Hi, I did some small applications using RFduino, and now I will start developing using Nordic sdk. I'll list some features of my application: a hardware with no keyboard or display, with nrf51822; it will communicate with smartphones apps, using BLE; multiple users (by user I mean, smartphones) will communicate with this hardware; only 'authorized users' are able to interact with this hardware; a 'master user' can authorize or revoke other users; a common user (the one that is not a master) can't find a way to authorize others. Ok, I've made a simple solution at RFduino, that I generate a 128-bit code inside smartphone app, and use that code as a 'identity' of the user. Certainly not a secure way to do it. Now I want to make a secure application, usign Nordic sdk. I've been reading about BLE security modes, but still not clear for my case, what do I need to do at BLE level, and what I need to do at Application level. I'd be happy to get any suggestions. Regards, Jerônimo

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security and user authentication

Jerônimo over 10 years ago

Hi,

I did some small applications using RFduino, and now I will start developing using Nordic sdk.

I'll list some features of my application:

a hardware with no keyboard or display, with nrf51822;
it will communicate with smartphones apps, using BLE;
multiple users (by user I mean, smartphones) will communicate with this hardware;
only 'authorized users' are able to interact with this hardware;
a 'master user' can authorize or revoke other users;
a common user (the one that is not a master) can't find a way to authorize others.

Ok, I've made a simple solution at RFduino, that I generate a 128-bit code inside smartphone app, and use that code as a 'identity' of the user. Certainly not a secure way to do it.

Now I want to make a secure application, usign Nordic sdk. I've been reading about BLE security modes, but still not clear for my case, what do I need to do at BLE level, and what I need to do at Application level.

I'd be happy to get any suggestions.

Regards,

Jerônimo

Parents

0 Petter Myhre over 10 years ago

You question is very non-specific, so it's hard to give you a specific answer. I'll try to give you some tips on what you should read up on.

Your question is similar to this one.

We have some MSC's that are very helpful in understanding what is done by the SoftDevice and what is done by the application. For example this.

You need to figure out how to identify and bond with these master users, and if you need to handle the scenario of losing all of them.

In BLE you can block unwanted devices by adding the authorized master to a white list. This may be something that you can use.

If you have any specific questions I hope you will add them as new questions. Or this one will soon get messy. But, of course if anything is unclear about my answer, please add a comment.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Petter Myhre over 10 years ago

You question is very non-specific, so it's hard to give you a specific answer. I'll try to give you some tips on what you should read up on.

Your question is similar to this one.

We have some MSC's that are very helpful in understanding what is done by the SoftDevice and what is done by the application. For example this.

You need to figure out how to identify and bond with these master users, and if you need to handle the scenario of losing all of them.

In BLE you can block unwanted devices by adding the authorized master to a white list. This may be something that you can use.

If you have any specific questions I hope you will add them as new questions. Or this one will soon get messy. But, of course if anything is unclear about my answer, please add a comment.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data