| Affix in a Nutshell: Affix - Open Source Bluetooth Protocol Stack for Linux | ||
|---|---|---|
| Prev | Chapter 2. General Architecture | Next |
Bluetooth has internal security mechanisms: authentication and encryption. And there is documentation that contains recommendation and requirements how security must be achieved. One security mechanism is based on a PIN code which user has to type to be able to connect to a device or allow other devices to connect its device.
Affix has Bluetooth security support conducted through introducing security modes and security levels.
Affix has following security modes:
OPEN. This mode allows any device to connect to any local service without authentication (without PIN code).
LINK. This mode performs security actions at the link level. Before link level connection (ACL) is established device must pass security check (depending on the security level). After connection is established device gets access to all services. In other words, to connect to any service security actions have to be passed.
SERVICE. This mode performs security actions at the service level. Device can create link level connection without any security actions, but to connect to a service must pass security check. This mode is more flexible comparing to link level because it allows to specify what level of security service involves.
Affix has following security levels:
OPEN. No security actions involved.
AUTH. A PIN code based authentication is required to pass security check.
ENCRYPT. A connection encryption is required. This level includes AUTH level.
AUTHOR. An authorization is required to pass security check. User must manually confirm the action (e.g. accepts connection).
Those mechanisms make Affix very secure and flexible. To select desired security level user has to set security mode and security level for that mode. For example, to select SERVICE mode security and require AUTH authentication and AUTHOR authorization to be involved.