• State Not Answered
  • Replies 5 replies
  • Subscribers 73 subscribers
  • Views 2167 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 106570
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Device Security

Ash

We have a BLE peripheral that has a button interface and nothing else. We would like to add some security so only certain smartphones can send/receive commands from it. An example use case is when a user gets this device, they can pair with it. We would also like it so that this user's husband/wife can also control this device. However, we would NOT want it so that the user's neighbor can connect to this device and control it.

What would be a good way to implement this? I know we can use bonding to do this but I'm not sure how to restrict the neighbor from bonding and would we need a separate key for the husband/wife if we use a Long Term Key.

Parents
  • 0

    @Ash: You can use whitelist to block other central devices that not in the list to connect to your device. You can have an option to enter non-whitelist mode to allow the husband/wife phone to connect and bond and be added to the whitelist.

    Note that attacker can always clone an address to pass through the whitelisting (but won't be able to re-bond to the device because he doesn't have the LongTermKey)

    Secondly, pairing procedure without out of band (OOB) key should be done in a protected environment that can avoid eavesdropping.

  • 0 in reply to Hung Bui

    @Ash: Of course it's possible. What needed for the device to set up whitelist mode is to have the central device's address if it's public or static address or the IRK if it's random resolvable address.

    Note that "whitelist mode" is only available when advertising.

Reply Children
No Data
Related
Terms of service