• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 8 replies
  • Subscribers 87 subscribers
  • Views 3206 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 223218
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Start advertising when NFC field is sensed

yes

Hi,

We implement oob pairing using NFC.

According to my knowledge NFC is used as "private" advertising channel (this is what OOB  means) i.e. peripheral address, encryption initial keys etc. are transmitted via NFC instead of broadcasting them via 2.4GHz (BLE).

The central device extracts peripheral address from NFC message ("tag") according to NDEF format and sends connection request.

I reviewed ble_nfc_pairing_reference example code from SDK 15.2.

In nfc_callback function (file: nfc_ble_pir_lib.c) if NFC_T2T_EVENT_FIELD_ON event is detected it calls ble_advertising_start (line 184)

What do I miss?

Thanks in advance

Parents
  • 0

    Hi,

    From the nRF SDK documentation library about the BLE Pairing using NFC peripheral reference example, here:

    The application does not start advertising immediately, but only when the NFC tag is read by an NFC polling device, for example a smartphone or a tablet with NFC support. The message that the tag sends to the NFC device contains data required to initiate pairing. To start the NFC data transfer, the NFC device must touch the NFC antenna that is connected to the nRF52 Development Kit.

    After reading the tag, the device can pair with the nRF52 device which is advertising. Connection state of the device is signalled by LEDs. When the connection is lost due to timeout, the library automatically triggers direct advertising.

    Best Regards,

    Marjeris

  • 0 in reply to Marjeris Romero

    Thanks for the clarification.

    Let me focus my question as general question which is not relate to NFC example reference implementation:

    With the use of NFC is there a way to pair the devices without starting advertising i.e. after NFC data is read by the central, it shall send connection request based on read NFC data but the peripheral shall not broadcast its advertising data over the RF (address and security are already transferred to central via NFC tag).

    Due to security we concern of broadcasting advertising data which might be observed and used by 3rd device (MITM).

    Thanks in advance

      

Reply
  • 0 in reply to Marjeris Romero

    Thanks for the clarification.

    Let me focus my question as general question which is not relate to NFC example reference implementation:

    With the use of NFC is there a way to pair the devices without starting advertising i.e. after NFC data is read by the central, it shall send connection request based on read NFC data but the peripheral shall not broadcast its advertising data over the RF (address and security are already transferred to central via NFC tag).

    Due to security we concern of broadcasting advertising data which might be observed and used by 3rd device (MITM).

    Thanks in advance

      

Children
  • 0 in reply to yes

    Hi,

    No I don't think there is a way to pair without advertising. You have to establish a connection before pairing and the bluetooth specification says that you only can send a connection request inside a given interval after an advertising packet is sent. When pairing through NFC encryption data is exchange using OOB which provides MITM protection, but the device still needs to advertise to start a connection.

    You can consider using whitelist, but it will not prevent other devices from seing the advertisement packets, just prevents unknown devices from establishing a connection to your device.

    You can also try implementing direct advertisement using a specific peer address, but the packets will still be visible using a BLE sniffer. The packets are only filtered out on the BLE stack of other devices when they see that the packet is not addressed to them.

    Best Regards.

    Marjeris

  • 0 in reply to Marjeris Romero
    Marjeris Romero said:
    You have to establish a connection before pairing and the bluetooth specification says that you only can send a connection request inside a given interval after an advertising packet is sent.

    Below is the description of Out of Band from BLUETOOTH SPECIFICATION Version 5.0 | Vol 1, Part A, 5.2.4.3

    Out of Band
    The Out of Band (OOB) association model is primarily designed for scenarios
    where an Out of Band mechanism is used to both discover the devices as well
    as to exchange or transfer cryptographic numbers used in the pairing process.
    In order to be effective from a security point of view, the Out of Band channel
    should provide different properties in terms of security compared to the
    Bluetooth radio channel. The Out of Band channel should be resistant to MITM
    attacks. If it is not, security may be compromised during authentication.
    The user's experience differs a bit depending on the Out of Band mechanism.
    As an example, with a Near Field Communication (NFC) solution, the user(s)
    will initially touch the two devices together, and is given the option to pair the
    first device with the other device. If "yes" is entered, the pairing is successful.
    This is a single touch experience where the exchanged information is used in
    both devices. The information exchanged includes discovery information (such
    as the Bluetooth Device Address) as well as cryptographic information. One of
    the devices will use a Bluetooth Device Address to establish a connection with
    the other device. The rest of the exchanged information is used during
    authentication.

Related
Terms of service