BLE encryption

Hi,

If you just want to encrypt the data transmitted over BLE without any very specific needs, then I suggest you stick with standard BLE security. If you use pairing or bonding, the BLE link is encrypted with 128 bit AES-CCM. The nRF5 devices have HW support for this, and the SDK has a number of examples that use pairing or bonding (most BLE examples do).

You should be aware that there are two fundamentally different pairing procedures. LE legacy pairing, which has the weakness that an attacker that listens in on the pairing procedure can obtain the key. However, LE Secure Connections, which is also supported by the SDK, use a Diffie–Hellman key exchange to securely generate a shared key. You may also want to look into MITM protection, if relevant.

This site has a good introduction to BLE security.

Hi,

Thank you for you reply.

I found in the some examples a peer_manager_init() function.

is that the function that responsible for the pairing ?

if it's implemented in both sides there is no need to handle the BLE_GAP_EVT_SEC_PARAMS_REQUEST event in the ble_evt_handler. is that right ?

In some examples that doesnot have the peer_manager_init function implements the handle the BLE_GAP_EVT_SEC_PARAMS_REQUEST, but in other example that implements the peer_manager_init there is no handling for BLE_GAP_EVT_SEC_PARAMS_REQUEST.

I am not sure that I am understanding what should be.

I just want to perform secure pairing between my peripheral device and the central device so  the data can be encrypted.

please help

BR

JK

Hi,

The peer manager handles the BLE_GAP_EVT_SEC_PARAMS_REQUEST and all other pairing related events. So generally example where you see this event handled do not use bonding. In fact, if you see an SDK example that does not initialize the peer manger (no call to pm_init()), it does not support pairing or bonding, and thus does not encrypt the link.

Just to pick an example you can, for instance, refer to the Heart Rate Application (<SDK>\examples\ble_peripheral\ble_app_hrs\main.c) to see how this is done. I also recommend you read up on the peer manager documentation, and you should look into pairing in Bluetooth context in general, as this is a core concept of Bluetooth, and it is important to understand the basics.

Hi,

I added the relevant code from the HRS example o my peripheral and central projects.

but the NUS service isn't working any more.

Hi,

I see. Please elaborate on what you have done and in what way it is not working.

Hi,

I see. Please elaborate on what you have done and in what way it is not working.

Hi,

Thank you for your help.

after I added all the relevant c files and h files to the project for the ble pairing

what I should change in the SDK file ?

I started from the usb_ble_example.

BR

JK

Hi,

to let the ble_zpp_multilink_central example work with the same pairing from hrs example,

what I need o modify regarding the NRF_SDH_BLE_CENTRAL_LINK_COUNT?

Hi JK,

There are a lot of things you need to add in order to add support for pairing. I suggest you refer to an example that uses pairing (for instance ble_app_hrs just to take a random example). Then find any peer manager related code (search for function calls starting with pm_), and add that to your main.c file. You will also need peer manager and related configurations in sdk_config.h. You will certainly miss some steps, but then building and testing should show what you miss by compiler errors and warnings.  I think this approach is most appropriate. If you want a step-by-step guide instead of referring to an example, you can refer to the Usage section of the peer manager documentation.

Einar

Hi JK,

I do not see how NRF_SDH_BLE_CENTRAL_LINK_COUNT is related to pairing. Please refer to my previous answer for how to add support for pairing.

Einar