• State Not Answered
  • Replies 3 replies
  • Subscribers 71 subscribers
  • Views 3563 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 115007
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE_GAP_EVT_SEC_INFO_REQUEST what if keys mismatch?

Valer_I

Hello all,

Lets assume that central bonded with nRF51822 peripheral and than disconnected. If bond is saved on peripheral- ok, cental send BLE_GAP_EVT_SEC_INFO_REQUEST and will receive sd_ble_gap_sec_info_reply with stored LTK from peripheral. But if peripheral didn't saved bonding context after disconnection the central will request BLE_GAP_EVT_SEC_INFO_REQUESTeach time on reconnection and peripheral will respond sd_ble_gap_sec_info_reply with NULLs. Connection will be broken with reason BLE_HCI_CONN_FAILED_TO_BE_ESTABLISHED or BLE_HCI_CONN_TERMINATED_DUE_TO_MIC_FAILURE (as I experienced).

The question is: Whether it possible to notify central in some way that bond is lost on peripheral and not to sent BLE_GAP_EVT_SEC_INFO_REQUEST but BLE_GAP_EVT_SEC_PARAMS_REQUEST or BLE_GAP_EVT_CONN_SEC_UPDATE to reestablish new keys?

Parents
  • 0

    Hi Valer,

    It's up to the central to decide what to do when the peripheral replied with NULL when requested security (LL REJECT IND: Pin or Key Missing). According to this message sequence chart, you will receive an BLE_GAP_EVT_CONN_SEC_UPDATE with the current security mode. You can check if you receive that event and the security mode is still mode 1 level 1 (Open link). You can determine that it's the peripheral missing the key and consider what to do next.

    Please be aware that if you simply try to rebond after that, there is a security hole that attacker can spoof that his device is your peripheral and tell the central the it lost its LTK and request a new bonding. By doing that either he can bond to your device, or can delete the original bond information on the central and can force you to rebond with your peripheral (by which he can sniff the bonding process).

  • 0 in reply to Hung Bui

    My case is link variant 2 or 3. After app send sd_ble_gap_sec_info_reply and received from SD NRF_SUCCESS the connection state uncertain for me. In variant 2: if SD checks NULL keys, why it respond to app with NRF_SUCCESS and than send to central LL Reject IND? In variant 3: Connection termination is up to central (as I experienced, it not allways terminates, but hangs in connected state). Now I do not afraid of security issues because I transfer signed data. My idea is to send sd_ble_gap_authenticate from peripheral side to update keys but I'm looking for triggering event.

Reply
  • 0 in reply to Hung Bui

    My case is link variant 2 or 3. After app send sd_ble_gap_sec_info_reply and received from SD NRF_SUCCESS the connection state uncertain for me. In variant 2: if SD checks NULL keys, why it respond to app with NRF_SUCCESS and than send to central LL Reject IND? In variant 3: Connection termination is up to central (as I experienced, it not allways terminates, but hangs in connected state). Now I do not afraid of security issues because I transfer signed data. My idea is to send sd_ble_gap_authenticate from peripheral side to update keys but I'm looking for triggering event.

Children
No Data
Related
Terms of service