Security feature in Bluetooth Protocol of nrf 8001

You can use a passkey with the nRF8001, as defined by the Core Specification. To do this, you must make sure to set the I/O capabilities to either have a Display or a Keyboard in nRFgo Studio, and then make sure that your application responds to the DisplayKeyEvent or the KeyRequestEvent.

You can take a look at the Core Specification, Volume 3, Part H, section 2.3.5.1 to see what kind of authentication method is used, based on the I/O capabilities of the devices bonding.

Beware that even when using a passkey, it's trivial for an eavesdropper listening in on the bonding to pick up the data of the packets. However, any eavesdropper that does not listen in on the bonding process will not be able to read data later, no matter if a passkey is used or not. A passkey only protects against active man-in-the-middle attacks.

Edit: Clarify in which specification.

You can use a passkey with the nRF8001, as defined by the Core Specification. To do this, you must make sure to set the I/O capabilities to either have a Display or a Keyboard in nRFgo Studio, and then make sure that your application responds to the DisplayKeyEvent or the KeyRequestEvent.

You can take a look at the Core Specification, Volume 3, Part H, section 2.3.5.1 to see what kind of authentication method is used, based on the I/O capabilities of the devices bonding.

Beware that even when using a passkey, it's trivial for an eavesdropper listening in on the bonding to pick up the data of the packets. However, any eavesdropper that does not listen in on the bonding process will not be able to read data later, no matter if a passkey is used or not. A passkey only protects against active man-in-the-middle attacks.

Edit: Clarify in which specification.

What volume 3, Part H, section 2.3.5.1 to see?

Sorry, I meant in the Bluetooth Core Specification. You can find that here: https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737

Actually what i want is that my module should only connect with one iPhone in every case. Suppose if any other iphone wants to connect with my peripheral(module) then it should not connect that iPhone or any other central device. How can i achieve this? How can check within nRF 8001 SDK that this is the authorised iPhone to which i can connect?

I have read in pdf that you gave to me, but i can't understand it fully. Can you just tell how can i address the above problem?

What you want is easiest to achieve by using a whitelist, but this is unfortunately not possible on the nRF8001. However, if another device than the one you're bonded with connects, you will pretty quickly see a disconnect event with a specific error code.

Also, you don't have to use a unique id in the advertisement or name to achieve this. On the iOS side you can store the CBPeripheral, and then just issue a connect to this instead of doing a scan and connecting to any other device.

Hi Ole

Actually the problem is bigger that this.. i can save the peripheral and will always connect with that particular peripheral only.. but suppose if some third party app comes(hacker) then it can also scan my module through its own particular iPhone application and then connect with my module if mine iPhone is not connected at that time.And this can be easily done by any third party iPhone app.

I am thinking about this particular case,thats why i was asking how to check in nRF 8001 Arduino sdk side that which iPhone is authentic and which is not?

Can you tell me how to disconnect the connection from nRF 8001 side like in iPhone i call -cancelPeripheralConnection function and the connection b/w the iPhone and nRF 8001 is disconnected. If i can disconnect the connection b/w the above two from nRF 8001 SDK side then i can solve this problem through some logics. Can you tell how to do this or which function should i call from nRF 8001 side that can disconnects the connection?