https://devzone.nordicsemi.com/f/nordic-q-a/51783/security-of-data-passing-in-ble-communicationSecurity of data passing in BLE communication Hello I am developing based on &quot;multirole lesc&quot; of BLE sample project. What is worrisome about the project is the &quot;security_req_t&quot; structure in &quot;ble_srv_common.h&quot;. I think that this structure is where securityen-USTelligent Community 13Tue, 10 Sep 2019 11:38:43 GMThttps://devzone.nordicsemi.com/thread/208901?ContentTypeID=1Tue, 10 Sep 2019 11:38:43 GMT137ad170-7792-4731-bb38-c0d22fbe4515:486a5c4d-a871-4f9e-bbea-0321f0820de6Vidar Berg<p>Hello,</p> <p>The security capabilities are set in peer manager init (pm_init)&nbsp;using the defines (SEC_PARAM_BOND,..) shown in my previous reply.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/208781?ContentTypeID=1Tue, 10 Sep 2019 04:48:37 GMT137ad170-7792-4731-bb38-c0d22fbe4515:18c06e94-f573-4f9d-97fd-a2557318792dKova<p>Hello Vidar Berg.<br />Sorry for the late reply.<br />I do not know where GATT Central security settings are configured.<br />If you do not mind, please teach me.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/208199?ContentTypeID=1Thu, 05 Sep 2019 11:47:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a303e599-1215-49d3-aecf-f7328403291cVidar Berg<p>Hi,</p> <p>The security levels should be applied to the characteristics you have on the GATT server. The security level of the link and the characteristics will then determine whether the client gets read/write access. It&#39;s not uncommon to have some characteristics set with &quot;open&quot; while having others with a security level that requires bonding.&nbsp;</p> <p>So if we use the&nbsp;ble_app_hrs project as an example:</p> <p><pre class="ui-code" data-mode="c_cpp"> // Here the sec level for the Heart Rate Service can be changed/increased. hrs_init.hrm_cccd_wr_sec = SEC_OPEN; hrs_init.bsl_rd_sec = SEC_OPEN;</pre></p> <p>Here write access to the CCCD is set to open, so any connected client can enable notifications for this characteristic. And&nbsp;let&#39;s say we want to require just works bonding or pairing before notifications can be enabled. Then we need to changes it to this:</p> <p><pre class="ui-code" data-mode="c_cpp"> // Here the sec level for the Heart Rate Service can be changed/increased. hrs_init.hrm_cccd_wr_sec = SEC_JUST_WORKS; hrs_init.bsl_rd_sec = SEC_OPEN;</pre></p> <p>Also note that the security level achieved through bonding will depend on the security capabilities of both the GAP central and GAP peripheral. Most of the examples are not set up to support MITM protection since it requires some kind of input or output (keyboard, display, etc) to the user.&nbsp;</p> <p>Security parameters used for the bonding in the ble_app_hrs example:</p> <p><pre class="ui-code" data-mode="c_cpp">#define SEC_PARAM_BOND 1 /**&lt; Perform bonding. */ #define SEC_PARAM_MITM 0 /**&lt; Man In The Middle protection not required. */ #define SEC_PARAM_LESC 1 /**&lt; LE Secure Connections enabled. */ #define SEC_PARAM_KEYPRESS 0 /**&lt; Keypress notifications not enabled. */ #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE /**&lt; No I/O capabilities. */ #define SEC_PARAM_OOB 0 /**&lt; Out Of Band data not available. */ #define SEC_PARAM_MIN_KEY_SIZE 7 /**&lt; Minimum encryption key size. */ #define SEC_PARAM_MAX_KEY_SIZE 16 /**&lt; Maximum encryption key size. */</pre></p> <p></p><div style="clear:both;"></div>