SMP

SMP (Security Manager Protocol)

SMP (Security Manager Protocol) is the BLE protocol responsible for Pairing, key generation, key distribution, and establishing encrypted links between devices. It operates on a dedicated L2CAP channel (CID 0x0006) and implements the security procedures defined in the Core Specification.

Pairing Phases

SMP pairing proceeds through three phases:

Phase 1 -- Feature Exchange: Devices exchange their I/O capabilities (display, keyboard, yes/no buttons), authentication requirements (MITM protection), and supported pairing methods. The SMP uses these capabilities to select the appropriate association model: Just Works, Passkey Entry, Numeric Comparison, or OOB.

Phase 2 -- Key Generation: In Legacy Pairing (BLE 4.0/4.1), a Temporary Key (TK) and Short Term Key (STK) are generated. In LE Secure Connections (BLE 4.2+), ECDH key exchange on the P-256 curve produces a shared secret, from which the LTK is derived. LESC provides protection against passive eavesdropping.

Phase 3 -- Key Distribution: After encryption is established, devices exchange additional keys depending on the use case: - LTK: Long Term Key for future reconnection encryption - IRK: Identity Resolving Key for resolving LE Privacy addresses - CSRK: Connection Signature Resolving Key for signed data verification

Security Levels

Implementation

SMP is implemented in the BLE host stack and is typically managed through the SDK's security API. On the Zephyr RTOS, SMP is part of the Bluetooth subsystem and triggered via bt_conn_set_security(). Developers must handle security callbacks for passkey display, passkey input, and pairing confirmation.

Common Pitfalls

A frequent issue is mismatched I/O capabilities leading to unexpected Just Works pairing when MITM protection was intended. Always verify that the correct I/O capability flags are set in the SMP configuration. Additionally, bond storage (Bonding) must be properly managed -- lost bonds cause pairing failures and user frustration.