Share via

BTSecurityLevel (Compact 2013)

  • Article

3/26/2014

This enumeration lists security levels for connections between Bluetooth devices.

Syntax

typedef enum BTSecurityLevel{
  BTSecurityLevel_0,
  BTSecurityLevel_1,
  BTSecurityLevel_2,
  BTSecurityLevel_3
} BTSecurityLevel;

Elements

  • BTSecurityLevel_0
    Does not require that either device have I/O capability. The connection is not encrypted and does not generate a shared link key. This level is only permitted for Service Discovery Protocol (SDP) connections.
  • BTSecurityLevel_1
    Does not require that either device have I/O capability. The connection is encrypted if both devices support the Bluetooth specification V2.1 or higher. The connection is not encrypted if either device lacks support for V2.1.
  • BTSecurityLevel_2
    Might require I/O capability on one or both devices. The connection is encrypted, but does not offer any protection from man-in-the-middle attacks.
  • BTSecurityLevel_3
    Requires I/O or out-of-band authentication capability on both devices. The connection is encrypted and has some protection against man-in-the-middle attacks. This level is only possible between two devices that support V2.1 or higher.

Remarks

For a detailed description of the security levels and their usage, see "Security Database" in the Core Specification v2.1 + EDR, Bluetooth web site.

The "Security Database" topic in the Core Specification v2.1 + EDR defines the default security level for connections. For example, applications can request security level 3 for a connection over radio frequency communication RFCOMM if man-in-the-middle (MITM) security is recommended, or they can request level 2 without MITM protection.

The only service allowed to use level 0 security is SDP, which does not use RFCOMM. Therefore, all RFCOMM-based services must use level 1 security or higher.

Two devices will not connect with each other unless both meet or exceed the security level that each requires. For example, say that device A requires a security level-3 connection to a given service, and device B requires a security level-2 connection to the same service and does not have any I/O or out-of-band capability. The two devices cannot connect because the user cannot interact with device B to authenticate a security level-3 connection, as device A requires.

The Bluetooth SIG recommends using security level 3 for services that exchange personal or confidential information, security level 0 for SDP service connections, and security levels 1 or 2 for other services.

Requirements

Header

bt_api.h

See Also

Reference

Bluetooth Application Development Enumerations
BT_SSP_USER_CONFIRMATION_REQUEST_EVENT
BT_SSP_USER_PASSKEY_NOTIFICATION_EVENT