Custom authentication for MITM in LE Secure

RE: Custom authentication for MITM in LE Secure

Vidar Berg — Wed, 20 May 2020 11:27:43 GMT

I don't know how easy it would be to perform a MITM attack, but each pairing attempt leaks bits of information, so it is not a one in a million chance to guess the correct key. And as noted in the SD API documentation, "Repeated pairing attempts using the same preprogrammed passkey makes pairing vulnerable to MITM attacks." Maybe the peer manager PM_RA_PROTECTION feature could help to mitigate the risk.

RE: Custom authentication for MITM in LE Secure

Nathan O. — Wed, 20 May 2020 09:22:51 GMT

Thanks, I'll investigate this path then.

Last question : on the link you posted before, someone mention a "20 attempts hack" available to guess a static passkey. Do you confirm this ? Is there any article / documentation regarding the easyness to hack it ? I would have assumes a hacker to have 1 change in a million to guess it...

RE: Custom authentication for MITM in LE Secure

Vidar Berg — Wed, 20 May 2020 06:28:56 GMT

[quote user="nono76352"]Or maybe there is a way to get information related to the bonding and handle a database of "application level authenticated device" on the application side ?[/quote]

It is. You can use the Peer manager pm_peer_data_app_data_store() function to store app-related data for a bonded device. So this should allow you to make the authentication a one-time operation together with the bonding.

RE: Custom authentication for MITM in LE Secure

Nathan O. — Tue, 19 May 2020 13:44:41 GMT

Thanks for your answer.

From the tests I have made, it seems that anytime I set either DISPLAY or KEYBOARD capability, the smartphone shows automatically either a textbox or a code to enter on the device. I guess with the statis passkey the behavior would be the same ? I could then just tell the user (via the mobile app) to enter a specific static passkey but I don't see how it would allow me to setup the button press authentication I proposed in my question.

The objective with doing it via the pairing process was that the user would only have to do it once (on first pairing) and not on each connection. If I move the button press authentication process (steps 4 - 6) to the application layer, then I won't have a way to identify a smartphone from a previous bonded connection.

Or maybe there is a way to get information related to the bonding and handle a database of "application level authenticated device" on the application side ?

RE: Custom authentication for MITM in LE Secure

Vidar Berg — Tue, 19 May 2020 12:48:14 GMT

Hi,

You can define a static passkey to use for pairing through the options API (sd_ble_opt_set) then claim to have display capabilities in your security parameters. This should allow you to support numeric comparison or Passkey bonding (MSC). But as you said, it won't give proper MITM protection. I recommend you to take a look at the discussions around that here in this thread: https://devzone.nordicsemi.com/f/nordic-q-a/35856/questions-about-lesc-mitm-and-passkey

The other alternative you suggested of implementing a custom authentication challenge at the application level should be an option as well. However, I think it may be easier to not interfere with the pairing process (ie let it complete in step 3) but instead, make the FW app limit control access until the custom authentication is complete. Maybe consider deleting the pairing at step 7 if step 4-6 failed.

Regards,

Vidar