• State Not Answered
  • Replies 5 replies
  • Subscribers 73 subscribers
  • Views 913 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 245279
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF52832 Secure connection

KRA

Hi,

I have a customise board which has nrf52832 chip inside. I want to establish a secure connection between my 2 customised boards but I dont have any button or display in my board.

As per bluetooth core specification if there is no input output capabilities in my board the only way to eastablish secure connection is just works and that is unauthenticated

Is there any way thay I can eastablish secure authenticated connection?

Regards,

KRA

Parents
  • 0

    Hi,

    There is no standardized way to provide authentication when both devices lack buttons and display. There are a few options, which may or may not be acceptable:

    • Use an out-of-band mechanism such as NCS. Note that the nRF can only act as an NFC tag, so in this case, one of the devices would need an additional IC in order to act as an NFC reader.
    • Pre-provision the devices in production.

    Those are the only two options I can think of.

  • 0 in reply to Einar Thorsrud

    My device doesn't have additional IC to support for NFC tag.

    One option I was thinking is to use numeric comparison method for secure connection but in phase 2 instead of user confirmation, read passkey from connected device using GATT characteristics and compare six digit numeric value of both the devices and based on this comparison it will perform secure connection.

    so, Phase-2 would be like:

    • After successful sharing of public key, Central device will start calculating DHKey (Diffie – Hellman kay)
    • six-digit passkey will be generated by both the devices
    • Using GATT characteristics (Object Transfer Service), both device will read six-digit key generated by the connected device.
    • After successful reading, both the devices will compare those keys with its own key.
    • If Both the keys are same, connection is getting encrypted with LTK(Long Term Key)

    Is this the correct way to establish a secure connection where my device doesnt have any IO capabilities? I am not sure this is possible or not. Please help me in this.

  • 0 in reply to KRA

    Hi,

    KRA said:
    Is this the correct way to establish a secure connection where my device doesnt have any IO capabilities? I am not sure this is possible or not. Please help me in this.

    I did not understand this procedure, neither how it should work nor why it would provide any benefits. Using standardized LE Secure Connections will make a secure but unauthenticated link between the two devices. The link is secure because the shared secret cannot be detected by an eavesdropper, so they will be able to communicate in secrecy. However, the link is not authenticated since you may actually be talking to an attacker instead of the device you intend to talk to. I do not see how your suggestion would remedy that, though?

    I do not see any way it would even be theoretically possible to get authentication without having a form of side-channel (being buttons and displays, NFC, reprovisioning in flash or other). If you do not have any such side channel, then it is theoretically impossible to provide authentication.

  • 0 in reply to Einar Thorsrud
    Einar Thorsrud said:
    If you do not have any such side channel, then it is theoretically impossible to provide authentication.

    is there any practical way to provide authentication?

  • 0 in reply to KRA

    As far as I can understand it is impossible with the requirements you have specified (no I/O capabilities, no side channel, and no pre-provisioning).

Reply Children
No Data
Related
Terms of service