3 Ways Bluetooth Mesh is
Inherently Secure

Security is a reoccurring concern with new and even existing technologies, especially as we draw closer to the Internet of Things (IoT). Benefits like flexibility, energy efficiency, and interoperability are moot if user and provider data is at risk. While most technologies boast enhanced levels of security, what does that mean in a Bluetooth mesh network?

Security is at the heart of the Bluetooth® mesh networking design, and its use is mandatory with every packet encrypted and authenticated. In most Bluetooth technology applications, you can customize your network security when developing your product, which is common when only a single device connection is used. However, since a Bluetooth mesh network is built on tens, hundreds, or even thousands of devices communicating with one another, security of the entire network requires additional measures and methods.

Multi-Layer Security

Security in Bluetooth mesh protects your network against various threats and issues on multiple layers. These include replay attacks, which are prevented by judicious use of sequence numbers; man-in-the-middle attacks, which are protected against by using asymmetrical cryptography, such as the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol, during important procedures; and protection against trash-can attacks from discarded devices by ensuring security keys get refreshed when necessary. 

Bluetooth mesh is the only network topology built around mandatory security keys, which secure the network at multiple layers of the stack. 

  • The device key (DevKey) authorizes you to provision and configure a node so you can add devices to your network
  • Application keys (AppKeys), unique to Bluetooth mesh, allow you to secure messages relating to specific applications, such as lighting, physical security, heating, etc. 
  • Network keys (NetKeys) apply to all messages on the network so that nodes can securely communicate with one another

Blacklisting Potential Threats

If a node is removed from a Bluetooth mesh network, the device and keys it contains cannot be used to mount an attack. You can add that node to a blacklist, which keeps it from receiving new security keys during a key refresh. As such, a node that was removed from the network, which contains old security keys, is no longer a member of the network; it poses no threat and can’t be used for trashcan attacks.

Security is at the heart of the Bluetooth mesh networking design, and its use is mandatory with every packet encrypted and authenticated.

Redundancies on Multiple Fronts

In a replay attack, eavesdroppers will intercept and capture one or more messages for retransmission later. This can trick the recipient into performing actions from an unauthorized device. A commonly cited example is a car’s keyless entry system that is compromised when the authentication sequence is intercepted and later the message is replayed to gain entry to the car.

To prevent replay attacks, a Bluetooth mesh network uses two network PDU fields: the sequence number (SEQ) and IV Index. The SEQ value is incremented every time a message is published. A node will discard any message with SEQ value less than or equal to that of the last valid message, as it could relate to a replay attack. Similarly, IV Index values within a message must always be equal to or greater than the last valid message from its source. This security redundancy provides an added level of protection.

Reliable, Secure Connections

The IoT is fast becoming a reality. From beacons to wireless lighting platforms, we are already seeing the initial phases of IoT deployment. The demand for reliable, scalable, and secure wireless connections is paramount to supporting the next evolution of IoT solutions. Only Bluetooth mesh offers the industrial-grade, government-grade, multi-layer security that the IoT demands.

For an in-depth look at Bluetooth mesh cryptography tools, check out the Bluetooth Mesh Security Overview.


What Makes Bluetooth Mesh So Disruptive?

The behind-the-scenes story of the making of Bluetooth mesh

Watch our on-demand webinar to discover how Bluetooth mesh is disrupting building automation, wireless sensor networks, asset tracking, and more.


Related Resources

Silvair and the city of Jaworzno introduce innovative wireless lighting control technology

The modernization of the lighting control system in Poland is one of the first…

  • SIG Member

Bluetooth Mesh - Putting the Smart in Smart Buildings

Technical Program Manager, Martin Woolley presents at the India Electronics Show 2018.

Illuminating Buildings and More - The Roadmap for Bluetooth Mesh

Szymon Slupik discusses how to create a Bluetooth mesh lighting control network that also covers a wide range of applications beyond lighting.

Bluetooth Mesh for Lighting and Beyond - Lessons Learned from First Real-Life Implementations

Rafal Han, CEO and co-founder of Silvair, shares lessons learned from the first commercial implementation.

The Power of Blue - Mesh and IoT

Blane Goettle, from McWong International, speaks about Bluetooth mesh as the IoT platform.

Bluetooth Mesh: Paving the Way for Smart Lighting

Discover how this innovative technology can turn wireless connectivity into a smart lighting wireless platform.

Top Pet Retailer Boosts Customer Engagement with Bluetooth Low Energy

By virtualizing Bluetooth Low Energy beacons and engaging state of the art machine learning,…

  • SIG Member

Mist Enables New Wireless Experiences at Premier Shopping Centre

Shopping center equipped with virtual Bluetooth beacons enables retailers to interact with visitors using…

  • SIG Member

Bluetooth and Wi-Fi – The Industry Re-examined

In this podcast from Mr. Beacon, hear from Mist CTO about the state of…

  • SIG Member