Need Information about Security Mode 2, Level 2: Authenticated pairing with data signing.

I don't think we have any example for this, security mode 2 is very little used and (afaik) very little supported. The problem with mode 2 is that it does not provide any benefit, it is intended to be used if you have an unsecure link and want to send some encrypted data for one single transfer. So it is slow way of sending data. All other communication is unencrypted. That is why it's very little used, I strongly recommend to secure the link and ensure all data is properly encrypted instead. You get the same security by having all communication using security mode 1 and level 3 or 4, this is widely supported by everyone.

I suggest to checkout: https://academy.nordicsemi.com/courses/bluetooth-low-energy-fundamentals/lessons/lesson-5-bluetooth-le-security-fundamentals/topic/security-models/ 

Kenneth

Hi Kenneth,

Thank you for the information. Both Security Mode 1 and Security Mode 2 provide security, so we have decided to compromise and use Security Mode 1, Level 3. Our plan is to implement passkey authentication, but we face a challenge as we lack a display and keyboard. We do, however, have a serial port option. Is it possible to enter the passkey through the serial port? If supported, could you please provide more details or a sample code? If not supported, kindly suggest an alternative approach.

Check out:

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/bluetooth/peripheral_cgms/README.html 

In step 4 you can see that the example print the passkey to the terminal.

Kenneth

Hi Kenneth,

In current configuration utilizing two nRF52840 development kits, where one board serves as the Central device and the other as the Peripheral device, we are aiming to establish a pairing connection with authentication without requiring user intervention, such as passkey entry. It's important to note that NFC pairing won't be supported in the final setup. I am seeking recommendations on how to achieve automatic authentication for the connection.

hemanth

Hi Kenneth,

In current configuration utilizing two nRF52840 development kits, where one board serves as the Central device and the other as the Peripheral device, we are aiming to establish a pairing connection with authentication without requiring user intervention, such as passkey entry. It's important to note that NFC pairing won't be supported in the final setup. I am seeking recommendations on how to achieve automatic authentication for the connection.

hemanth

Hello,

If you want to look at en example that implement passkey for both central and peripheral you can look at the hids keyboard example:

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/bluetooth/central_hids/README.html 
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/bluetooth/peripheral_hids_keyboard/README.html 

But if you want to achieve authenticated pairing, then you will need some kind of user interface. Else you may as well just use just works pairing.

Edit: If you own both sides of the link, you can just "fake" that you are using NFC, in other words, instead of using NFC to exchange an OOB, you can just have a fixed 128-bit OOB key for all devices, and it's only those devices that have the 128-bit OOB that can bond.

Kenneth

can you help me to share the more information about OOB Pairing with fixed 128-bit key. kindly share me the sample code for OOB pairing process.

I suggest to for instance look at the auth_oob_data_request() in main.c for peripheral_keyboard  and replace app_nfc_oob_data_get() with the 128-bit key you want to use. Similar on central you need to add the .oob_data_request callback in conn_auth_callbacks to handle such event.

Kenneth