Hi Nordic Team I am working on a BLE application using the nRF5 SDK 17.1.0 with Peer Manager configured for Security Mode 1 Level 4 . I am encountering an issue related to peer reconnection and secure pairing under the following circumstances: The Android app user deletes the pairing information. On re-connection it ask for pairing,the device is bonded again on another re connection, the device encounters the error PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING . Attempts to read the MAC address of the client device result in BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE , making it challenging to identify the exact peer. Request for Assistance: How can I delete the specific peer associated with the connecting client in this scenario using the nRF5 SDK? If peer-specific deletion is not feasible, can you suggest an alternative solution to handle this situation effectively while maintaining security?

Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING and Handling Peer Deletion in nRF5 SDK

_YOGI 2 months ago

Hi Nordic Team
I am working on a BLE application using the nRF5 SDK 17.1.0 with Peer Manager configured for Security Mode 1 Level 4. I am encountering an issue related to peer reconnection and secure pairing under the following circumstances:

The Android app user deletes the pairing information. On re-connection it ask for pairing,the device is bonded again on another re connection, the device encounters the error PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING.
Attempts to read the MAC address of the client device result in BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE, making it challenging to identify the exact peer.

Request for Assistance:

How can I delete the specific peer associated with the connecting client in this scenario using the nRF5 SDK?
If peer-specific deletion is not feasible, can you suggest an alternative solution to handle this situation effectively while maintaining security?

0 Hung Bui 2 months ago

Hi Sriyogesh,

If a bonded peer connected you should have an event from the PM module:
PM_EVT_BONDED_PEER_CONNECTED, /**< @brief A connected peer has been identified as one with which we have a bond. When performing bonding with a peer for the first time, this event will not be sent until a new connection is established with the peer. When we are central, this event is always sent when the Peer Manager receives the @ref BLE_GAP_EVT_CONNECTED event. When we are peripheral, this event might in rare cases arrive later. */

You then can use peer_id to delete the bond if it's failed to encrypt the link normally.

But I think the easiest if you want to allow re-bonding after the peer delete bond is to enable allow_repairing in pm_conn_sec_config_reply(). See her:RE: SDK15 paring problem

This will allow the phone to re-bond after the bond information has been removed.

The trade off is that this will allow an attacker to spoof you phone and can establish a new bond to your device (pretending that the phone has lost its bond). This will delete the original bond and allow the attached to bond with your device. You can think of having a physical button to allow this mode or not.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel