Secure connections with no keyboard and no display

RE: Secure connections with no keyboard and no display

Kenneth — Wed, 29 Jan 2020 09:06:07 GMT

Good point, also check out this Nordic Blog post:
https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/what-impact-does-the-deprecation-and-withdrawal-of-bluetooth-core-specification-v4-0-and-v4-1-have-on-your-current-and-future-products

And this thread of known issues with SDKv12.x (including 12.3):
https://devzone.nordicsemi.com/f/nordic-q-a/16156/what-are-sdk-12-x-0-known-issues

RE: Secure connections with no keyboard and no display

awneil — Tue, 28 Jan 2020 22:23:47 GMT

[quote userid="87223" url="~/f/nordic-q-a/47518/secure-connections-with-no-keyboard-and-no-display/231516"]I have a new project like to use nRF51822[/quote]

Note that nRF51 is not recommended for new BLE designs - and has not been for some time now:

devzone.nordicsemi.com/.../169728

RE: Secure connections with no keyboard and no display

martinjiang8 — Tue, 28 Jan 2020 22:17:25 GMT

Thank you Kenneth, that really helps!

I have a new project like to use nRF51822 for cost reason, the chip only needs to perform a simple task but has to implement highest security level available in BLE4.2. (authorization and signing)

I found SDK12.3 is the latest revision which supporting nRF51822, and only one example utilizes the security function which is \nRF5_SDK_12.3.0\examples\ble_central_and_peripheral\experimental\ble_app_multirole_lesc

But as you can see, it is located in the experimental folder which means it may contain bugs and not yet fully tested.

Since nRF51822 is a quite mature chip and SDK12.3 was released more than two years ago, do we know is there known issue on this example? Is there any other example available that using secure BLE pairing? Is nRF51822 a viable choice for my application or I have to use nRF52 series instead?

Thank you in advance,

Martin

RE: Secure connections with no keyboard and no display

Kenneth — Tue, 03 Dec 2019 09:13:31 GMT

The easiest is to search all main.c files for '#define SEC_PARAM_LESC', and then all that is defined as '1' support LESC. Here is the result for nRF5 SDKv16:

\ble_central\ble_app_gatts\main.c(89) \ble_central\ble_app_hrs_c\main.c(88) : #define SEC_PARAM_LESC \ble_central\ble_app_ias\main.c(97) : #define SEC_PARAM_LESC \ble_central\ble_app_rscs_c\main.c(88) : #define SEC_PARAM_LESC \ble_central\experimental\ble_app_ots_c\main.c(88) : #define SEC_PARAM_LESC \ble_central_and_peripheral\experimental\ble_app_hrs_rscs_relay\main.c(127) \ble_peripheral\ble_app_alert_notification\main.c(112) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_ancs_c\main.c(122) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_bms\main.c(99) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_bps\main.c(137) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_buttonless_dfu\main.c(109) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_cscs\main.c(130) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_cts_c\main.c(111) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_gls\main.c(117) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_hids_keyboard\main.c(129) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_hids_mouse\main.c(119) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_hrs\main.c(124) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_hrs_freertos\main.c(125) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_hts\main.c(121) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_ias_c\main.c(105) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_proximity\main.c(118) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_rscs\main.c(125) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_template\main.c(105) : #define SEC_PARAM_LESC \ble_peripheral\ble_app_tile\main.c(101) : #define SEC_PARAM_LESC \ble_peripheral\experimental\ble_app_cgms\main.c(117) : #define SEC_PARAM_LESC \ble_peripheral\experimental\ble_app_cli\main.c(116) : #define SEC_PARAM_LESC \ble_peripheral\experimental\ble_app_lls\main.c(102) : #define SEC_PARAM_LESC \ble_peripheral\experimental\ble_app_lns\main.c(115) : #define SEC_PARAM_LESC \ble_peripheral\experimental\ble_app_queued_writes\main.c(105) \ble_peripheral\experimental\bluetoothds_template\main.c(104)

: #define SEC_PARAM_LESC            0                                /**< LE Secure Connections not enabled. */ 1                                   /**< LE Secure Connections enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                   /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ : #define SEC_PARAM_LESC                  0                                           /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                      /**< LE Secure Connections not enabled. */ 0                                       //!< LE Secure Connections not enabled. 0                                       /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 1                                           /**< LE Secure Connections enabled. */ 0                                          /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 1                                       /**< LE Secure Connections enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                  /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                           /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ 0                                       /**< LE Secure Connections not enabled. */ : #define SEC_PARAM_LESC                   0                                          /**< LE Secure Connections not enabled. */ : #define SEC_PARAM_LESC                   0                                          /**< LE Secure Connections not enabled. */

However those projects that support NFC can also potentially support LESC (by defining NFC_PAIRING_MODE_LESC_JUST_WORKS in main.c or sdk_config.h), so you also need to search for all main.c filed that have '#define NFC_PAIRING_MODE'. Here is the result for nRF5 SDKv16:

\ble_peripheral\experimental\ble_app_hids_keyboard_pairing_nfc\main.c(153) :     #define NFC_PAIRING_MODE NFC_PAIRING_MODE_JUST_WORKS
\ble_peripheral\experimental\ble_app_hrs_nfc_pairing\main.c(115) :     #define NFC_PAIRING_MODE NFC_PAIRING_MODE_JUST_WORKS
\ble_peripheral\experimental\ble_nfc_pairing_reference\main.c(63) :     #define NFC_PAIRING_MODE NFC_PAIRING_MODE_JUST_WORKS

Lastly it also seems the nRF5 SDK examples sometimes use '#define SEC_PARAMS_LESC' (instead of '#define SEC_PARAM_LESC'). So you need to search main.c files also for those, and check if any is defined as '1':

\ble_central_and_peripheral\experimental\ble_app_multirole_lesc\main.c(113) : #define SEC_PARAMS_LESC                 1                                               /**< LE Secure Connections pairing required. */

To find more information about a specific BLE example you can check out:
https://infocenter.nordicsemi.com/topic/sdk_nrf5_v16.0.0/examples_ble.html?cp=6_1_4_2

A good start may be to use the below two examples, since those two will work out of the box with eachother:
\ble_central\ble_app_hrs_c\
\ble_peripheral\ble_app_hrs\

RE: Secure connections with no keyboard and no display

Mojo — Mon, 02 Dec 2019 15:35:55 GMT

Hi Kenneth, is there any example or info in SDK about that LE secure connection ? Thanks.

RE: Secure connections with no keyboard and no display

Kenneth — Tue, 21 May 2019 08:39:57 GMT

I suggest look into LE secure connection, this pairing procedure uses Elliptic Curve Diffie-Hellman cryptography and provide the highest security mode.

RE: Secure connections with no keyboard and no display

awneil — Mon, 20 May 2019 14:31:51 GMT

[quote userid="64514" url="~/f/nordic-q-a/47518/secure-connections-with-no-keyboard-and-no-display"]"out of bounds" method[/quote]

Note that the term is out of band - not out of bounds.

It refers to transferring information outside of the communication "band" - ie, in this case, not via BLE.

So, yes - you could devise something based on QR codes.

Do you not want to use NFC?

BTW

The term "out-of-band" has its roots in telephony:

https://en.wikipedia.org/wiki/Signaling_(telecommunications)#In-band_and_out-of-band_signaling

https://en.wikipedia.org/wiki/Out-of-band_data