This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Connection establishment only for specific device

Hello,

I'm trying to setup an automated pairing for two devices. My peripheral device is advertising and should only allow connection requests from a specific central device. I've read that using directed advertising will not show my peripheral device on unauthorized devices if they are complaint to the specification. However, a malicious device which doesn't ignore those advertising packets would still be able establish a connection if I'm not mistaken and I would need a whitelist instead. Is it possible to add a specific device (I know the device address, it's randomly generated but doesn't change) without the IRK such that only this specific central device is able to establish a connection and perform the automated pairing?

Best regards

Tobias

Top Replies

Kenneth over 4 years ago in reply to TobiasM +1 suggested

Check out '[nRF5 SDK root]\examples\ble_peripheral\ble_app_hids_keyboard'. Best regards, Kenneth

Parents

0 Kenneth over 4 years ago

Hi,

I guess there are a few ways this can be done.

For instance you can start advertising with a whitelist enabled (allow scan requests, but disallow connection requests). The peripheral can then check the RSSI value of the peers executing scan requests, and if the RSSI level is very good (e.g. peer placed in very close proximity), then you can add this peer to the whitelist to allow it to connect and bond.

In addition you can also pre-configure all your devices with an hard coded OOB key or passkey, such that any peer that connect will only be able to successfully bond if they have the correct key. If they are not able to bond within a reasonable time-out (let's say 1-2 seconds), then the peripheral can disconnect the link and start advertisement again until the next peer connection (hopefully with the correct key).

Best regards,
Kenneth
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Kenneth over 4 years ago

Hi,

I guess there are a few ways this can be done.

For instance you can start advertising with a whitelist enabled (allow scan requests, but disallow connection requests). The peripheral can then check the RSSI value of the peers executing scan requests, and if the RSSI level is very good (e.g. peer placed in very close proximity), then you can add this peer to the whitelist to allow it to connect and bond.

In addition you can also pre-configure all your devices with an hard coded OOB key or passkey, such that any peer that connect will only be able to successfully bond if they have the correct key. If they are not able to bond within a reasonable time-out (let's say 1-2 seconds), then the peripheral can disconnect the link and start advertisement again until the next peer connection (hopefully with the correct key).

Best regards,
Kenneth
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 TobiasM over 4 years ago in reply to Kenneth

Hello Kenneth,

I'm currently trying to implement some of your suggestions. I've started to setup the whitelist for the advertising. However, I'm using the ble_advertising library but I didn't figure out how to setup the whitelist manually before my peer device is connected. It seems most examples on the Devzone use a older Softdevice version that provided the whitelist differently. Can you briefly explain the steps to only allow connection requests by a specific device by using his address or what example can be used as a template for the Softdevice 132?

Best regards

Tobias
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Kenneth over 4 years ago in reply to TobiasM

Check out '[nRF5 SDK root]\examples\ble_peripheral\ble_app_hids_keyboard'.

Best regards,
Kenneth
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel