• State Not Answered
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 441 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 256006
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Custom Application Level Encryption Examples

WestCoastDaz

Does Nordic have an examples for implementing symmetric encryption at the BLE application level?  I'm trying to understand how best to start because the Bluetooth LE security isn't an option for us since our device doesn't have a keyboard or screen and we require an encrypted link.

Thanks,

Parents
  • 0

    Hi Darren

    I made a simple example a way back showing how to do simple AES encryption over a proprietary link, but I would strongly discourage going this route. 

    You don't need a keyboard or screen to do encryption with BLE, it just means you won't be able to authenticate the pairing procedure (leaving you vulnerable to man in the middle attacks).

    Once the pairing is done you will be encrypted, and no longer vulnerable (unless someone can force your device to pair again), 

    If you can somehow provide some out of band data on each side you can still authenticate without a keyboard and screen available, but you need some way to provide this data securely to both devices. 

    Pairing with BLE is quite flexible, and I don't really see what you would gain by doing this yourself, other than add a lot of work to design and test your own algorithms, as well as added memory and CPU requirements because you are unable to leverage the stack encryption (the encryption hardware in the nRF52 series is designed with the Bluetooth stack in mind after all).  

    Best regards
    Torbjørn

Reply
  • 0

    Hi Darren

    I made a simple example a way back showing how to do simple AES encryption over a proprietary link, but I would strongly discourage going this route. 

    You don't need a keyboard or screen to do encryption with BLE, it just means you won't be able to authenticate the pairing procedure (leaving you vulnerable to man in the middle attacks).

    Once the pairing is done you will be encrypted, and no longer vulnerable (unless someone can force your device to pair again), 

    If you can somehow provide some out of band data on each side you can still authenticate without a keyboard and screen available, but you need some way to provide this data securely to both devices. 

    Pairing with BLE is quite flexible, and I don't really see what you would gain by doing this yourself, other than add a lot of work to design and test your own algorithms, as well as added memory and CPU requirements because you are unable to leverage the stack encryption (the encryption hardware in the nRF52 series is designed with the Bluetooth stack in mind after all).  

    Best regards
    Torbjørn

Children
No Data
Related
Terms of service