Security methods for use with the Service discovery application profile  are
discussed in this section.
The Service discovery application profile describes the features and
procedures used to discover services registered on other Bluetooth wireless
devices using the Bluetooth Service Discovery Protocol (SDP). The user,
independently of other profiles, specifically initiates the SDP. Service
discovery procedures may be associated with other profiles, such as the LAN
access profile to display network resources. In these situations the security
procedures associated with the specific profiles should be applied.
The SDP uses only connection-oriented channels, however the SDP itself is a
connectionless datagram service. It relies on the L2CAP layer to create and
manage connections. This is significant in that the basis for security in the
SDP is the initial connection and pairing of devices. The SDP itself does not
require the use of authentication and/or encryption for SDP transactions. If
authentication is performed on the Bluetooth wireless devices to be involved in
an SDP procedure, then the devices must pass the authentication test to
perform SDP procedures. Therefore any security procedures applied to the
SDP are determined by those used to negotiate the connections between the
specific Bluetooth wireless devices. SDP is not available to devices that do
not pass this test.
Since SDP security is based on device access to the SDP service, security
may be provided by restricting access to trusted devices, i.e., devices with
fixed relationship (paired) that is trusted and has access to services.
Presumably the trust relationship is arranged in advance using the Bluetooth
pairing mechanism. Once the devices have been paired, SDP is available. No
additional security procedures are implemented.
In the case of a connection between untrusted or unknown devices, the
service record is freely available, since no security is applied. This, however,
is acceptable in many situations since the SDP only provides a record
indicating what services are available, not a mechanism to access these services.