Signing the Data

Signing the data is a very important concept in terms of message integrity. If the encryption is not available, BLE has the ability to send authenticated data over an unencrypted link between two devices. This is done by signing a data using a Connection Signature Resolving Key (CSRK). This signature is placed after the Packet Data Unit (PDU). The receiving device verifies the signature and considers it coming from a trusted source. The signature is made by a Message Authentication Code (MAC) which can sometime use Hash Functions. This MAC is made upon counter value which protects the replay attack.