Hi,
Let's say I have a door lock module without user interface... no keys nor display but with bluetooth peripheral module. The user pays is room via the application then gets a token to use on this door. the token is transfered from the mobile app to the door via bluetooth and the door is unlocked.
A lot of centrals could connect to this peripheral, one after the other obviously.
The peripheral as no IO capability.
A valid central device, will know static information about the peripheral it needs to connect to. (ie a serial number not accessible via bluetooth)
What strategy should be used to prevent malicious applications to access the peripheral.
I see potential problems with:
- Eavesdropping and replay attacks
- MITM and replay attacks
- DOS, if an invalid central connects to the peripheral, this peripheral won't be visible for a valid central.
We are currently using security mode 1 level 2. So from my understanding the data is encrypted, but if someone had listened to the connection setup he would be able to decrypt the messages.
I was thinking of increasing this to mode 1 level 3 or mode 2 level 2. And using the OOB structure with the Serial to prevent the keys from being exchanged at pariring.
Am I on the right track? Is there other security issues I should be aware of?
What is the best way to go?
Thanks,