This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Experimental NFC Pairing Example Question

Hi all,

I am learning about the security mode level in BLE. Understood that BLE 4.2 added additional method which is called numerical comparison.

  1. When I tried the experimental NFC pairing example, the OOB mode as well as the just work mode always shows security mode level 2, which is "Encrypted link required, MITM protection not necessary". How do I upgrade this to security mode level 4?
  2. Is there an example to use numerical comparison method?

Thank you

Handi

BUTTONS_M:INFO:LESC OOB MODE! BLE_M:INFO:Fast advertising. BLE_M:INFO:Advertising stopped. BLE_M:INFO:Connected. BLE_M:INFO:BLE_GAP_EVT_CONN_SEC_UPDATE BLE_M:INFO:Security mode: 2 BLE_M:INFO:BLE_GAP_EVT_AUTH_STATUS BLE_M:INFO:Authorization succeeded! BUTTONS_M:INFO:Terminating BLE connection. BLE_M:INFO:Disonnected BUTTONS_M:INFO:LEGACY JUST WORKS MODE! BLE_M:INFO:Fast advertising. BLE_M:INFO:Advertising stopped. BLE_M:INFO:Connected. BLE_M:INFO:BLE_GAP_EVT_CONN_SEC_UPDATE BLE_M:INFO:Security mode: 2 BLE_M:INFO:BLE_GAP_EVT_AUTH_STATUS BLE_M:INFO:Authorization succeeded!

Parents
  • Hi,

    first of all, pairing procedure triggered from NFC doesn't necessarily have to use the OOB pairing method. It is always up to the phone (or generally BLE Central device) whether or not to use the security data available in the NFC.

    So basically in your case, the phone performs the pairing, but it uses the Just Works method. It takes BLE device address, flags and BLE Role fields from the NFC tag and sends a Pairing Request with OOB flag cleared that's why it results with Security Mode 1, Level 2

    Starting from Android 7.1, the system uses the security information from the NFC tag to perform authenticated pairing (Out-of-Band pairing method). The security data can be:

    • Security Manager TK value (for Legacy Pairing, BT Core < 4.2)
    • Secure Connections Random and Confirmation values (for Secure Connections pairing, BT Core >= 4.2)

    Note that in case of Legacy Pairing, both devices must set the OOB flag (in Pairing Request and Response) to perform the OOB pairing. For LE Secure Connections to perform OOB pairing it is enough that at least one device sets the OOB flag (Pairing Request and/or Pairing Response).

    An example that uses Numeric Comparison is: examples\ble_central_and_peripheral\experimental\ble_app_multirole_lesc

Reply
  • Hi,

    first of all, pairing procedure triggered from NFC doesn't necessarily have to use the OOB pairing method. It is always up to the phone (or generally BLE Central device) whether or not to use the security data available in the NFC.

    So basically in your case, the phone performs the pairing, but it uses the Just Works method. It takes BLE device address, flags and BLE Role fields from the NFC tag and sends a Pairing Request with OOB flag cleared that's why it results with Security Mode 1, Level 2

    Starting from Android 7.1, the system uses the security information from the NFC tag to perform authenticated pairing (Out-of-Band pairing method). The security data can be:

    • Security Manager TK value (for Legacy Pairing, BT Core < 4.2)
    • Secure Connections Random and Confirmation values (for Secure Connections pairing, BT Core >= 4.2)

    Note that in case of Legacy Pairing, both devices must set the OOB flag (in Pairing Request and Response) to perform the OOB pairing. For LE Secure Connections to perform OOB pairing it is enough that at least one device sets the OOB flag (Pairing Request and/or Pairing Response).

    An example that uses Numeric Comparison is: examples\ble_central_and_peripheral\experimental\ble_app_multirole_lesc

Children
Related