State Not Answered
Replies 5 replies
Subscribers 73 subscribers
Views 961 views
Users 0 members are here

Attachments (0)

Nordic Case Info

Case ID: 249570

Options

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

LSC Security Benefits with Static Passkey

moon.kim over 5 years ago

Hi.

I try to implement LESC using nRF52810.

But I use a Static passkey because my device doesn't have a keyboard or display.

One question is, is LESC more secure than Legacy when using a Static passkey?

I understand that using a Static passkey is not safe from MITM attacks. Is LESC safe from MITM attacks when using Static Passkey?

I've been pondering for days and couldn't come to a conclusion.

Top Replies

Simonr over 5 years ago +1

Hi LESC is generally more secure than Legacy mode, so I would suggest using LESC over Legacy either way. Keep in mind that LESC was introduced in BLE v.4.2, and will not work if both devices don't support…

Parents

0 Simonr over 5 years ago

Hi

1. The ECDH method uses a numeric comparison algorithm for key generation, and a new pairing procedure for the key exchange. It is an enhanced security feature that's implemented in our BLE LESC module. This key will not be static though, so it will not be able to use like you describe.

2. You're correct. As stated in the reply you linked to, a static password won't be very secure (and is not designed to be used with the LESC model), but it will not be instantly accessible from a MITM attack, but it will be after repeated attempts.

Compared to the Legacy module, LESC is just more secure and if the choice is between those two, I recommend that you go for LESC (with ECDH) either way.

Best regards,

Simon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 moon.kim over 5 years ago in reply to Simonr

Hi

I understood that using ECDH is safer.

But as I said earlier, I have to use Static passkey. I programmed using Legacy and Static passkey.

If using static passkey in LESC is still not completely safe from MITM attack, do I need to change from Legacy to LESC ??

And is there any way to be safe from MITM attack when using static passkey ???
Is Legacy exposed to static passkey in 20 attacks like LESC?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 moon.kim over 5 years ago in reply to Simonr

Hi

I understood that using ECDH is safer.

But as I said earlier, I have to use Static passkey. I programmed using Legacy and Static passkey.

If using static passkey in LESC is still not completely safe from MITM attack, do I need to change from Legacy to LESC ??

And is there any way to be safe from MITM attack when using static passkey ???
Is Legacy exposed to static passkey in 20 attacks like LESC?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data

Related