I am looking to seamlessly connect multiple slaves to one bluetooth low energy master, however I do not want to go through the process of pairing each individual device. The pairing process takes too long and I don't want to manually do it if I have 100+ devices; however, one side effect of unpaired seems to be the lack of security between devices.
I have been doing A LOT of research into this to see if this is even viable and I can't seem to find a clear understanding. At first I was under the impression that 'Just Works' was a form of unpaired communication but I believe this is incorrect. It seems that 'Just work' is actually paired. If this is the case it might solve my second question on how one might go about securing such communication. Though the documentation I have read says that it is a legacy method and the security support for it might be poor.
I have found this link Is Bluetooth Communication Possible Without Pairing?. Which seems to conclude that unpaired is possible however this is through traditional bluetooth communication protocols. And it is a little unclear to me how this is different from pairing.
It seems that one side effect of unpaired communication might be the lack of security between devices. They wouldn't be able to set up the right keys to securely communicate.
Tl;dr – What would a paired bluetooth low energy connection look like vs an unpaired bluetooth low energy connection?
A few of the several links/documentation I've viewed:
https://blog.bluetooth.com/bluetooth-pairing-part-1-pairing-feature-exchange
https://blog.bluetooth.com/bluetooth-pairing-part-2-key-generation-methods
https://blog.bluetooth.com/bluetooth-pairing-passkey-entry
https://blog.bluetooth.com/bluetooth-pairing-part-4
https://blog.bluetooth.com/bluetooth-pairing-part-5-legacy-pairing-out-of-band
Thanks
Best Answer
If you need security, you need pairing and bonding.
There is another term called "bonding" in BLE, which might be exactly what you want. Let me give you a short recap...
Pairing This is the process of key generation and setting up a secure communication for a connection. Of course, this involves some communication overhead (exchanging public keys, generating a common symmetric long term key, ...). You won't do that EVERY time you connect devices but just once.
Bonding After pairing, it is important to STORE the generated keys from the pairing process. This is called bonding. It enables two devices to securely communicate with each other with a key that was generated during the pairing process. After bonding, communication between devices has no overhead other than the cypher.
Just Works This is basically the input/output capabilities of your device. Consider a device without buttons or display. The only way to setup a secure communication is "just works", because there is no possibility to have additional passwords or numbers that can be exchanged out-of-band (e.g. pin code entry or NFC).
One other thing: In BLE, there is always "legacy" security and since version 4.2 the newer "LESC" security. LESC is the only one that is considered secure today.