• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 21 replies
  • Subscribers 76 subscribers
  • Views 7123 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 239592
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

KNOB Attack for BLE (nRF52840)

DevSec

Hi Experts,

We are developing application on nRF52840 based BLE 5.0 module i.e. BMD-340, in short we are integrating the BLE in one of our existing product & upcoming new products.

We have found information about KNOB attack on BLE. 

Does Nordic have implemented the features to avoid the KNOB attack? If yes, please provide details. 

Regards,

Yunus

Parents
  • 0

    Hi ,

    I have the same challenges and questions as the original poster. I am trying to decide what the minimum key length should be for our device.

    In one of your answers you state that "a minimum key size of 7 bytes will ensure that   a 128-bit encryption key is used".
    Can you explain the details of that? Isn't 7 bytes equal to 56 bits key length?

    Regards,

    Robert

  • 0 in reply to robla

    :  Apologies for the very late reply. 

    I see that I didnt complete the sentence fully. YOu are correct that 7 bytes is equivalent to a 56-bit key.  I should have written the following:

    Simply set the SEC_PARAM_MIN_KEY_SIZE to 16 and you will remove the possibility of reducing the encryption key size from 16 to 7. However, a minimum key size of 7 bytes will ensure that the device is not affected by the KNOB attack where the key size is set to 1. With a key size of 16, you will ensure that only a 128-bit encryption key is used, which would take 2.158⋅10^12 years , i.e.  2,158,000,000,000 years to bruteforce. 

Reply
  • 0 in reply to robla

    :  Apologies for the very late reply. 

    I see that I didnt complete the sentence fully. YOu are correct that 7 bytes is equivalent to a 56-bit key.  I should have written the following:

    Simply set the SEC_PARAM_MIN_KEY_SIZE to 16 and you will remove the possibility of reducing the encryption key size from 16 to 7. However, a minimum key size of 7 bytes will ensure that the device is not affected by the KNOB attack where the key size is set to 1. With a key size of 16, you will ensure that only a 128-bit encryption key is used, which would take 2.158⋅10^12 years , i.e.  2,158,000,000,000 years to bruteforce. 

Children
No Data
Related
Terms of service