https://devzone.nordicsemi.com/f/nordic-q-a/18766/securing-ble-deviceHi, on NRF51 BLE peripheral I want to implement authentication, so only selected BLE masters have access to my BLE peripheral. There is a password known to BLE peripheral and BLE master. In secure environment BLE master writes password toen-USTelligent Community 13Thu, 05 Jan 2017 08:19:11 GMThttps://devzone.nordicsemi.com/thread/72479?ContentTypeID=1Thu, 05 Jan 2017 08:19:11 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5fdd7e80-a43f-49fc-959c-3a02a29de7a7Petter Myhre<p>Yes, a static passkey can be bruteforced in a hostile environment. It is up to you, anyways, this got a bit cluttered, is there anything specific I can help you with?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72478?ContentTypeID=1Thu, 05 Jan 2017 08:10:11 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3e5d4f6b-4b90-4961-9d63-90c4ece4d88fgaminn<p>I mean 6 digits passkey can be bruteforced easily. But maybe I can live with the passkey as long as bad passkey entry means my BLE peripheral will ignore any connections for several tens of seconds after that so the bruteforce attack takes very long time.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72480?ContentTypeID=1Thu, 05 Jan 2017 07:46:57 GMT137ad170-7792-4731-bb38-c0d22fbe4515:533df1cf-cac0-49b9-96c4-0188c5bc89abPetter Myhre<p>I don&#39;t understand, if we assume we pair in a secure environment, there is no hacker there.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72475?ContentTypeID=1Wed, 04 Jan 2017 15:10:11 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c1eff249-f809-41cf-86cb-8c037e3ae0d4gaminn<p>Yes, but the passcode has only 6 digits, so it can be hacked quite easily.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72476?ContentTypeID=1Wed, 04 Jan 2017 13:06:18 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9961e37e-0409-4319-93ae-25bca834b444Petter Myhre<p>If you pair in a secure environment passkey pairing is secure.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72474?ContentTypeID=1Wed, 04 Jan 2017 12:49:41 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6c459ff7-244e-4b83-9011-fe25c037e491gaminn<p>I don&#39;t consider passkey pairing to be secure. What I considered was OOB pairing but Android smartphone will connect to the peripheral and I think it is not possible to use OOB on Android (at least without NFC - my peripherals don&#39;t have NFC). Also BLED112 on standard PC will connect to the peripherals.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72473?ContentTypeID=1Wed, 04 Jan 2017 12:33:26 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6e92129e-e527-40ad-93db-e2217e06f241Petter Myhre<p>Sorry, I missed the secure environment part. Then it can work, but maybe you can use passkey pairing for this? And if the peripheral doesn&#39;t have any IO you can consider using static passkey. What kind of centrals will connect to the peripheral? Smart phones? Or something else?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72472?ContentTypeID=1Wed, 04 Jan 2017 12:11:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:964ced54-bdf7-4f83-81c2-9a365258247dgaminn<p>It is simple - initially, the password is sent in secure environment. Subsequently, the connection is established using stored bonding information. I want only authorized users who were given the password to read/write to BLE peripheral. Or is there a better solution?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/72477?ContentTypeID=1Wed, 04 Jan 2017 10:55:38 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5d1cb3e6-9397-4e35-8f22-ab8c7b5e9a86Petter Myhre<p>It is not very hard to implement this, but it doesn&#39;t sound very secure. If you send the password over the air unencrypted anyone can get the password and use it later. Could you explain a bit more in regards to what you want to achieve with this?</p><div style="clear:both;"></div>