• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 1 reply
  • Subscribers 75 subscribers
  • Views 809 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 214888
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Security in BLE with no connection.

mich_x

Hi, I am having a problem related to BLE security.

My application model is a nearby network with no connection using BLE. My plan is using advertisement channels to broadcast public information while use filtered scan response mechanism to deliver secure messages.

I have read the documentation but I don't quite understand all the privacy settings in the softdevice. Here are some questions I have:

1. What is in the whitelist for private advertising? Is the approved device addresses are in the whitelist?

2. If I am using whitelist plus IRK encryption, what should I put in the whitelist to send only secured scan response?

3. How does the stack ensure the safety of the secure scan response? i.e. If I only send scan response to device A and no response to device B, can device B still sniff the scan response from the air? Is the data payload encrypted?

Jie

Parents
  • 0

    Hi Jie,

    A whitelist will restricts which peers are allowed to connect to your device. To construct a whitelist, you must provide a list of peer IDs. The whitelist will contain the identity addresses + the IRKs of the specified peers. This whitelist can then be provided to the advertising module and be used during advertising, so the application specifically advertises to the devices that are on the whitelist.

    But I am not sure what you mean with secured scan response. The content of a scan response is not encrypted. IKR is use for recognizing resolvable addresses, so if a device have bonded before and interchanged a IRK key you will be able to recognize the address again.

    Best Regards,

    Marjeris

Reply
  • 0

    Hi Jie,

    A whitelist will restricts which peers are allowed to connect to your device. To construct a whitelist, you must provide a list of peer IDs. The whitelist will contain the identity addresses + the IRKs of the specified peers. This whitelist can then be provided to the advertising module and be used during advertising, so the application specifically advertises to the devices that are on the whitelist.

    But I am not sure what you mean with secured scan response. The content of a scan response is not encrypted. IKR is use for recognizing resolvable addresses, so if a device have bonded before and interchanged a IRK key you will be able to recognize the address again.

    Best Regards,

    Marjeris

Children
No Data
Related
Terms of service