NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0468:  Bluetooth pairing vs connection

Publication Date
2019.11.22

Protection Profiles
PP_MD_V3.1

Other References
FIA_BLT_EXT.3.1

Issue Description

It is unclear if FIA_BLT_EXT.3.1 applies to both pairing and connections.

Resolution

FIA_BLT_EXT.3.1 is replaced as follows:


FIA_BLT_EXT.3.1: The TSF shall discard pairing and session initialization attempts from a Bluetooth device address (BD_ADDR) to which an active session already exists.

Application Note: Session is defined as the time interval for which the TSF is actively connected to another device. Thus, the session terminates when the device disconnects from the TSF. If the TOE has an active session to a remote Bluetooth device, new session initialization and/or pairing attempts from devices claiming the same Bluetooth device address may be malicious and should be rejected/ignored. Only one session to a single remote BD_ADDR may be supported at a time.


The Assurance Activity is replaced as follows:


The evaluator shall ensure that the TSS describes how Bluetooth sessions are maintained such that two devices with the same Bluetooth device address are not simultaneously connected and such that the initial session is not superseded by any following session initialization attempts.

The evaluator shall perform the following test:

Step 1: Pair the TOE with a remote Bluetooth device (DEV1) with a known address BD_ADDR. Establish an active session between the TOE and DEV1 with the known address BD_ADDR.

Step 2: Attempt to pair a second remote Bluetooth device (DEV2) claiming to have a Bluetooth device address matching DEV1 BD_ADDR to the TOE. Using a Bluetooth protocol analyzer, verify that the pairing attempt by DEV2 is not completed by the TOE and that the active session to DEV1 is unaffected.

Step 3: Attempt to initialize a session to the TOE from DEV2 containing address DEV1 BD_ADDR. Using a Bluetooth protocol analyzer, verify that the session initialization attempt by DEV2 is ignored by the TOE and that the initial session to DEV1 is unaffected. Using a Bluetooth protocol analyzer, verify that the session initialization attempt by DEV2 is ignored by the TOE and that the initial session to DEV1 is unaffected.

Justification

See issue description

 
 
Site Map              Contact Us              Home