Accept only security level 4 and bonding attempt

RE: Accept only security level 4 and bonding attempt

Maria Gilje — Tue, 24 Oct 2023 11:52:13 GMT

Enabling CONFIG_BT_NUS_AUTHEN will configure the security level to be level 3. To ensure level 4 security, you need to configure the _perm field of BT_GATT_CHARACTERISTIC to be BT_GATT_PERM_WRITE_LESC.

[quote user="mmm"]Do you think this is a proper solution, or is better to copy the code and add proper auth level, that in my case level 4 should be `BT_GATT_PERM_WRITE_LESC`, correct?[/quote]

It is up to you, but I recommend that you set up the service with the security level you need instead of using an if statement in security_changed().

RE: Accept only security level 4 and bonding attempt

mmm — Thu, 19 Oct 2023 11:42:31 GMT

Thanks,

I got the time to look into the examples and I saw it is changing directly the GATT, that i have no access as i am using a "premade" BT_NUS GETT service.

But looking at the code i noticed it has the option CONFIG_BT_NUS_AUTHEN (https://github.com/nrfconnect/sdk-nrf/blob/main/subsys/bluetooth/services/nus.c)

and that seems to enable required AUTHEN, so that together with an if in `security_changed` that log out anything that is not level 4 seems to do the trick.

Do you think this is a proper solution, or is better to copy the code and add proper auth level, that in my case level 4 should be `BT_GATT_PERM_WRITE_LESC`, correct?

RE: Accept only security level 4 and bonding attempt

Maria Gilje — Fri, 22 Sep 2023 11:33:14 GMT

Hello,

Thank you for your patience.

[quote user="mmm"]Thanks, I read the lesson but it does not explain how to secure from connection that are not encrypted.[/quote]

A new connection will always start at level 1, and a pairing procedure will upgrade the connection to the security level related to the pairing method. Exercise 1 covers how to implement level 4 security from step 8. Make sure that you have done the changes in steps 4 and 5 as well.

[quote user=""]Is there a better way to handle this?[/quote]

You can add a security requirement to the Permissions field of an attribute. Connections with a lower security level than the _perm parameter of BT_GATT_CHARACTERISTIC will not be able to access the attribute.

BR,

Maria

RE: Accept only security level 4 and bonding attempt

mmm — Thu, 07 Sep 2023 11:41:32 GMT

Hi Maria,

Thanks, I read the lesson but it does not explain how to secure from connection that are not encrypted.

There is a reference to the white list system, the problem with that is, from my understanding, such list cannot be updated while the BT is already in advertising, so it would not be possible to add a new Central; also if it would be possible, how to deal if the new client connect but then does not exchange key and update to security level 4

RE: Accept only security level 4 and bonding attempt

Maria Gilje — Wed, 06 Sep 2023 08:07:42 GMT

Hello,

I am very sorry for the delay.

Have you been able to resolve your issue in the meantime?

If not, lesson 5 of the Bluetooth Low Energy Fundamentals course covers security in Bluetooth LE communication. Pairing, bonding and Filter Accept lists are amongst the covered topics.

BR,

Maria

RE: Accept only security level 4 and bonding attempt

Maria Gilje — Tue, 15 Aug 2023 14:44:06 GMT

Hello mmm,

I have been assigned your ticket, and I will get back to you soon with more information.

Best regards,

Maria