Is there any way to reject GZP System Address Request?

I'm using the nRF52840 and Gazell Pairing (GZP) to develop a device network.

Because I need bi-directional communication, I am not using GZP's encryption feature, as it does not support host-to-device communication when encryption is enabled.

When encryption is enabled, I can reject a Host ID request. However, in plaintext mode, communication is established as long as the System Address Request succeeds, and there doesn't seem to be a way to reject it. This means that any device can pair with the host and send packets at any time. I can't implement a "pairing mode" vs. "normal mode" behavior.

Is there any way to accept or reject a System Address Request in GZP? Alternatively, is there a way to enable host-to-device communication while still using encryption?

  • Hi Kiterai, 
    You are correct that when using encryption it's not possible to send ACK back as the ACK is used to send the AES counter. See here: Gazell bi-directional communication between paired devices

    As far as I remember in the HID application (the main use case for Gazell pairing) we use a unencrypted channel to send data from the host to the device , for example to turn on Caplock. 

    How do you assign the unencrypted pipe to the devices ? Can you reject a packet from a pipe that has not been assigned ? 

    As far as I know there is no encryption or protection in Gazell link layer to avoid unwanted device to send a message or to know the channel mapping. So it doesn't mater if you can reject System Address Request, an attacker an always listen to a channel and get the address and the timing of the channel to transmit data. 

    I'm thinking of you may need to implement another layer of encryption on the unencrypted pipe. We didn't have this problem because on the HID application the opposite direction was not very critical (to send CAPLOCK, NUMLOCK to the keyboad). 

Related