Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

Picking an encryption for just works mode with rolling counter

Hello,

I am using a nRF52833, and have an open characteristic in just works mode. I need to send encrypted data on this characteristic, however, the encrypted text needs to change if the same message was sent. For example, if I send "Hello world" twice, the encrypted text should be different. I was thinking of adding a counter variable appended on the key, but wasn't sure if something like this already exists for the nRF52833, as well as what encryption would be best.

Top Replies

Kazi Afroza Sultana over 1 year ago in reply to jerome.sc +1 verified

It requires some knowledge about cryptography to be implemented correctly. There are some pitfalls involved in implementing this. Eg. if the AES CTR counter gets out of synch between the BLE nodes, it…

Parents

0 Kazi Afroza Sultana over 1 year ago

Hello,

We have AES CTR sample https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/aes_ctr/README.html which shows how to perform AES encryption and decryption using the CTR block cipher shows mode without padding and a 128-bit AES key.

To know about authenticated encryption and decryption, you also can look at AES CCM sample. It uses 128-bit key, additional data and a random nonce (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/aes_ccm/README.html)

Thanks.

BR

Kazi
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Kazi Afroza Sultana over 1 year ago in reply to Kazi Afroza Sultana

''just works mode'' ..does it mean there is built in encryption function?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jerome.sc over 1 year ago in reply to Kazi Afroza Sultana

Sorry, I should have added I'm using the nRF5 SDK 17.1.0, not nrf_connect_sdk. So I'm not sure if what you've added is applicable, although I do see examples on AES CTR and CCM for the nRF52833/ SDK17.1.0.

What I want to know is if there is already an inbuilt mechanism for changing the encrypted text for the same message.

In terms of the just works mode, I mean I have an open service/characteristic operating in just works mode, which isn't encrypted. Which is why I need to manually add the encryption. If I just use an encryption that doesn't change the encrypted text, anyone can sniff the packets and send the encrypted text, which is why I want it to change.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Kazi Afroza Sultana over 1 year ago in reply to jerome.sc

It requires some knowledge about cryptography to be implemented correctly.

There are some pitfalls involved in implementing this. Eg. if the AES CTR counter gets out of synch between the BLE nodes, it can make the recovery of the plaintext fail. So, we can recommend you try, and use built in encryption in BLE.

However, both AES CBC and AES CTR provides the encryption functionality you need. CCM may be a bit complicated for your goal.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Reply

+1 Kazi Afroza Sultana over 1 year ago in reply to jerome.sc

It requires some knowledge about cryptography to be implemented correctly.

There are some pitfalls involved in implementing this. Eg. if the AES CTR counter gets out of synch between the BLE nodes, it can make the recovery of the plaintext fail. So, we can recommend you try, and use built in encryption in BLE.

However, both AES CBC and AES CTR provides the encryption functionality you need. CCM may be a bit complicated for your goal.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Children

No Data