This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

ble security nrf52840

How can I add security middleware, between connection request device and my connectable device.

I want to that if one device sent connection request to my device, I want checking in request mac addres and something like that.

But I dont found anythink about that.

How can I implemented something like that ?

Parents
  • Hello,

    As a peripheral, you can't sort on connection requests during runtime. If you want to do that, you need to have the address in your whitelist before you start advertising. This is the way that it is typically done if you use bonding. 

    What you can do as a peripheral if you don't use whitelisting, and hence have to accept every connection request you get, is to disconnect if you see that the connected device is not a device that you want to stay connected to. 

    But I believe bonding + advertising with a whitelist is what you are looking for. The ble_app_gls example from the SDK\examples\ble_peripheral\ble_app_gls is one example that uses this.

    Best regards,

    Edvin

  • but I dont want to use whitelist or bonding. I am developing a project. there are one master and many observer. and master is mobile.

    I know master device mac address. when if master device advertising signal, arraivable to observer then I want to check it this connection request. if I found my master device's mac in this connection request ,than I want to accept this connection request. How can I implement this or like somethink this.

  • I want checking in request mac addres and something like that.

    Sorry,  I thought you wanted to decide based on the mac address, which is whitelisting.

     

    Zeynal said:
    I want to check it this connection request. if I found my master device's mac in this connection request ,than I want to accept this connection request. How can I implement this or like somethink this.

     That is not possible. You will not get an application interrupt between the connection request and the connection. This is because the timing between these events is too short for application interrupts. 

    But you can see the address of the device that connected in the BLE_GAP_EVT_CONNECTED event, and based on this, decide whether you want to stay connected or if you want to disconnect. You can make your application layer decide not to send any notifications (payload data) before this address is verified.

  • in the BLE_GAP_EVT_CONNECTED event, can I get connected device mac ? or how can get something for identity

  • It is not actually called the MAC address, but it is the BLE address. 

    Yes. You can find it. Try to add the following to your BLE_GAP_EVT_CONNECTED event:

                NRF_LOG_INFO("connected to %02x,%02x,%02x,%02x,%02x,%02x", p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[0],
                                                                           p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[1],
                                                                           p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[2],
                                                                           p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[3],
                                                                           p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[4],
                                                                           p_ble_evt->evt.gap_evt.params.connected.peer_addr.addr[5]);

    It will print the address of the connected device in the log.

  • finaly, this address is specific or not. I mean this, This address is like a mac address not changing or not ?

Reply Children
  • If it is a phone, it may change. If you want to be able to determine whether it is the same device, but it has changed address, you need to bond. You can read about it in this devzone thread.

    If you look at it from a hacker's point of view, who wants to steal the data from a connection, you need to bond in order to prevent anyone from doing so. Both encryption and a shared secret (bonding data) are needed for this.

    To check if a new address belongs to a known device, you need the IRK. This is passed on through bonding. 

Related