Bluetooth Mesh (Part 3)

Secure Provisioning

In this next part of his article series on Bluetooth mesh, Bob looks at how to create secure provisioning for a Bluetooth Mesh network without requiring user intervention. He also takes a special look at an attack called Man-in-the-Middle which Bluetooth’s asymmetric key encryption is vulnerable to.

By Bob Japenga

Both of our cars are more than 15 years old. My only new car envy is with the lack of a modern audio system. With a rental car, I’m always envious of the Bluetooth support and the seamless way I can connect and reconnect my phone to the car’s system. Most of the new audio systems are well thought out and easy to use. For my birthday, I got a Bluetooth device that would connect my phone to my dumb audio system in both cars. I have been very happy with the devices although they have two quirks. One is that they don’t work when the car has been left outside and it’s below zero. After the car warms up, it will happily function. But it doesn’t like subzero temperatures.

The other quirk—pointed out by my grandchildren—is that when it powers up, it announces: “Waiting for Pairing.” And then when it is paired, it reports “Paired.” The quirk is that instead of saying “Waiting for Pairing” it sounds like it is saying “Waiting for Perry.” The first time my grandkids were in the car, they asked: “Who is Perry and why are we waiting for him?” Now I can only hear “Waiting for Perry” when I turn on the car.
Pairing is the way two standard Bluetooth devices establish the initial link for one-to-one networking (Figure 1). Bluetooth mesh needs a much more sophisticated and secure method of linking the many-to-many network. That method is called provisioning. I introduced Bluetooth mesh provisioning in my last article (Circuit Cellar 345, April 2019) [1]. So, if you haven’t read that article, as a minimum, it will be important to go back to understand the terms that were defined in that article and which I will be using in this article.

Figure 1
Pairing is the way two standard Bluetooth devices establish the initial link for one-to-one networking.

As I mentioned last time, the Bluetooth specification [2] states that only if an Out-of-Band (OOB) public key is used or if an OOB action is taken to pass the public key (using user supplied information), “provisioning is Insecure Provisioning.” This statement will basically jettison any project that does not use one of these two OOB methods when presented to a savvy IT group. It did for us. Imagine presenting to your CEO a new product line using Bluetooth mesh that doesn’t use one of these two methods. Most likely the savvy CEO will ask: “What is the projected return on our investment?” AND “Is it secure?” Would you want to say: “Well, we are using Insecure Provisioning but other than that it is secure?”

I’m not convinced that the specification is entirely accurate in this statement and would appeal to the Bluetooth SIG to reconsider their wording. I want to elaborate on this idea in this article and provide some means for making provisioning secure without using either of the two OOB methods to pass the public keys.

Man-in-the-Middle

As I mentioned last time, Bluetooth uses asymmetric key encryption during the first part of provisioning. Asymmetric key encryption has one basic security flaw. It is subject to what is called a Man-in-the-Middle (MitM) attack. Let me illustrate this attack.

Imagine that Bob and Barbara are happily married. I know, normally everyone uses Alice in these illustrations, but my wife’s name is Barbara. They want to communicate some secret birthday plans about their grandson Sean. So, they both send over clear text their public keys (B1 and B2) (Figure 2). Bob encrypts all of his messages with Barbara’s public key B2, and sends them to Barbara. Barbara decrypts all of Bob’s messages using her private key B2P. Barbara sends all of her messages to Bob using Bob’s public key B1 to encrypt the data. Bob decrypts Barbara’s messages with Bob’s private key B1P.

Figure 2
Shown here is an example exchange that would be insecure because it would be subject to a Man-in-the-Middle attack. However, during normal asymmetric key encryption, the attack can be prevented through authentication.

Imagine that grandson Sean is a curious computer whiz and wants to know what’s he is going to get for his birthday. He intercepts the public key exchange B1 and B2 between his grandparents. Instead of passing on their public keys, he sends them his public key S1. So, when Bob and Barbara send their messages encrypted with S1 to each other he intercepts them and decrypts them using his private key S1P since they are encrypting their messages with his public key S1. He finds out what he is getting for his birthday and then encrypts the messages using Bob and Barbara’s public keys and sends them back to them. Bob and Barbara are clueless to the fact that Sean now knows what he is getting for his birthday.

That example illustrates that, if during the provisioning process, the public keys are not exchanged OOB, the process would be insecure because they would be subject to a MitM attack. However, during normal asymmetric key encryption, the way this can be prevented is through authentication. If Bob can know that a key is authentically from Barbara, he would immediate recognize that the key that Sean sent was not from Barbara. During normal Internet asymmetric key encryption this authentication is done through Certificates of Authority created by a trusted signing authority.

The Bluetooth provisioning process includes authentication of the device as part of the process. Authentication can either be using an OOB technique or without OOB. So, I would contend that if you use some means of authenticating that does not transfer the credentials over the Bluetooth network, your provisioning process would be secure in spite of what the Bluetooth specification says (I am definitely treading on thin ice here!).

Read the full article in the June 347 issue of Circuit Cellar

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

June Circuit Cellar: Sneak Preview

The June issue of Circuit Cellar magazine is out next week!. We’ve been tending our technology crops to bring you a rich harvest of in-depth embedded electronics articles. We’ll have this 84-page magazine brought to your table very soon..

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of June 2019 Circuit Cellar:

TOOLS AND CONCEPTS FOR ENGINEERS

Integrated PCB Design Tools
After decades of evolving their PCB design tool software packages, the leading tool vendors have the basics of PCB design nailed down. In recent years, these companies have continued to come up with new enhancements to their tool suites, addressing a myriad of issues related to not just the PCB design itself, but the whole process surrounding it. Circuit Cellar Chief Editor Jeff Child looks at the latest integrated PCB design tool solutions.

dB for Dummies: Decibels Demystified
Understanding decibels—or dB for short—may seem intimidating. Frequent readers of this column know that Robert uses dB terms quite often—particularly when talking about wireless systems or filters. In this article, Robert Lacoste discusses the math underlying decibels using basic concepts. The article also covers how they are used to express values in electronics and even includes a quiz to help you hone your decibel expertise.

Understanding PID
As a means for implementing feedback control systems, PID is an important concept in electronics engineering. In this article, Stuart Ball explains how PID can be applied and explains the concept by focusing on a simple circuit design.

DESIGNING CONNECTED SYSTEMS

Sensor Connectivity Trends
While sensors have always played a key role in embedded systems, the exploding Internet of Things (IoT) phenomenon has pushed sensor technology to the forefront. Any IoT implementation depends on an array of sensors that relay input back to the cloud. Circuit Cellar Chief Editor Jeff Child dives into the latest technology trends and product developments in sensors with an emphasis on their connectivity aspects.

Bluetooth Mesh (Part 3)
In this next part of his article series on Bluetooth mesh, Bob Japenga looks at how to create secure provisioning for a Bluetooth Mesh network without requiring user intervention. He takes a special look at an attack which Bluetooth’s asymmetric key encryption is vulnerable to called Man-in-the-Middle.

PONDERING POWER AND ENERGY

Product Focus: AC-DC Converters
To their peril, embedded system developers often treat their choice of power supply as an afterthought. But choosing the right AC-DC converter is critical to the ensuring your system delivers power efficiently to all parts of your system. This Product Focus section updates readers on these trends and provides a product album of representative AC-DC converter products.

Energy Monitoring (Part 1)
The efficient use of energy is a topic moving ever more front and center these days as climate change and energy costs begin to affect our daily lives. Curious to discover how efficient his own energy consumption was, George Novacek built an MCU-based system to monitor his household energy. And, in order to make sure this new device wasn’t adding more energy use, he chose to make the energy monitoring system solar-powered.

Building a PoE Power Subsystem
Power-over-Ethernet (PoE) allows a single cable to provide both data interconnection and power to devices. In this article, Maxim Integrated’s  and Maxim Integrated’s Thong Huynh and Suhei Dhanani explore the key issues involved in implementing rugged PoE systems. Topics covered include standards compliance, interface controller selection, DC-DC converter choices and more.

Taming Your Wind Turbine
While you can buy off-the-shelf wind power generators these days, they tend to get bad reviews from users. The problem is that harnessing wind energy takes some “taming” of the downstream electronics. In this article, Alexander Pozhitkov discusses his characterization project for a small wind turbine. This provides a guide for designing your own wind energy harvesting system.

MORE PROJECT ARTICLES WITH ALL THE DETAILS

Windless Wind Chimes (Part 1)
Wind chimes make a pleasant sound during the warm months when windows are open. But wouldn’t it be nice to simulate those sounds during the winter months when your windows are shut? In part 1 of this project article, Jeff Bachiochi builds a device that simulates a breeze randomly playing suspended wind chimes. Limited to the standard 5-note pentatonic chimes, this device is based on a Microchip PIC18 low power microcontroller.

GPS Guides Robotic Car
In this project article, Raul Alvarez-Torrico builds a robotic car that navigates to a series of GPS waypoints. Using the Arduino UNO for a controller, the design is aimed at robotics beginners that want to step things up a notch. In the article, Raul discusses the math, programing and electronics hardware choices that went into this project design.

Haptic Feedback Electronic Travel Aid
Time-of-flight sensors have become small and affordable in the last couple years. In this article, learn how Cornell graduates Aaheli Chattopadhyay, Naomi Hess and Jun Ko detail creating a travel aid for the visually impaired with a few time-of-flight sensors, coin vibration motors, an Arduino Pro Mini, a Microchip PIC32 MCU, a flashlight and a sock.

Low-Power Bluetooth MCUs Deliver Mesh Networking

Cypress Semiconductor has announced it is sampling two low-power, dual-mode Bluetooth 5.0 and Bluetooth Low Energy (BLE) MCUs that include support for Bluetooth mesh networking for the Internet of Things (IoT). The new CYW20819 and CYW20820 MCUs each provide simultaneous Bluetooth 5.0 audio and BLE connections.

The CYW20819 Bluetooth/BLE MCU has the ability to maintain Serial Port Profile (SPP) protocol connections and Bluetooth mesh connections simultaneously. The CYW20820 offers the same features and integrates a power amplifier (PA) with up to 10 dBm output power for long-range applications up to 400 m and whole-home coverage. This provides classic Bluetooth tablet and smartphone connections while enabling a low-power, standards-compliant mesh network for sensor-based smart home or enterprise applications.

Both MCUs embed the Arm Cortex-M4 core. It enables operation at 60% lower active power for connected 200-ms beacons compared to current solutions—delivering up to 123 days of battery life from a CR2032 coin cell battery. Previously, users needed to be in the immediate vicinity of a Bluetooth device to control it without an added hub. Using Bluetooth mesh networking technology, combined with the high-performance integrated PA in the CYW20820, the devices within a network can communicate with each other.

Cypress Semiconductor | www.cypress.com

April Circuit Cellar: Sneak Preview

The April issue of Circuit Cellar magazine is out next week (March 20th)!. We’ve worked hard to cook up a tasty selection of in-depth embedded electronics articles just for you. We’ll be serving them up to in our 84-page magazine.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of April 2019 Circuit Cellar:

VIDEO AND DISPLAY TECHNOLOGIES IN ACTION

Video Technology in Drones
Because video is the main mission of the majority of commercial drones, video technology has become a center of gravity in today’s drone design decisions. The topic covers everything including single-chip video processing, 4k HD video capture, image stabilization, complex board-level video processing, drone-mounted cameras, hybrid IR/video camera and mesh-networks. In this article, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at the technology and trends in video technology for drones.

Building an All-in-One Serial Terminal
Many embedded systems require as least some sort of human interface. While Jeff Bachiochi was researching alternatives to mechanical keypads, he came across the touchscreen display products from 4D Systems. He chose their inexpensive, low-power 2.4-inch, resistive touch screen as the basis for his display subsystem project. He makes use of the display’s Espressif Systems ESP8266 processor and Arduino IDE support to turn the display module into a serial terminal with a serial TTL connection to other equipment.

MICROCONTROLLERS ARE EVERYWHERE

Product Focus: 32-Bit Microcontrollers
As the workhorse of today’s embedded systems, 32-bit microcontrollers serve a wide variety of embedded applications-including the IoT. MCU vendors continue to add more connectivity, security and I/O functionality to their 32-bit product families. This Product Focus section updates readers on these trends and provides a product album of representative 32-bit MCU products.

Build a PIC32-Based Recording Studio
In this project article, learn how Cornell students Radhika Chinni, Brandon Quinlan, Raymond Xu built a miniature recording studio using the Microchip PIC32. It can be used as an electric keyboard with the additional functionality of recording and playing back multiple layers of sounds. There is also a microphone that the user can use to make custom recordings.

WONDERFUL WORLD OF WIRELESS

Low-Power Wireless Comms
The growth in demand for IoT solutions has fueled the need for products and technology to do wireless communication from low-power edge devices. Using technologies including Bluetooth Low-Energy (BLE), wireless radio frequency technology (LoRa) and others, embedded system developers are searching for ways to get efficient IoT connectivity while drawing as little power as possible. Circuit Cellar Chief Editor Jeff Child explores the latest technology trends and product developments in low-power wireless communications.

Bluetooth Mesh (Part 2)
Continuing his article series on Bluetooth mesh, this month Bob Japenga looks at the provisioning process required to get a device onto a Bluetooth mesh network. Then he examines two application examples and evaluates the various options for each example.

Build a Prescription Reminder
Pharmaceuticals prescribed by physicians are important to patients both old and young. But these medications will only do their job if taken according to a proper schedule. In this article, Devlin Gualtieri describes his Raspberry-Rx Prescription Reminder project, a network-accessible, the Wi-Fi connected, Raspberry Pi-based device that alerts a person when a particular medication should be administered. It also keeps a log of the actual times when medications were administered.

ENGINEERING TIPS, TRICKS AND TECHNIQUES

The Art of Current Probing
In his February column, Robert Lacoste talked about oscilloscope probes—or more specifically, voltage measurement probes. He explained how selecting the correct probe for a given measurement, and using it as it properly, is as important as having a good scope. In this article, Robert continues the discussion with another common measurement task: Accurately measuring current using an oscilloscope.

Software Engineering
There’s no doubt that achieving high software quality is human-driven endeavor. No amount of automated code development can substitute for best practices. A great tool for such efforts is the IEEE Computer Society’s Guide to the Software Engineering Body of Knowledge. In this article, George Novacek discusses some highlights of this resource, and why he has frequently consulted this document when preparing development plans.

HV Differential Probe
A high-voltage differential probe is a critical piece of test equipment for anyone who wants to safely examine high voltage signals on a standard oscilloscope. In his article, Andrew Levido describes his design of a high-voltage differential probe with features similar to commercial devices, but at a considerably lower cost. It uses just three op amps in a classic instrumentation amplifier configuration and provides a great exercise in precision analog design.

February Circuit Cellar: Sneak Preview

The February issue of Circuit Cellar magazine is coming soon. We’ve raised up a bumper crop of in-depth embedded electronics articles just for you, and packed ’em into our 84-page magazine.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of February 2019 Circuit Cellar:

MCUs ARE EVERYWHERE, DOING EVERYTHING

Electronics for Automotive Infotainment
As automotive dashboard displays get more sophisticated, information and entertainment are merging into so-called infotainment systems. That’s driving a need for powerful MCU- and MPU-based solutions that support the connectivity, computing and interfacing needs particular to these system designs. In this article, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at the technology and trends feuling automotive infotainment.

Inductive Sensing with PSoC MCUs
Inductive sensing is shaping up to be the next big thing for touch technology. It’s suited for applications involving metal-over-touch situations in automotive, industrial and other similar systems. In his article, Nishant Mittal explores the science and technology of inductive sensing. He then describes a complete system design, along with firmware, for an inductive sensing solution based on Cypress Semiconductor’s PSoC microcontroller.

Build a Self-Correcting LED Clock
In North America, most radio-controlled clocks use WWVB’s transmissions to set the correct time. WWVB is a Colorado-based time signal radio station near. Learn how Cornell graduates Eldar Slobodyan and Jason Ben Nathan designed and built a prototype of a Digital WWVB Clock. The project’s main components include a Microchip PIC32 MCU, an external oscillator and a display.

WE’VE GOT THE POWER

Product Focus: ADCs and DACs
Analog-to-digital converters (ADCs) and digital-to-analog converters (DACs) are two of the key IC components that enable digital systems to interact with the real world. Makers of analog ICs are constantly evolving their DAC and ADC chips pushing the barriers of resolution and speeds. This new Product Focus section updates readers on this technology and provides a product album of representative ADC and DAC products.

Building a Generator Control System
Three phase electrical power is a critical technology for heavy machinery. Learn how US Coast Guard Academy students Kent Altobelli and Caleb Stewart built a physical generator set model capable of producing three phase electricity. The article steps through the power sensors, master controller and DC-DC conversion design choices they faced with this project.

EMBEDDED COMPUTING FOR YOUR SYSTEM DESIGN

Non-Standard Single Board Computers
Although standard-form factor embedded computers provide a lot of value, many applications demand that form take priority over function. That’s where non-standard boards shine. The majority of non-standard boards tend to be extremely compact, and well suited for size-constrained system designs. Circuit Cellar Chief Editor Jeff Child explores the latest technology trends and product developments in non-standard SBCs.

Thermal Management in machine learning
Artificial intelligence and machine learning continue to move toward center stage. But the powerful processing they require is tied to high power dissipation that results in a lot of heat to manage. In his article, Tom Gregory from 6SigmaET explores the alternatives available today with a special look at cooling Google’s Tensor Processor Unit 3.0 (TPUv3) which was designed with machine learning in mind.

… AND MORE FROM OUR EXPERT COLUMNISTS

Bluetooth Mesh (Part 1)
Wireless mesh networks are being widely deployed in a wide variety of settings. In this article, Bob Japenga begins his series on Bluetooth mesh. He starts with defining what a mesh network is, then looks at two alternatives available to you as embedded systems designers.

Implementing Time Technology
Many embedded systems need to make use of synchronized time information. In this article, Jeff Bachiochi explores the history of time measurement and how it’s led to NTP and other modern technologies for coordinating universal date and time. Using Arduino and the Espressif System’s ESP32, Jeff then goes through the steps needed to enable your embedded system to request, retrieve and display the synchronized date and time to a display.

Infrared Sensors
Infrared sensing technology has broad application ranging from motion detection in security systems to proximity switches in consumer devices. In this article, George Novacek looks at the science, technology and circuitry of infrared sensors. He also discusses the various types of infrared sensing technologies and how to use them.

The Art of Voltage Probing
Using the right tool for the right job is a basic tenant of electronics engineering. In this article, Robert Lacoste explores one of the most common tools on an engineer’s bench: oscilloscope probes, and in particular the voltage measurement probe. He looks and the different types of voltage probes as well as the techniques to use them effectively and safely.