6. Bluetooth Security

6.5 Service Security Levels

Bluetooth specifications include authentication (uni- and bi-directional) and encryption services at the link level using the Link Manager Protocol (LMP). Authentication between a pair of devices is based on a secret link key that is generated by a pairing procedure when the two devices communicate for the first time. There are three security modes defined:

1. Security Mode 1 (non-secure): No security procedures are performed;
2. Security Mode 2 (service level security): Security procedures initiated after channel establishment request has been received at L2CAP level. Whether security procedure is initiated or not depends on the service type. Service (or application) level security implementation allows different access policies for different applications which may run in parallel. 
3. Security Mode 3 (link level security): Security procedures are performed and authenticated at the LMP level before a channel is created for communication. A Bluetooth device in security mode 3 may reject a host connection request best on host settings.

The following flowchart (Figure 8) describes how the channel establishment procedure work depending on the security level.

Services are also classified as - (1) services that are open to all devices; (2) services that require authentication only; and (3) services that require both authentication and authorization. While automatic access is only granted to trusted devices, all other devices need manual authorization. A link may be changed to encrypted mode if required by the service or application.