Hi,
On the low-level side of security, BLE uses AES-128 CCM mode. This means, as you might know, that packets are encrypted using AES counter mode and signed using a message authentication code. Replay attacks are protected against by incrementing the counter every time new payload is encrypted. Only retransmissions use the same counter, and then with absolutely no change of the encrypted payload.
You can read more on the BLE security in the Bluetooth Core specification, v. 4.0, which can be downloaded from https://www.bluetooth.org/Technical/Specifications/adopted.htm. (Note also some corrections in Core Specification Addendum (CSA) 3). In the core specification, you should primarily look at Volume 6, Part E (and parts of Part B) and Volume 3, Part H.