• State Verified Answer
  • Replies 4 replies
  • Subscribers 73 subscribers
  • Views 747 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 243166
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Securing access to s112 based device

yf13

Dear experts,

My BLE peripheral device uses s112 soft device with nRF52832 and nRF SDK v16 and now the basic data collection and transmission features all work fine with no security control. My device has two LEDs which I think can be used to depict some digital passkeys via blinking, assuming users can input the digits into the central app. 

Now I am considering to add some security so that the device can only be accessed from my central Android app. What are the proper approaches to start with? Should I add security via the "bonding" process? Does s112 stack support bonding? are there any samples in the SDK related to s112 bonding setup?

Parents
  • 0

    Hi,

    I would suggest you take a look at nRF5 SDK v16.0.0: Peer Manager and start from Heart Rate Application

    HRS s112 example is under nRF5_SDK_16.0.0\examples\ble_peripheral\ble_app_hrs\pca10040\ser_s112_hci

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Thank you Amanda! 

    I tried the HRS example you mentioned but found that I can't run it directly on my nRF52DK, error logs are below:

    <info> app_timer: RTC: initialized.
<warning> sphy_hci: Timeout, no ACK. Dropping.
<error> nrf_sdh_ble: sd_ble_cfg_set() returned NRF_ERROR_INTERNAL when attempting to set BLE_CONN_CFG_GAP.
<error> app: ERROR 17 [NRF_ERROR_BUSY] at /opt/nRF/components/serialization/application/transport/ser_sd_transport.c:304
PC at: 0x000158C7
<error> app: End of error report

    Maybe I can't use that ser_s112_hci example directly on my nRF52DK board --- the name "ser_s112_hci" implies some special hardware configuration to me...

    From the SDKv16 examples folder, I also noticed there is a "ble_app_bms" example, it seems like a BLE service based on the "peer manager" component? I made it to run on pca10040. after setting the USE_AUTHORIZATION_CODE to 0, I seemed can bond to it from the "nRF Connect" Android app.

    <info> app_timer: RTC: initialized.
<info> app: Bond Management example started with 1 peers
<info> app: Fast adverstising.
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Fast adverstising.
<info> app: Disconnected
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Fast adverstising.
<info> app: Disconnected
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> ble_bms: Control point write: Success
<info> app: Client requested that bond to current device deleted
<info> app: Fast adverstising.
<info> app: Disconnected
<error> peer_manager_handler: Peer deleted successfully: peer_id: 0
<info> app: Connected
<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Encryption, error: 4102
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Update
<info> app: Fast adverstising.
<info> app: Disconnected

    Currently I don't fully understand the BMS service yet, but I guess it allows us to delete an Android central from a peripheral  so that the peripheral can bond with other Android central later. This is useful especially when the peripheral has no input buttons.

    Generally I am thinking to have my peripheral showing a random 4 digits passkey then ask the Android central app to enter it for bonding. what are the proper params to achieve it with peer_manager? 

    sec_param.bond           = 1;
sec_param.mitm           = 1;
sec_param.lesc           = 1;
sec_param.keypress       = 0;
sec_param.io_caps        = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
sec_param.oob            = 0;

    Yet another question is how many central peers can we have for a nRF peripheral? 

Reply
  • 0 in reply to Amanda Hsieh

    Thank you Amanda! 

    I tried the HRS example you mentioned but found that I can't run it directly on my nRF52DK, error logs are below:

    <info> app_timer: RTC: initialized.
<warning> sphy_hci: Timeout, no ACK. Dropping.
<error> nrf_sdh_ble: sd_ble_cfg_set() returned NRF_ERROR_INTERNAL when attempting to set BLE_CONN_CFG_GAP.
<error> app: ERROR 17 [NRF_ERROR_BUSY] at /opt/nRF/components/serialization/application/transport/ser_sd_transport.c:304
PC at: 0x000158C7
<error> app: End of error report

    Maybe I can't use that ser_s112_hci example directly on my nRF52DK board --- the name "ser_s112_hci" implies some special hardware configuration to me...

    From the SDKv16 examples folder, I also noticed there is a "ble_app_bms" example, it seems like a BLE service based on the "peer manager" component? I made it to run on pca10040. after setting the USE_AUTHORIZATION_CODE to 0, I seemed can bond to it from the "nRF Connect" Android app.

    <info> app_timer: RTC: initialized.
<info> app: Bond Management example started with 1 peers
<info> app: Fast adverstising.
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Fast adverstising.
<info> app: Disconnected
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Fast adverstising.
<info> app: Disconnected
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Connected
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> ble_bms: Control point write: Success
<info> app: Client requested that bond to current device deleted
<info> app: Fast adverstising.
<info> app: Disconnected
<error> peer_manager_handler: Peer deleted successfully: peer_id: 0
<info> app: Connected
<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Encryption, error: 4102
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Update
<info> app: Fast adverstising.
<info> app: Disconnected

    Currently I don't fully understand the BMS service yet, but I guess it allows us to delete an Android central from a peripheral  so that the peripheral can bond with other Android central later. This is useful especially when the peripheral has no input buttons.

    Generally I am thinking to have my peripheral showing a random 4 digits passkey then ask the Android central app to enter it for bonding. what are the proper params to achieve it with peer_manager? 

    sec_param.bond           = 1;
sec_param.mitm           = 1;
sec_param.lesc           = 1;
sec_param.keypress       = 0;
sec_param.io_caps        = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
sec_param.oob            = 0;

    Yet another question is how many central peers can we have for a nRF peripheral? 

Children
Related
Terms of service