We are working on a product with a pair of Central and Slave BLE devices that will be sold in pairs. The plan is to have the pairs preconfigured in factory so that the Central device can only ever connect to the one & only 1 matching Slave device.
I am trying to find a secure scheme for pairing the BLE devices. Static passkeys were considered and quickly rejected, because we know that Passkey pairing is designed for dynamically changing passkeys. The following are 2 ideas that we are considering. We can assume that the two devices are connected with LE secure & MITM enabled.
- OOB pairing with fixed static keys. The keys are pre-programmed in the flash of the devices, so that they are known to the opposite devices without requiring any real information exchange during OOB.
- Passkey pairing using dynamic keys without display or keyboard. The same encryption key (KEY enc) is preprogrammed on each of the 2 matched devices in factory. A secret code S is generated on one side. The other side will connect to it using LESC+MITM+Just Works, then read the secret code S from a special read-only Characteristic. Once it finished reading the secret, it will connect and pair with the other device using LESC+MITM+Passkey. The BLE 6 digit passkey will be calculated by:
passkey = Encrypt( Code S, KEY enc)
The trick is to generate a new secret code S whenever a passkey is tried during the pairing process. The other thing to pay attention to is that the Server device will have different set of available characteristics depending on the authentication mode. When Just Works is used, only the secret code S characteristic will be available. When Passkey auth is used, all the device functionality specific characteristics will be available.
Personally, I think scheme #2 should work better. Your help in reviewing and improving the idea will be greatly appreciated.
Also, we need some idea on a good encryption scheme to use for encrypting a secret + key into a 6 digit passkey.
Thanks,
Joseph