• State Verified Answer
  • Replies 3 replies
  • Subscribers 67 subscribers
  • Views 1774 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 103170
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Contradictory security parameters for MITM protection?

Eliot Stock

Am I right in thinking that these security parameters are contradictory in that for the peripheral (nRF51822) to provide MITM protection, there must be either IO capabilities or out of band capabilities?

#define SEC_PARAM_TIMEOUT                 30
#define SEC_PARAM_BOND                    1
#define SEC_PARAM_MITM                    1
#define SEC_PARAM_IO_CAPABILITIES         BLE_GAP_IO_CAPS_NONE
#define SEC_PARAM_OOB                     0
#define SEC_PARAM_MIN_KEY_SIZE            7
#define SEC_PARAM_MAX_KEY_SIZE            16

The Soft Device seems to have no problem in accepting them:

    err_code = sd_ble_gap_sec_params_reply(m_conn_handle,
                                           BLE_GAP_SEC_STATUS_SUCCESS,
                                           &m_sec_params);
    APP_ERROR_CHECK(err_code);
Parents
  • 0

    Hi Eliot,

    You are right in thinking that the parameters is contradictory. The softdevice will always select the correct method of pairing/bonding no matter what IO_CAPABILITIES and OOB is set to.

    If this is a problem for the application, he can respond with a status other than success in the sd_ble_gap_sec_params_resp and the stack will send a pairing failed instead.

    BR Pål

Reply
  • 0

    Hi Eliot,

    You are right in thinking that the parameters is contradictory. The softdevice will always select the correct method of pairing/bonding no matter what IO_CAPABILITIES and OOB is set to.

    If this is a problem for the application, he can respond with a status other than success in the sd_ble_gap_sec_params_resp and the stack will send a pairing failed instead.

    BR Pål

Children
Related