This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

how to add authenticity/MITM for a device without any IO capabilities?

Hi,

My device does not have IO capabilities so i have used LE secure connection with just works for pairing. since it does not offer any authenticity, i wish to add some level of pass key options to authenticate it. ie i want to use a static pass key to authenticate the connection in addition to what just works offers.

please note: i don't want to replace the random seed value used in just works with a static key.

What i want to do is sent a random value or static key to the client and it should generate a key and send it back based on pre decided algorithm only known to my client and server. once it is authenticated, it should perform LE secure connection with just works.

how can i add this? is there some other better options?

I want only my application to connect to the device, Is there any better way to discard other clients. I do not want to use whitelisting for this.

i know MITM protection cannot be achieved for devices without io but can we achieve something similar?

Parents
  • Hi,

    Have you considered using OOB pairing with NFC? Or is this not a possibility?

    Best Regards,

    Marjeris

  • Hi Msromero,

    Thanks for the suggestion.

    I have considered the NFC option but many mid range android phones does not have NFC. so decided not to go with NFC.

    At least is there any way to add a hard coded key which should be entered to start the pairing process ?

    my server has an rgb LED, so i am looking at the possibility of generating some patterns and entering that in the android phone. but i am not sure how to proceed Expressionless

  • Hi,

    i have found the gls example in sdk15.2 and it uses mitm by displaying the key through UART. it looks interesting , since it is done in a different way compared to my sdk14.0.

    How can i modify that to make the a constant key ? I  know the security level will be same as just works but it will at least prevent some generic apps from connecting to my server.

    can i port that code to from sdk15.2 to sdk 14.0, i am using s132 v5 ?

    in the multi connect example on sdk14, if the key matches we have to give the input on ble server where as in the gls example it is sent from client side. how can i implement the same logic to my sdk 14 based appliaction?

    is there any other examples in sdk14 for lesc?

Reply
  • Hi,

    i have found the gls example in sdk15.2 and it uses mitm by displaying the key through UART. it looks interesting , since it is done in a different way compared to my sdk14.0.

    How can i modify that to make the a constant key ? I  know the security level will be same as just works but it will at least prevent some generic apps from connecting to my server.

    can i port that code to from sdk15.2 to sdk 14.0, i am using s132 v5 ?

    in the multi connect example on sdk14, if the key matches we have to give the input on ble server where as in the gls example it is sent from client side. how can i implement the same logic to my sdk 14 based appliaction?

    is there any other examples in sdk14 for lesc?

Children
Related