https://devzone.nordicsemi.com/f/nordic-q-a/30793/what-could-be-better-for-security-encryption-and-authentication-passkey-vs-pkiHi guys I am wondering what could be better for my system: Multiples nRF52 central and peripherals (uart input/uart output to simulate keyboard and display) SDK 13 Required: MITM, eavesdrop protection What is more recommended use peer manageren-USTelligent Community 13Tue, 27 Feb 2018 10:15:29 GMThttps://devzone.nordicsemi.com/thread/122101?ContentTypeID=1Tue, 27 Feb 2018 10:15:29 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2e982ac9-ad88-4f06-bcd7-a0cde3773423Rune Holmgren<p>Hi,</p> <p>Yes, both approaches offer MITM protection when a central and peripheral connect for the first time and pair and bond (All BLE bonds are secure once the bonding is complete, so reconnection is not something you need to worry about).</p> <p>A pre-shared key is an example of OOB (Out of band) pairing. That might sound a bit strange, but essentially you are using the&nbsp;production setup in your factory as the medium to share keys. You do not want to have the LTK or any BLE bonding data pre-shared, but rather just a key at some location in flash which can be used in a regular OOB pairing. The nRF5 SDK has an example showing OOB pairing over NFC (examples\ble_peripheral\experimental\ble_app_hrs_nfc_pairing), so if you have a look at how the pairing in that example works and strip away the NFC specific parts you have a good idea of how this should be done. You may also want to read up on the SoftDevice documentation.&nbsp;<a href="https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.s132.api.v5.0.0%2Fgroup___b_l_e___g_a_p___f_u_n_c_t_i_o_n_s.html&amp;anchor=ga7253ccd230ed0db81e25e30fd6590cf9">sd_ble_gap_lesc_oob_data_set</a>&nbsp;seems like a good place to start.</p> <p>A point I forgot to mention in my last message is that you should consider the logistics of your manufacturing. LESC is an advantage in that all devices you make are identical and can be put two and two in their boxes without any further logistics. With pre-shared keys, you need to ensure that each pair of devices gets flashed with a slightly different firmware and placed as a pair in their box.</p> <p>Best regards,<br />Rune Holmgren</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/121836?ContentTypeID=1Fri, 23 Feb 2018 17:05:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d8a31667-fec9-4e6c-a1c9-5dd602b57305Lezto22<p>Hi <span>Holmgren, thanks for the reply.</span></p> <p><span>LESC using random passkey and pre-shared key both can offer protection against passive eavesdropping and MITM during connection/reconnection between a central and peripheral?</span></p> <p><span></span></p> <p><span>is there any example on the SDK with&nbsp;pre-shared key approach?</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/121809?ContentTypeID=1Fri, 23 Feb 2018 14:23:25 GMT137ad170-7792-4731-bb38-c0d22fbe4515:22843117-29ff-4314-a353-605b7618f5aeRune Holmgren<p>Hi,</p> <p>Which one you prefer is the deciding factor here. Both LE Secure Connections&nbsp;and pre-shared&nbsp;keys are equally secure and offer MITM and eavesdrop&nbsp;protection. LESC is more flexible since it allows units to be paired after the devices are shipped, while the pre-shared key approach is simpler for an end users who just want things to work out of the box.</p> <p>Best regards,<br />Rune Holmgren</p><div style="clear:both;"></div>