This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Bonding without passkey is possible using nRF51822?

Hi,

I was wondering whether bonding between devices is possible without using a passkey.

I found a good documentation by Nordic Semi which illustrates all the bonding , pairing process in Message Sequence Charts.

By analysing them I concluded that Bonding between my nRF51822 peripheral can be done with the master iPhone without asking for a passkey. (Using just works)

Am I right with my findings (Is it possible to bond without key) ?

What all things I have to take care?

What are the demerits when I am using this (Security Issues)?

It has mentioned about storing peripheral keys, What exactly these keys contain?

(If this is not possible: Is there a way to implement this, like by storing same passkey in both devices) 

Please correct me wherever I found it wrong..

Regards, Mo

Parents
  • Yes, you can bond two devices without inputting any out-of-band keys. In that scenario, both the devices will agree to use a passkey equal to 000000. This can be done if you set the MITM bit to 0 (and preferably IO capabilities to "BLE_GAP_IO_CAPS_NONE" ). This is what the Bluetooth Spec calls "Just Works" as you already found out.

    When you pair without man-in-the-middle protection, you risk that someone might be able to listen to the session and save the negotiated keys used for future encryption. This allows an attacker to decrypt future communications easily. It's recommended to use OOB data for pairing if possible. If this is not available, passkey authentication can be made more secure by reducing the transmitting power during the bonding.

    There are multiple keys that can be exchanged, and I recommend reading either the Bluetooth Spec or external sources to better understand how these are used. The important ones are the:

    1. Encryption Information, which contains the Long Term Key the central will use together with ediv/rand to encrypt connections in the future.
    2. Identity Information, used for resolvable addresses and privacy.

    For some inspiration on how to accomplish this, you could take a look at the Bond Manager provided by the SDK.

  • Thanks a lot Ulrich for the reply,

    • The passkey you have mentioned '000000' which both devices will agree, Is this automatic or should we provide this in the code in both devices? Where can be the proper place in code" (Or this is done indirectly by setting MITM to 0 and IO capabilities to "BLE_GAP_IO_CAPS_NONE" )

    • In the second para , you have mentioned "If this is not available, passkey authentication can be made more secure by reducing the transmitting power during the bonding." But I am afraid it is again using a passkey.

    regards, Mo

Reply
  • Thanks a lot Ulrich for the reply,

    • The passkey you have mentioned '000000' which both devices will agree, Is this automatic or should we provide this in the code in both devices? Where can be the proper place in code" (Or this is done indirectly by setting MITM to 0 and IO capabilities to "BLE_GAP_IO_CAPS_NONE" )

    • In the second para , you have mentioned "If this is not available, passkey authentication can be made more secure by reducing the transmitting power during the bonding." But I am afraid it is again using a passkey.

    regards, Mo

Children
No Data
Related