Security is a reoccurring concern with new and even existing technologies, especially as we draw closer to the Internet of Things (IoT). Benefits like flexibility, energy efficiency, and interoperability are moot if user and provider data is at risk. While most technologies boast enhanced levels of security, what does that mean in a Bluetooth mesh network?

Security is at the heart of the Bluetooth® mesh networking design, and its use is mandatory with every packet encrypted and authenticated. In most Bluetooth technology applications, you can customize your network security when developing your product, which is common when only a single device connection is used. However, since a Bluetooth mesh network is built on tens, hundreds, or even thousands of devices communicating with one another, security of the entire network requires additional measures and methods.

Multi-Layer Security

Security in Bluetooth mesh protects your network against various threats and issues on multiple layers. These include replay attacks, which are prevented by judicious use of sequence numbers; man-in-the-middle attacks, which are protected against by using asymmetrical cryptography, such as the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol, during important procedures; and protection against trash-can attacks from discarded devices by ensuring security keys get refreshed when necessary. 

Bluetooth mesh is the only network topology built around mandatory security keys, which secure the network at multiple layers of the stack. 

  • The device key (DevKey) authorizes you to provision and configure a node so you can add devices to your network
  • Application keys (AppKeys), unique to Bluetooth mesh, allow you to secure messages relating to specific applications, such as lighting, physical security, heating, etc. 
  • Network keys (NetKeys) apply to all messages on the network so that nodes can securely communicate with one another

Blacklisting Potential Threats

If a node is removed from a Bluetooth mesh network, the device and keys it contains cannot be used to mount an attack. You can add that node to a blacklist, which keeps it from receiving new security keys during a key refresh. As such, a node that was removed from the network, which contains old security keys, is no longer a member of the network; it poses no threat and can’t be used for trashcan attacks.

Security is at the heart of the Bluetooth mesh networking design, and its use is mandatory with every packet encrypted and authenticated.

Redundancies on Multiple Fronts

In a replay attack, eavesdroppers will intercept and capture one or more messages for retransmission later. This can trick the recipient into performing actions from an unauthorized device. A commonly cited example is a car’s keyless entry system that is compromised when the authentication sequence is intercepted and later the message is replayed to gain entry to the car.

To prevent replay attacks, a Bluetooth mesh network uses two network PDU fields: the sequence number (SEQ) and IV Index. The SEQ value is incremented every time a message is published. A node will discard any message with SEQ value less than or equal to that of the last valid message, as it could relate to a replay attack. Similarly, IV Index values within a message must always be equal to or greater than the last valid message from its source. This security redundancy provides an added level of protection.

Reliable, Secure Connections

The IoT is fast becoming a reality. From beacons to wireless lighting platforms, we are already seeing the initial phases of IoT deployment. The demand for reliable, scalable, and secure wireless connections is paramount to supporting the next evolution of IoT solutions. Only Bluetooth mesh offers the industrial-grade, government-grade, multi-layer security that the IoT demands.

For an in-depth look at Bluetooth mesh cryptography tools, check out the Bluetooth Mesh Security Overview.


What Makes Bluetooth Mesh So Disruptive?

The behind-the-scenes story of the making of Bluetooth mesh

Watch our on-demand webinar to discover how Bluetooth mesh is disrupting building automation, wireless sensor networks, asset tracking, and more.


Related Resources

Scaling Up Wireless Lighting Controls- 120,000 Sq Feet Illuminated by Bluetooth Mesh Luminaires

Located in the picturesque city of Red Deer, Westerner Park is Central Alberta’s largest…

Stratosphere Tower Gets a Lighting Retrofit

The Bluetooth mesh lighting control ecosystem continues to grow at an exponential rate. In…

Bluetooth Mesh Standard Enters OSRAM Headquarters

In cooperation with Silvair as the company’s technology partner, OSRAM has recently launched a new wireless control…

Unlocking the Potential of the Smart Home

See how the Bluetooth Smart Home Subgroup is making intelligent and integrated smart home…

2019 Bluetooth Market Update

Supported by updated forecasts from ABI Research and insights from several other analyst firms, the Bluetooth Market Update highlights the latest Bluetooth trends and forecasts.

An Introduction to the Bluetooth Mesh Proxy Function

Learn how to create applications for smartphones and other platforms which can monitor and control nodes in a Bluetooth mesh network.

Bluetooth 5: Go Faster, Go Further

Learn how Bluetooth 5 significantly increases the range, speed, and broadcast messaging capacity of Bluetooth applications, making use cases in smart building and smart industry a reality.

Connection Drives Innovation

Watch to see how Bluetooth has expanded its capabilities to establish new markets and push the limits of wireless communication worldwide.

Bluetooth Mesh Networking - An Introduction for Developers

This in-depth introduction for developers examines Bluetooth mesh's system architecture, security mechanisms, and unique message publication and delivery.