LESC-MITM without bonding

Question

Hello, 
 In my current project designed around nRF52840 incorporating many peripherals (limited power budget) and many central devices. Each peripheral can connect to any central device, one at a time, while each central device can have up to 5 concurrent peripherals connected. The data exchange is carried out via NUS. 
 
 At the moment I have implemented LESC with MITM. However, is there any way to not rely on peer_manager and disable bonding? I really do not care which central is connected to which peripheral so long as the data is transferred as short a time as possible. 
 
 Thanks in advance. 
 Best, 
 Habib

Einar Thorsrud · Accepted Answer

Hello Habib, 
 is there any way to not rely on peer_manager and disable bonding? 
 There is no problem pairing with LESC and MITM without bonding. You can refer to the Glucose Application for an example using LESC and MITM, and make these small changes to remove support for bonding:

Fullscreen 
 main.c.diff 
 Download 
 
 diff --git a/examples/ble_peripheral/ble_app_gls/main.c b/examples/ble_peripheral/ble_app_gls/main.c
index 6c7f68e..c27364e 100644
--- a/examples/ble_peripheral/ble_app_gls/main.c
+++ b/examples/ble_peripheral/ble_app_gls/main.c
@@ -112,7 +112,7 @@
 
 #define LESC_DEBUG_MODE 0 /**< Set to 1 to use LESC debug keys, allows you to use a sniffer to inspect traffic. */
 
-#define SEC_PARAM_BOND 1 /**< Perform bonding. */
+#define SEC_PARAM_BOND 0 /**< Perform bonding. */
 #define SEC_PARAM_MITM 1 /**< Man In The Middle protection required (applicable when display module is detected). */
 #define SEC_PARAM_LESC 1 /**< LE Secure Connections enabled. */
 #define SEC_PARAM_KEYPRESS 0 /**< Keypress notifications not enabled. */
@@ -794,10 +794,10 @@ static void peer_manager_init(void)
 sec_param.oob = SEC_PARAM_OOB;
 sec_param.min_key_size = SEC_PARAM_MIN_KEY_SIZE;
 sec_param.max_key_size = SEC_PARAM_MAX_KEY_SIZE;
- sec_param.kdist_own.enc = 1;
- sec_param.kdist_own.id = 1;
- sec_param.kdist_peer.enc = 1;
- sec_param.kdist_peer.id = 1;
+ sec_param.kdist_own.enc = 0;
+ sec_param.kdist_own.id = 0;
+ sec_param.kdist_peer.enc = 0;
+ sec_param.kdist_peer.id = 0;
 
 err_code = pm_sec_params_set(&sec_param);
 APP_ERROR_CHECK(err_code);

This still uses the peer manager for handling the pairing, but bonding is not performed (meaning that no bonding information is stored in flash, and so the pairing is only used for the current connection). 
 It is of course possible to handle the pairing yourself using only SoftDevice APIs, but that would mean that you would have to implement much of the peer manager functionality yourself, and I do not see any benefits of this approach if you want to support pairing (encrypting the link). 
 I really do not care which central is connected to which peripheral so long as the data is transferred as short a time as possible. 
 It is a bit odd to not care about which central you are connected to but still wanting LESC and MITM (a securely encrypted and authenticated link). Do you need that at all? If not, then you could skip it altogether. 
 Einar

LESC-MITM without bonding

Top Replies