• State Verified Answer
  • Replies 5 replies
  • Subscribers 62 subscribers
  • Views 5450 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 101703
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Change Characteristics' Read/Write Permissions While Connected

Nathan Hill

Greetings, and thank you ahead of time to anyone willing to lend some advice.

I'm implementing application-layer security by requiring central devices to supply a user-configurable password. This is being done in order to maintain compatibility with a security scheme used to connect to the device through means other than BLE. Once a valid password has been supplied to the peripheral, certain characteristics will be changed from being completely inaccessible to read / write or from read-only to read / write, depending on the characteristic. I know this kind of functionality can be achieved through read / write authorization, however this would require that the security state be analyzed at each read / write event. What I wish to do is set the characteristics' read / write permissions to their appropriate levels at once when a valid password is supplied (similar to how they are assigned when initially adding the characteristics). However, I have so far been unable to determine a way to accomplish this. Is this behavior possible with the S110 soft device? If so, do you know how I can access the data structures that must be manipulated to accomplish this? Thanks!

EDIT: I forgot to mention that the connection between the peripheral and central cannot be broken while changing the read / write permissions.

Parents
  • 0

    What you want is in itself not currently possible, since you can't change already added services or attributes. However, I think there are at least two possible ways to work around this:

    1. Don't use the data you receive in the events, or populate the GATT Table with valid data before the peer device has been authenticated. Since all the activities done from the Peripheral side is controlled from the app, the only result of this should be that an attacker would be able to read 0s or write random data, but which will have no effect.

    2. Don't add the protected services before the peer device have been authenticated. Although you can't change already added services, you can add new services, so if you start off with just the authentication service, you could add the other services only after authentication have passed. Beware that you'll most likely have to send a Service Changed indication to the peer device for this to work properly, to let the Central know that new the GATT Table have changed.

  • 0 in reply to Ole Morten

    Hello. Is this still true with SD130 and SDK 11 ? Can I connect and do pairing and bonding and then perform an app level authentication and then add a service or chars ?. My experience is that when I add chars to my app, i have to reset bonding and pairing on both sides to be able to bond again and discover the new services. I am using the device manager, not peer manager.

Reply Children
No Data
Related