Questions about BLE multirole LESC

RE: Questions about BLE multirole LESC

Hung Bui — Mon, 27 Mar 2017 11:46:16 GMT

There are many different ways your device can recognize each others. Could be with the advertising device name.

If you want to have some more secure, you can think of using a "password" type, where one can check if the other side has the password by sending a random value "nonce" and the one who enter the network will have to send an encrypted value base on that "nonce" and the common hardcoded password. The sender will check if the return encrypted value match with what it expects. If not, it can disconnect the connection.

RE: Questions about BLE multirole LESC

Fabien Comte — Mon, 27 Mar 2017 09:16:41 GMT

I do a self organized scatternet mesh (see at http://fabiencomte.tumblr.com/ and fabiencomte.tumblr.com/.../voici-une-démonstration-dune-visualisation-qui) for industrial application. A devices discover automatically other devices around and create connections. I want to limit scatternet access to trusted devices that's why pre shared key looked interesting for me but if you can propose me something else i am interested.

RE: Questions about BLE multirole LESC

Hung Bui — Mon, 27 Mar 2017 07:45:37 GMT

Yes the key is unused because in our firmware it's generated randomly. Bluetooth spec prohibit using pre-generated key pair unless you use DEBUG key for debugging purpose.

I still don't understand what exactly you want "I have a system that find devices around (not always the same) and i don't need to save bounds. How can i do that ?"

I assume you meant "save bonds". If you don't want to save bond, you can turn of bonding, only pairing will be used. Just set SEC_PARAMS_BOND = 0 in main.c

RE: Questions about BLE multirole LESC

Fabien Comte — Fri, 24 Mar 2017 19:41:11 GMT

I have seen this key but it looks unused ?

I have a system that find devices around (not always the same) and i don't need to save bounds. How can i do that ?

Thank you for your help.

RE: Questions about BLE multirole LESC

Hung Bui — Fri, 24 Mar 2017 13:02:03 GMT

Using static private key is not supported by spec unless you use the DEBUG key , only for debugging purpose. It's mentioned main.c in the example, please look for "LESC_DEBUG_MODE"
Maybe you got the wrong impression of what LE Secure Connection is. It's a way to do bonding securely. Meaning exchanging a LTK to be used for encryption in a secure way. It's not like you have a secret key and the peer need to have the same key to be able to connect. It's like you have one random generated key and your peer has another random generated key, you use these 2 keys in a secured way to generate the common key. After that you use the common key to encrypt the link. You can, however, to limit the connection to only bonded device, this way all devices that haven't bond to you can not connect to your device.
"how can i avoid to store bounds ?" What do you mean ?