Use Frame Display to View Encryption/Decryption Process
Security Manager Protocol
The Security Manager Protocol (SMP) controls the process for pairing and key distribution. The results of a pairing and key distribution can be observed in the ComProbe software Frame Display. Activate the Frame Display by clicking on the icon on the Control window toolbar. On the Frame Display low energy protocols are shown in light green tabs. Click on the SMP protocol tab that will show only the SMP commands from the full data set.
SMP Pairing Request (Frame# 35,539) from Initiator (Side 1)
On the left side of the figure above is the Frame Display Decoder pane that shows the decoded information supplied in the selected frame in the Summary pane, Frame# 35,539. Shown is the SMP data associated with and encrypted link (MITM Protection = Yes). The requested keys are also shown. Selecting Frame# 35,545 would provide the response from the responder (Side 2) and would contain similar information.
Selecting Frame# 39,591 will display the Pairing Confirm from the initiator (Side 1) in the Decoder pane. The Confirm Value shown is the Mconfirm 128-bit random number that contains TK, Pairing Request command, Pairing Response command, initiating device address, and the responding device address. Selecting Frame# 39,600 would provide the Sconfirm random number from the responder (Side 2) with similar information from that device but the random number would be different than Mconfirm.
Once pairing is complete and an encrypted session established, the keys are distributed by the master and slave now identified by Side = M and Side = S respectively in the Summary pane. In Frame# 39,661 the slave has distributed LTK to the master to allow exchange of encrypted data. Frame# 39,661 through 39,714 in the Summary pane SMP tab are the key distribution frames.
SMP Pairing Confirm (Frame# 39,591) from Initiator (Side 1)
SMP Key Distribution Frames
Link Layer
The Link Layer (LL) protocol manages the Bluetooth low energy radio transmissions and is involved in starting link encryption. To observe the decoded LL commands, click on the Frame Display LE LL tab, search for and select ControlPkt “LL_ENC_REQ”. This command should originate with Side 1, the initiator of the encryption link. In Figure 11 Frame# 39,617 is selected in the Summary pane and we see the decoded LE LL frame is display in the Decoder pane. Shown in this frame packet is the SKDm that is the Master Session Key Diversifier (SKDmaster). In Frame# 39,623 you will find SKDslave that is combined with SKDmaster to create the Session Key (SK). Both SDKs were created using the LTK. Frame# 39,635 through 39,649 in the LE LL tab completes starting of the encryption process. After the slave sends LL_START_ENC_RSP (Frame# 36,649) the Bluetooth devices can exchange encrypted data, and the ComProbe sniffing device can also receive and decrypt the encrypted data because the appropriate “key” is provided in the BPA 600 Datasource window.
LE LL Tab Encryption Request (Frame# 39,617) from Initiator (Side 1)