This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Using ECJ-PAKE For To Secure Bluetooth

I have an product that has no IO capabilities but requires MITM protection, authenticated pairing and an encrypted link. My understanding is the security defined in the Bluetooth specification can not provide the required protection.

Reviewing this post https://devzone.nordicsemi.com/f/nordic-q-a/49488/password-instead-of-pin-code/197208#197208 it seems like PAKE is valid solution to meet my requirements. More speicifcly the ECJ-PAKE algorithm used in commissioning thread devices seems like it will meet all the requirements.

I understand this is not a Bluetooth approved security method but I'm curious if I can include parts of the MbedTLS library in a Bluetooth project? How long does it take to execute ECJ-PAKE on a nRF52840?

Has anyone tried to implement PAKE for Bluetooth?

Thanks,

0 Kenneth over 4 years ago

Don't have any experience with PAKE, but there may be a second option, for instance can it be possible to place a sticker on the product with a pre-defined passkey? Then only those that can read the passkey in a manual or on the sticker will be able to bond, it give the same level of security. This old case show how it can be done, don't think there is any api changes on this option:

https://devzone.nordicsemi.com/f/nordic-q-a/10268/how-to-set-a-static-passkey
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel