summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBruna Moreira <bruna.moreira@openbossa.org>2012-03-02 16:12:17 -0400
committerBruna Moreira <bruna.moreira@openbossa.org>2012-03-02 16:13:19 -0400
commit84126cd237c082303bd76a4130fbcdde51909026 (patch)
tree216b9ba7f55002d47c107b77b3d8158d03323b0d
parent0108d60780190a9bf30001cfa59691bbf1222fcc (diff)
downloadbluez-le-docs-84126cd237c082303bd76a4130fbcdde51909026.tar.gz
bluez-le-docs-84126cd237c082303bd76a4130fbcdde51909026.tar.xz
bluez-le-docs-84126cd237c082303bd76a4130fbcdde51909026.zip
bluez: Add Security Manager description
-rw-r--r--bluez.tex32
1 files changed, 32 insertions, 0 deletions
diff --git a/bluez.tex b/bluez.tex
index 4de998e..4814d04 100644
--- a/bluez.tex
+++ b/bluez.tex
@@ -202,6 +202,38 @@ Detailed information regarding management interface is available at {\em
doc/mgmt-api.txt}. For a technical introduction and rationale, see at BlueZ
homepage \cite{bzhp}.
+\subsection{Security Manager}
+
+The Security Manager (SM) defines the protocol and behavior to manage pairing
+and key distribution, authentication and encryption between LE devices.
+
+The device in the master role shall initiate the Security procedures and the
+device in the slave role shall responding. The slave will send to the master a
+Security Request command and it may encrypt the link or reject de request.
+
+In the BlueZ, only the minimum from Security Manager was implemented.
+Currently, only the method "Just Works" is running (method provides no
+protection against eavesdroppers or man in the middle attacks during the
+pairing process).
+
+In BlueZ API, we have two methods to connect and/or pair with devices,
+{\em CreateDevice} and {\em CreatePairedDevice}.
+
+{\em CreateDevice} creates a new object path for a remote device and
+connect to device. So it will retrieve all SDP records. Note that this
+method will fail if a path for the remote device already exists.
+
+{\em CreatePairedDevice} shares some characteristics with {\em CreateDevice}.
+It creates object path (if not exists), connect to remote device and then
+initiate the pairing. It will fails if the pairing already exists.
+
+Consequently we have the option of create a device connection with
+{\em CreateDevice} and pair after with {\em CreatePairedDevice}.
+
+Addtionally, we can increasing security level after connection setting
+\verb|BT_IO_OPT_SEC_LEVEL| using {\em bt\_io\_set()} function. After that, a
+security request is sent to the master and security precess is initiated.
+
\subsection{Services over GATT}
The Generic Attribute Profile (GATT) defines a service framework for