• State Verified Answer
  • Replies 9 replies
  • Subscribers 72 subscribers
  • Views 2467 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 241352
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Ensuring 16 Byte of entropy in Security Mode 1v4

TobiasM

Hello,

I'm currently trying to implement a setup of BLE devices (nRF52 DK and nRF52840 DK) which is potentially secure against the KNOB attack (and also other attacks) and uses the full 16 bytes of entropy for the encryption. I've found this thread https://devzone.nordicsemi.com/f/nordic-q-a/54566/knob-attack-for-ble-nrf52840 which mentions that the attack is not applicable due to the min key length of 7 bytes (I guess this is also the same for the nRF52832) but that's still too low for my setup. Of course, I could set the min key length to 16 bytes for both devices, but I just want to use the full key length for specific services. According to

https://bluetooth.service-now.com/ess/knowledge.do?sysparm_document_key=kb_knowledge,3995cd29db7b3f007d6c808768961931

I could use Legacy Pairing which doesn't seem to be the best choice if it comes to different attacks such as passive eavesdropping. Therefore, I want to use the LE Security Mode 1v4 to ensure a 128-bit strength encryption key (Spec 5.1 p. 2186) which apparently is satisfied if I use a pairing procedure using either Numeric Comparison or Passkey Entry with Secure Connection. In the paper eprint.iacr.org/.../933.pdf on page 11 it is specifically mentioned that "even if a device using security mode 1 with level 4, the LTK's entropy can still be downgraded to 7 bytes". Am I missing something or this a bug of the tested devices? Is it possible to downgrade the nRF52840 or nRF52832 to use 7 bytes of entropy in Security Mode 1v4?

Best regards,

Tobias

Parents
  • 0

    Hi Tobias, 

    which interactive application from SDK v16.0.0 did you use? Please provide the name of the example or the path inside the SDK v16.0.0 folder. 

    Did this example set the security mode of the characteristic using BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM or with BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM?

    Best regards

    Bjørn

  • 0 in reply to bjorn-spockeli

    Hi Bjørn,

    I was using the app found in "SDK16.0.0 Folder"\examples\ble_central_and_peripheral\experimental\ble_app_interactive\ for the nRF52840DK (PCA10056). I've just made some minor changes, s.t. the security levels will be printed to check which levels are active and in sdk_config.h I've changed the BLE_SEC_PARAM_MAX_KEY_SIZE value to 7, as the smallest number exchanged between both devices will be used as encryption key size according to the spec.

    On server side I've used nRF Connect running on the nRF52DK. I've added a new service and a characteristic with read permission "LESC encryption with MITM required" which should be level 4 as I understand it. Therefore the first option is used.

    I did double check the exchange of the parameters using a sniffer. The Log file of the nRF Connect states "Security updated, mode: 1, level: 4" and I'm able to read the characteristic with the Interactive App which shows only security level 3 in that case.

    Best regards

    Tobias

  • +1 in reply to TobiasM

    HI Tobias,

    setting the security_req_t for reading or writing to characteristic value to SEC_MITM, will set the security level to mode 1 level 3

    Lets take the Battery Level Characteristic as an example. In bas_init() we see that

      // Require LESC with MITM (Numeric Comparison)
    bas_init_struct.bl_cccd_wr_sec   = SEC_MITM;
    bas_init_struct.bl_report_rd_sec = SEC_MITM;

    and that the characteristic is added by calling battery_level_char_add(), which in turn calls characteristic_add(), which in turn calls set_security_req().

     

    static inline void set_security_req(security_req_t level, ble_gap_conn_sec_mode_t * p_perm)
{
    BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm);
    switch (level)
    {
        case SEC_NO_ACCESS:
            BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm);
        break;
        case SEC_OPEN:
            BLE_GAP_CONN_SEC_MODE_SET_OPEN(p_perm);
        break;
        case SEC_JUST_WORKS:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(p_perm);
        break;
        case SEC_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(p_perm);
        break;
        case SEC_SIGNED:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(p_perm);
        break;
        case SEC_SIGNED_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(p_perm);
        break;
    }
    return;
}

    The macros used in expands to the following:

    /**@defgroup BLE_GAP_CONN_SEC_MODE_SET_MACROS GAP attribute security requirement setters
 *
 * See @ref ble_gap_conn_sec_mode_t.
 * @{ */
/**@brief Set sec_mode pointed to by ptr to have no access rights.*/
#define BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(ptr)          do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)
/**@brief Set sec_mode pointed to by ptr to require no protection, open link.*/
#define BLE_GAP_CONN_SEC_MODE_SET_OPEN(ptr)               do {(ptr)->sm = 1; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption, but no MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(ptr)        do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(ptr)      do {(ptr)->sm = 1; (ptr)->lv = 3;} while(0)
/**@brief Set sec_mode pointed to by ptr to require LESC encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(ptr) do {(ptr)->sm = 1; (ptr)->lv = 4;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption, no MITM protection needed.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(ptr)     do {(ptr)->sm = 2; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption with MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(ptr)   do {(ptr)->sm = 2; (ptr)->lv = 2;} while(0)
/**@} */

    So if you want the security of a characteristic set to mode 1 level 4, then you need to set the security_req_t to SEC_SIGNED 

    Best regards

    Bjørn

  • 0 in reply to bjorn-spockeli

    Hi Bjørn,

    thank you for the additional information. Following your code example, I've noticed that setting security_req_t to SEC_SIGNED will call the macro BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(ptr) which corresponds to setting security mode 2 level 1. In my case I would need to call BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(ptr) which seems not to be part of the set_security_req function and needs to be added.

    Nevertheless, this will answer my question and I will move from using the nRF Connect BLE App to programming my server setup directly, as I'll have better insight and control over the settings.

    Best regards

    Tobias

Reply
  • 0 in reply to bjorn-spockeli

    Hi Bjørn,

    thank you for the additional information. Following your code example, I've noticed that setting security_req_t to SEC_SIGNED will call the macro BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(ptr) which corresponds to setting security mode 2 level 1. In my case I would need to call BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(ptr) which seems not to be part of the set_security_req function and needs to be added.

    Nevertheless, this will answer my question and I will move from using the nRF Connect BLE App to programming my server setup directly, as I'll have better insight and control over the settings.

    Best regards

    Tobias

Children
No Data
Related
Terms of service