• State Not Answered
  • Replies 6 replies
  • Subscribers 74 subscribers
  • Views 1177 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 253470
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

What advantage does Pairing using Legacy Pairing (BLE 4.0,4.1 devices) give me over a simple connection between 2 devices?

Manish Kaul

BLE 4.2 uses something called LESC (LE Secure Connection) for significantly enhancing the link encryption between 2 devices (using public private key pair model). But prior to that the way devices would pair with each other, what advantage would that give me over a normal connection as the data exchanged between the 2 paired devices (BLE 4.0,4.1) is easily sniffable and if the pairing method is 'Just Works' then it's even highly prone to MITM attacks. So, what good is pairing in devices using BLE v.4.0 or 4.1 ?

Parents
  • 0

    Hi,

    Legacy pairing is a “fallback” mode for devices that don’t support LESC, like WEP for wifi routers, there are no advantages comparing with LESC. Nevertheless, there may be some use cases when you may consider using legacy pairing:

    - when security is not an issue at all, and pairing is needed only to let devices know each other and to speed up connection establishment

    - there is a second level of encryption and MITM protection (e.g. TLS over BLE)

    - at development stage, because legacy connection is much easier to debug (the sniffer has no way to know LESC keys)

  • 0 in reply to Dmitry
    Dmitry said:
    there are no advantages comparing with LESC.

    I'm not at all comparing legacy pairing with LESC. My question clearly asks, advantages of legacy pairing over a simple connection ? Sharing keying information and generating STKs within each device, if I didn't do that and just started communicating data over the link between 2 'connected' devices, what difference does that make ?

    Dmitry said:
    to speed up connection establishment

    Pairing is done post connection.

    Dmitry said:
    there is a second level of encryption and MITM protection

    If my pairing method is 'Just Works' it can't protect devices from MITM attack.

    Dmitry said:
    at development stage, because legacy connection is much easier to debug

    Exactly what I said, I can sniff data when communicated between 2 connected devices and same happens while 2 devices are paired with each other. So why did I go for legacy pairing? What's the advantage?

  • 0 in reply to Manish Kaul

    When working with heterogenous devices, the advantage is that all services and characteristics are cached by master - it doesn't need to discover them every time. Also in privacy mode IRK is saved by master, so next time it can see who is connecting. In case of two custom devices, if security and privacy are not considered, I don't see any advantage.

    Manish Kaul said:
    If my pairing method is 'Just Works' it can't protect devices from MITM attack

    It's obvious. I mean second-layer auth with your own CA - in that case you can.

  • 0 in reply to Dmitry
    Dmitry said:
    Also in privacy mode IRK is saved by master

    Yes, agreed to a certain extent on this point. As what you're referring to is part of bonding rather than only pairing.

    Dmitry said:
    the advantage is that all services and characteristics are cached by master

    You mean next time master connects with the same slave (after pairing initially) it won't need to discover the serives on peripheral again? I think that could be an advantage of caching and not pairing. Can that not be achieved by simple connection, after all you know who you are connecting to.

    Dmitry said:
    if security and privacy are not considered,

    privacy I can understand but security is anyway not being addressed here.

Reply
  • 0 in reply to Dmitry
    Dmitry said:
    Also in privacy mode IRK is saved by master

    Yes, agreed to a certain extent on this point. As what you're referring to is part of bonding rather than only pairing.

    Dmitry said:
    the advantage is that all services and characteristics are cached by master

    You mean next time master connects with the same slave (after pairing initially) it won't need to discover the serives on peripheral again? I think that could be an advantage of caching and not pairing. Can that not be achieved by simple connection, after all you know who you are connecting to.

    Dmitry said:
    if security and privacy are not considered,

    privacy I can understand but security is anyway not being addressed here.

Children
Related
Terms of service