• State Not Answered
  • Replies 2 replies
  • Subscribers 64 subscribers
  • Views 126 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 326462
Options

Zephyr and Security for BLE

jw3012

We're currently working to develop a peripheral using nRF52840 and Zephyr.

We need to meet some pretty critical requirements and leverage as much security. I've reviewed a lot of articles and found two that somewhat answered my questions on BLE security:

A Basic Introduction to BLE 4.x Security

Bluetooth Security Primer – Classic + BLE Guide

My question is how to implement this in Zephyr on the nRF52840. Some of the code I found for security doesn't seem to actually use Level 4 of security which is what I probably need to use.

Is there example code on securing the nRF52840 with Zephyr at this level?

Our device has a small display but no keyboard. So far I've been trying to put code together from multiple parts but I'm getting errors and all kinds of issues. How do I verify this?

  • 0

    Hello,

    I would also recommend having a look at our "Bluetooth Low Energy Fundamentals course at https://academy.nordicsemi.com/courses/bluetooth-low-energy-fundamentals/lessons/lesson-5-bluetooth-le-security-fundamentals/ since it includes more details specific to the nRF Connect SDK/ Zephyr implementation. 

    The Bluetooth: Peripheral UART  sample supports the numeric comparison pairing method with LE secure connections out-of-the-box. If you want to enable passkey pairing instead, you can simply remove the 'passkey_confirm' callback here:

    static struct bt_conn_auth_cb conn_auth_callbacks = {
	.passkey_display = auth_passkey_display,
	//.passkey_confirm = auth_passkey_confirm, // comment this line to disable numeric comparison
	.cancel = auth_cancel,
};

    Both methods will provide Security Level 4, provided that the central device supports LESC.

    The passkey generated by the BT stack will be passed to the 'auth_passkey_display' callback. It's just printed out in the debug log in this example, but you can modify the callback so that the passkey will be displayed on your screen instead.

    Additional configurations you may add to the prj.conf file:

    # Increase the security level of the Nordic UART service characteristics to require pairing with authentication.
CONFIG_BT_NUS_AUTHEN=y
# Enable logging over UART. 
CONFIG_LOG_BACKEND_UART=y

    Best regards,

    Vidar

    Debug log after successful pairing:

Related