Bonding without passkey is possible using nRF51822?

Question

Hi, 
 I was wondering whether bonding between devices is possible without using a passkey. 
 I found a good documentation by Nordic Semi which illustrates all the bonding , pairing process in Message Sequence Charts. 
 By analysing them I concluded that Bonding between my nRF51822 peripheral can be done with the master iPhone without asking for a passkey. (Using just works ) 
 Am I right with my findings (Is it possible to bond without key) ? 
 What all things I have to take care?

What are the demerits when I am using this (Security Issues)?

It has mentioned about storing peripheral keys, What exactly these keys contain?

(If this is not possible: Is there a way to implement this, like by storing same passkey in both devices) 
 
 Please correct me wherever I found it wrong.. 
 Regards,
Mo

Ulrich Myhre · Accepted Answer

Yes, you can bond two devices without inputting any out-of-band keys. In that scenario, both the devices will agree to use a passkey equal to 000000. This can be done if you set the MITM bit to 0 (and preferably IO capabilities to "BLE_GAP_IO_CAPS_NONE" ). This is what the Bluetooth Spec calls "Just Works" as you already found out. 
 When you pair without man-in-the-middle protection, you risk that someone might be able to listen to the session and save the negotiated keys used for future encryption. This allows an attacker to decrypt future communications easily. It's recommended to use OOB data for pairing if possible. If this is not available, passkey authentication can be made more secure by reducing the transmitting power during the bonding. 
 There are multiple keys that can be exchanged, and I recommend reading either the Bluetooth Spec or external sources to better understand how these are used. The important ones are the: 
 
 Encryption Information, which contains the Long Term Key the central will use together with ediv/rand to encrypt connections in the future. 
 Identity Information, used for resolvable addresses and privacy. 
 
 For some inspiration on how to accomplish this, you could take a look at the Bond Manager provided by the SDK.

Bonding without passkey is possible using nRF51822?

Top Replies

core_v2_widget.Hide()