Pairing is the one-time process of generating shared encryption keys via ECDH exchange. Bonding is storing those keys in non-volatile memory so devices can reconnect without re-pairing. After bonding, reconnection is automatic and encrypted. Without bonding, devices must pair again after each disconnection.

What association models exist?

Just Works: no user interaction, no MITM protection (headsets, speakers). Numeric Comparison: both devices display 6-digit code, user confirms match (phones, laptops). Passkey Entry: user enters 6-digit code shown on one device into the other (keyboards). Out-of-Band (OOB): keys exchanged via NFC or QR code (most secure, requires additional hardware).

LE Legacy vs LE Secure Connections?

LE Legacy Pairing (BLE 4.0-4.1) uses a Temporary Key and Short-Term Key with AES-CCM. Vulnerable to passive eavesdropping if the TK is intercepted. LE Secure Connections (BLE 4.2+) uses ECDH P-256 key exchange, providing forward secrecy: even if the long-term key is later compromised, past sessions cannot be decrypted.

Wireless Protocols

Bluetooth Pairing

Bluetooth Pairing is the process of establishing a trusted, encrypted relationship between two devices by generating shared encryption keys. Classic Bluetooth uses Secure Simple Pairing (SSP, Bluetooth 2.1+) with ECDH P-192 key exchange. BLE uses LE Secure Connections (BLE 4.2+) with ECDH P-256, providing forward secrecy. Association models (Just Works, Numeric Comparison, Passkey, OOB) balance security against usability based on device I/O capabilities.

Category: Wireless Protocols

Encryption: AES-128 CCM

Understanding Bluetooth Pairing

The pairing process has three phases: (1) Feature Exchange (devices announce I/O capabilities and security requirements), (2) Key Generation (ECDH exchange creates a shared secret, association model authenticates it), and (3) Key Distribution (Long-Term Key, Identity Resolving Key, Connection Signature Key are shared and optionally stored for bonding).

MITM (Man-in-the-Middle) protection depends on the association model. Just Works provides encryption but no MITM protection. Numeric Comparison and Passkey Entry provide MITM protection. OOB provides the strongest security by exchanging keys over a separate channel (NFC tap).

Security Levels

Mode 1 Level 1: No security
Mode 1 Level 2: Unauthenticated (Just Works)
Mode 1 Level 3: Authenticated (Passkey/NC)
Mode 1 Level 4: Authenticated + LE SC (ECDH P-256)

Level 4 provides forward secrecy

Association Model Comparison

Model	User Action	MITM	Use Case
Just Works	None	No	Headsets, speakers
Numeric Comparison	Confirm 6-digit	Yes	Phone-to-phone
Passkey Entry	Enter 6-digit	Yes	Keyboards
OOB (NFC)	Tap devices	Yes	Quick pair

Common Questions

Frequently Asked Questions

Pairing vs Bonding?

Pairing: one-time key generation via ECDH. Bonding: storing keys for automatic reconnection. Without bonding, must re-pair each time.

Association models?

Just Works (no MITM), Numeric Comparison (confirm code), Passkey (enter code), OOB (NFC tap, strongest).

Legacy vs Secure Connections?

Legacy (4.0): TK/STK, vulnerable to eavesdropping. Secure Connections (4.2+): ECDH P-256, forward secrecy.

Related Terms

← Bluetooth Mesh BMEWS →

BLE Security

Request a Quote

Need Bluetooth security tools, protocol analyzers, or pairing test equipment? Contact our team.

Get in Touch