Contradictory security parameters for MITM protection?

Question

Am I right in thinking that these security parameters are contradictory in that for the peripheral (nRF51822) to provide MITM protection, there must be either IO capabilities or out of band capabilities? 
 #define SEC_PARAM_TIMEOUT 30
#define SEC_PARAM_BOND 1
#define SEC_PARAM_MITM 1
#define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE
#define SEC_PARAM_OOB 0
#define SEC_PARAM_MIN_KEY_SIZE 7
#define SEC_PARAM_MAX_KEY_SIZE 16
 
 The Soft Device seems to have no problem in accepting them: 
 err_code = sd_ble_gap_sec_params_reply(m_conn_handle,
 BLE_GAP_SEC_STATUS_SUCCESS,
 &m_sec_params);
 APP_ERROR_CHECK(err_code);

Pål Håland · Accepted Answer

Hi Eliot, 
 You are right in thinking that the parameters is contradictory.
The softdevice will always select the correct method of pairing/bonding no matter what IO_CAPABILITIES and OOB is set to. 
 If this is a problem for the application, he can respond with a status other than success in the sd_ble_gap_sec_params_resp and the stack will send a pairing failed instead. 
 BR Pål

Contradictory security parameters for MITM protection?

Top Replies