How to make a BLE device can only connect to a special BLE device

Connecting to a device and accessing its data are two different things. Even though peripheral C is able to connect to central A, this doesn't mean that it is able to access the data of central A. For peripheral C to access the data of central A the connection between them must have the necessary security level. Data may require that the connection is encrypted, and it may require that the peer is authenticated, before it can be accessed.

If you don't want to distinguish peripheral B from peripheral C before you connect, I believe the only option is to use whitelisting on the central and use resolvable private addess type on peripheral B. This means that central A can resolve the address of peripheral B even though it's private. The actual device address changes periodically, typically every 15 minutes, and it can be resolved by using an Identity Resolving Key (IRK). If peripheral B uses this address type it can distribute it when it bonds to central A. Then the peripheral B will generate its device address using the shared IRK, and the central A can resolve the device address to identify his trusted device.

However, if C has scanning capabilites, it can scan for peripheral A's advertising packets and mimic them. It is difficult to guarantee that central A never will connect to peripheral C, but you can guarantee that it will not be able to access its data, and you with whitelisting you make it more difficult to mimic peripheral B.