You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
4.4 KiB
86 lines
4.4 KiB
6 years ago
|
<chapter id="concepts">
|
||
|
<title>Concepts</title>
|
||
|
|
||
|
<sect1 id="concepts.pairing">
|
||
|
<title>Bluetooth security: Pairing devices</title>
|
||
|
|
||
|
<sect2 id="concepts.pairing.whatisit">
|
||
|
<title>What is "Pairing"?</title>
|
||
|
<para>
|
||
|
Very often it is required for a device to authenticate iself when it
|
||
|
wants to access a service. In that case the two devices needs to be
|
||
|
<phrase>paired</phrase>.
|
||
|
When two devices are paired, they can be sure about the identity of the other
|
||
|
party. Without pairing, you would have to rely on the address or name of
|
||
|
the other device, which can be faked easily.
|
||
|
</para>
|
||
|
<para>
|
||
|
Pairing usually happens one time between two devices. After pairing, connections
|
||
|
between the two devices will be <phrase>authenticated</phrase> automatically.
|
||
|
</para>
|
||
|
<para>
|
||
|
Usually <emphasis>the pairing process will be started automatically when it is needed</emphasis>.
|
||
|
You do not have to worry about a device not being paired if you want to access its services.
|
||
|
If they try to authenticate, but fail, the pairing process will be started automatically.
|
||
|
</para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="concepts.pairing.howdoesitwork">
|
||
|
<title>How does it work?</title>
|
||
|
|
||
|
<para>
|
||
|
Devices are paired to be sure about the identity of the other side. But the
|
||
|
first step can't be done automatically. <emphasis>You</emphasis> have to make
|
||
|
sure that you know who wants to pair with your device. This is done by entering
|
||
|
a "PIN" number in both devices. The notion "PIN" is widely used, but misleading.
|
||
|
It is not the type of PIN you have to enter to get money from a cash machine.
|
||
|
You don't have to remember it. And after (!) the pairing is done you don't have to
|
||
|
keep it secret. You only have to make sure that nobody else knows that number
|
||
|
until you (or you two) entered this number in each device.
|
||
|
</para>
|
||
|
<para>
|
||
|
To be on the safe side, you should not only keep the PIN secret during the pairing
|
||
|
process, but you should also use a random number, which can't be guessed easily.
|
||
|
TDE Bluetooth assists you here by creating a 8-digit random number itself if possible.
|
||
|
You can also use characters for a pin, but then you might have problems entering
|
||
|
it into the pin dialog on a mobile phone.
|
||
|
</para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="concepts.pairing.pinhelper">
|
||
|
<title>The PIN helper</title>
|
||
|
<para>
|
||
|
But where should the pin be entered? As it was noted before, the devices will simply
|
||
|
ask you for the PIN when is is needed. For BlueZ, things are a bit more complicated.
|
||
|
There are several ways for BlueZ to get the PIN number from the user.
|
||
|
</para>
|
||
|
<para>
|
||
|
TDE Bluetooth makes it simple by offering Authentication Agent that interacts with the
|
||
|
bluetooth subsystem and offers dialogs to confirm or fill in PIN.
|
||
|
Please see the <link linkend="installation.setup">setup instructions</link> on how to set
|
||
|
up the pin helper and what to do if it doesn't work.
|
||
|
</para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="concepts.pairing.bluez">
|
||
|
<title>Managing paried devices</title>
|
||
|
<para>
|
||
|
After you have paired many devices you might ask yourself which devices are paired and which one not. You also may want to remove a pairing.
|
||
|
</para>
|
||
|
<para>
|
||
|
First, no device can ever know for sure with which devices it is paired. When two devices are paired, they share a secret <phrase>link key</phrase>, which was created during the paring process based on the pin number and some other ingredients. Because the other side may decide to delete a link key without notice, haveing a link key for a given device doesn't guarantee that the link key on the other side still exists. If one link key is gone, the pairing does not exist anymore. Of course you can be sure that you are <emphasis>not</emphasis> paired with a device if you don't have a link key for it.
|
||
|
</para>
|
||
|
<para>
|
||
|
So how can link keys be removed? That depends on the device. Most phones or PDAs have a list of "paired" or "trusted" devices, where you can remove single item from somehow.
|
||
|
In TDE Bluez you can remove the device by using the "Devices..." and then select and delete the device.
|
||
|
</para>
|
||
|
<para>
|
||
|
There is as special annoyance involved, when you frequently switch between different operating system which both use bluetooth (Linux<->Windows usually): When you pair your phone under Linux and then boot Windows, Windows will know nothing about the link keys managed by Bluez. So it appears as if the computer has dropped the link key and you will have to pair again. Depending on your device it might not even be possible to pair again without removing the "old" link key on the device before.
|
||
|
</para>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
</sect1>
|
||
|
|
||
|
</chapter>
|