How to avoid MITM attacks?

Question

Hi, 
 I need protection against the MITM attack, what should I modify in heart rate example? Actually, I change the characteristics to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM() and I use the sniffer to listen the transfer data, the result I read is garbled code,is it normal behaviour? These garbled code can be decoding by the attackers? I also change the characteristics of BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(). Unfortunately, the result of MCP shows "Insufficient Authentication", how do I test this function? Do you have any example related to MITM? 
 Thank you.

Ole Morten · Accepted Answer

You can avoid MITM attacks by using a passkey or out-of-band bonding. You can refer to the ble_app_gls for an example of how to use a passkey, but we don't have any examples showing how to do OOB bonding, since there are no common Centrals in the market that supports this out of the box. 
 In summary, to use a passkey for bonding, you need to set the mitm flag in ble_gap_sec_params_t, and make sure you have some way to either show a passkey to a user, or let the user enter a passkey on your device. This must be set as the io_caps field of the same struct. You can refer to the table in Volume 3, Part H, section 2.3.5.1 in the Core Specification for the resulting behavior given a set of I/O capabilites. 
 Finally, to make sure that a characteristic is only readable over a link that is MITM protected, you can use BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(). Doing so will make sure that the softdevice returns INSUFFICIENT_AUTHENTICATION for any operation happening over a less secure link, for instance using Just Works secuirty. 
 ble_app_gls uses the display of the nRFgo Starter kit to show a passkey, that you as a user then have to enter on the Central device. It could be argued that this is a kind of out-of-band mechanism, but the passkey is just six digits, as opposed to a 128-bit number with proper OOB. Since the passkey is so short, it's trivial for an attacker that listens in on the bonding process to brute force the passkey used, and this can be done by most BLE sniffers out of the box. 
 Hence, if you want security also against eavesdroppers, you either need to use full OOB bonding (but this isn't possible with most common Central devices), or you need to make sure bonding happens in a secure environment without eavesdroppers.