• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 67 subscribers
  • Views 3133 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 104477
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NRF51 + S110: Block bonding, allow access to some services

Mathew Juzwiak

Hello

I'm developing software for beacon-type device based on NRF51822. It has no buttons or other user inputs. Our use case:

User buy beacon-device. First phone which connect and bonds to beacon is saved in and has access to all BLE services. Other devices are not allowed to connect/bond. User from first (master) device can enable 'connect other device' option, then beacon starts advertising and let bond first device connect to it.

Problem we face: lost 'master' device or all authorized devices. Beacon must provide option to allow delete all bonded devices and remember new first one (something like factory reset). But again, we have completely no user inputs. Our method to solve this problem: allow all (either unbonded) devices to receive 'service code' from beacon. Then user sends service code + his secret code to our company, we respose him with device unlock code. He writes that unlock code to unprotected service, that perform device factory reset.

Main topic: I can block any not-whitelisted central from connecting to device, but that blocks access to all services (it blocks connection to BLE peripheral). I want to set some services "access only when bond" and let one service to be accessed when bonded and not bonded together with block bonding new devices.

Using NRF51822, S110 SD7 and Device Manager for handling and storing bond informations.

Changing advertising ble_gap_adv_params_t.fp from BLE_GAP_ADV_FP_ANY to BLE_GAP_ADV_FP_FILTER_CONNREQ with setting whitelist completly blocks all non-whitelisted centrals.

I want to let read/write to services/characteristics with BLE_GAP_CONN_SEC_MODE_SET_OPEN permissions but block services with other security options (for instance BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM).

Any help will be appreciated.

Edit: I did quick fix for this. In device manager, dm_ble_evt_handler:

case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
...
            //Bond/key refresh.
            if (m_connection_table[index].bonded_dev_id != DM_INVALID_ID)
            {
                notify_app     = true;
                event.event_id = DM_EVT_SECURITY_SETUP_REFRESH;
                memset(m_gatts_table[index].attributes, 0, DM_GATT_SERVER_ATTR_MAX_SIZE);

                //Set the update flag for bond data.
                m_connection_table[index].state |= STATE_BOND_INFO_UPDATE;
            }
		else
		{
		//QUICKFIX: do not let other devices bond to device
		if(!allow_bonding)
		{
		    notify_app   = false;
		    sd_ble_gap_disconnect(p_ble_evt->evt.gap_evt.conn_handle, BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
		    break;
		 }
         //ENDQuickfix
	 }

It disconnects user who trying to bond if bonding is currently disabled. But i dont think that's the best solution.

Parents
  • 0

    I can't see why your quick fix shouldn't work, but it depends on your application.

    As you have understood you can’t use whitelisting which means that anyone can connect to your device, blocking you from connecting to it. The attacker will only be disconnected when he tries to pair, but he can always reconnect.

    This could for example be solved by using whitelisting in general, but not the first 60 seconds after a reset. In the first 60 seconds you can connect and insert your secret code.

    Another option is to disconnect devices that don’t try to pair, after a certain time period.

    I'm assuming that you have thought of this, but please ensure that your device is protected from brute force attacks.

Reply
  • 0

    I can't see why your quick fix shouldn't work, but it depends on your application.

    As you have understood you can’t use whitelisting which means that anyone can connect to your device, blocking you from connecting to it. The attacker will only be disconnected when he tries to pair, but he can always reconnect.

    This could for example be solved by using whitelisting in general, but not the first 60 seconds after a reset. In the first 60 seconds you can connect and insert your secret code.

    Another option is to disconnect devices that don’t try to pair, after a certain time period.

    I'm assuming that you have thought of this, but please ensure that your device is protected from brute force attacks.

Children
Related