BLE preshared PIN/key auth

RE: BLE preshared PIN/key auth

bgun — Thu, 05 Mar 2015 20:47:47 GMT

Hey, I'm working on a similar project, how did you managed to use the shared/generated key as the Temporary Key (TK) for the device? I am fairly new to BLE service creation and usage so I would greatly appreciate simple instructions, thanks in advance.

RE: BLE preshared PIN/key auth

Pål Håland — Wed, 27 Aug 2014 06:36:34 GMT

devzone.nordicsemi.com/.../a00303.html

RE: BLE preshared PIN/key auth

Lucas — Wed, 27 Aug 2014 03:44:19 GMT

enum BLE_GAP_OPTS { BLE_GAP_OPT_LOCAL_CONN_LATENCY = BLE_GAP_OPT_BASE, /< Local connection latency. */ BLE_GAP_OPT_PASSKEY, /< Set passkey to be used during pairing. This option can be used to make the SoftDevice use an application provided passkey instead of generating a random passkey.*/ BLE_GAP_OPT_PRIVACY, /**< Set or get custom IRK or custom private address cycle interval. */ };

RE: BLE preshared PIN/key auth

Pål Håland — Wed, 02 Jul 2014 08:11:00 GMT

With the latest softdevice www.nordicsemi.com/.../S110-SoftDevice-v7.0 you will be able to set a static passkey.

By using the API call sd_ble_opt_set() with the structure ble_gap_opt_passkey_t, then the passkey display event will come with the passkey you set.

RE: BLE preshared PIN/key auth

Emiliano Bonassi — Wed, 02 Jul 2014 01:05:05 GMT

Very interesting discussion. You found a resourceful solution but I need something different.

I need a static key written in my phone's app and in the nRF51422 rom. I don't have to change it in the future it will remain the same.

Then I will use it as key to start an encrypted comunication between the device and the mobile phone.

I know it is possibile to do that using Gap Peripheral Bonding: Passkey entry but the security is limited by the length of the pin. As I told you before, it can be a 4 or 6 digit number and a bruteforce attack is very easy.

I hope I have explained my issue better.

Anyway, I am going to evaluate your security scheme, the public/private key it's a solution. I let you update on my progress.

RE: BLE preshared PIN/key auth

Sai — Tue, 01 Jul 2014 21:39:38 GMT

Did you look at my discussion with Ulrich here? devzone.nordicsemi.com/.../

In my prototype, I used ECDH for shared key exchange and AES for encryption of heart rate data from the default heart rate service. It's quite simple really, just drop in the nano-ecc and tiny-AES code into your GATT service and use it to generate shared keys and encrypt data.

Of course, your app will have to know how to generate the same shared key using ECDH. Let me know if you want to talk more. I'm not a cryptographer and my interest in this was to build a PoC but I'd happy to help as best as I can.