Immediate Alert Service not working without security

Hi all,

On SDK 15.0, Immediate Alert Service is not working without a secured BLE link. When peripheral is not paired, this latter doesn't receive any alert from central device.

However, according to BLE specifications, security is not mandatory for this service and its characteristic. This seems to be an issue in SDK 15.0.

In ble_ias.c, changing BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm) to BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm) solved my issue.

Best regards,

Joris

Top Replies

Einar Thorsrud over 6 years ago in reply to Joris Roussel +1 verified

No, I cannot see that you have to adhere to the fulfill Find Me Profile specifications just because you are using the Immediate Alert Service, but that justifies that the default SDK implementation requires…

Parents

0 Einar Thorsrud over 6 years ago

Hi Joris,

The security is specified at the profile level, not for the service or characteristic itself. So for example, the Find Me Profile specification says the following about security:

This section describes the security requirements for a Find Me Target and Find Me Locator for LE transport. Since there are no topology restrictions imposed by this profile, the requirements are described in terms of GAP Peripheral role (referred to as the Peripheral) and GAP Central role (referred to as the Central).

The Peripheral shall support LE Security Mode 1 and Security Levels 2 or 3. The Peripheral should use the SM Slave Security Request procedure only when bonded with the Central to inform the Central of its security requirements.

The Central shall support LE Security Mode 1 and Security Levels 2 and 3.The Central should accept the LE Security Mode and Security Level combination requested by the Peripheral.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Einar Thorsrud over 6 years ago

Hi Joris,

The security is specified at the profile level, not for the service or characteristic itself. So for example, the Find Me Profile specification says the following about security:

This section describes the security requirements for a Find Me Target and Find Me Locator for LE transport. Since there are no topology restrictions imposed by this profile, the requirements are described in terms of GAP Peripheral role (referred to as the Peripheral) and GAP Central role (referred to as the Central).

The Peripheral shall support LE Security Mode 1 and Security Levels 2 or 3. The Peripheral should use the SM Slave Security Request procedure only when bonded with the Central to inform the Central of its security requirements.

The Central shall support LE Security Mode 1 and Security Levels 2 and 3.The Central should accept the LE Security Mode and Security Level combination requested by the Peripheral.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Joris Roussel over 6 years ago in reply to Einar Thorsrud

Hi Einar,

Thanks for your answer.

I understand that Find Me Profile uses Immediate Alert Service and ask for BLE security.
But, in the other way, does that mean that the use of Immediate Alert Service implies the obligation to fulfill Find Me Profile specifications ?

I am working on a custom profile which will use different standard (including IAS to send immediate alerts) and vendor specific services.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Einar Thorsrud over 6 years ago in reply to Joris Roussel

No, I cannot see that you have to adhere to the fulfill Find Me Profile specifications just because you are using the Immediate Alert Service, but that justifies that the default SDK implementation requires security. You are free to modify it to be open (as you have done).
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Joris Roussel over 6 years ago in reply to Einar Thorsrud

OK, thanks for your answer.

Thought I always tell my customers it's a bad thing to modify a SDK (except to patch a bug), I did it for my project :-)

In my humble opinion, I would say SDK should fulfill the minumum requirements of BLE and remove any security level which is not mandatory in the specs. Nordic could then make it configurable, as for Battery Service, to give more freedom in the use of SDK with respect to BLE specs.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel