random number generator also plays a key role. It ensures that when multiple devices compete for the same resource, access rights can be allocated based on fair and random principles, effectively avoiding communication conflicts and congestion.
Meanwhile, the random number generator can effectively defend against replay attacks. By introducing random numbers generated by a random number generator as timestamps or sequence numbers, the system can identify and reject old messages that are reused, thereby preventing attackers from exploiting historical information for fraud.
In addition, the random number generator can also be used to generate network keys and session keys in Bluetooth networks, which are used to protect network layer communication and upper layer transport layer data security.
The HY-2340 series module uses AES encryption with a 128 bit key. The main control chip CC2340 integrates AES-128 encryption module and random number generator module, resulting in lower overall power consumption, better encryption effect, and higher security of the module. The HY-2340 series module security design enables it to be applied in various fields with higher security requirements, such as wearables, medical devices, automobiles, etc.
