• State Not Answered
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 302 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 256423
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Changing bonding requirements

sjerlhagen

We would like our device to accept "just works" bonding for the first 2 minutes after power up in order to provide simplicity, but require mitm with oob after this to provide better security since the device is on for extended periods. We have no button and no display but plan to print some oob data on the case. An attacker does not have access to the device so he can't read it.

It seems the pm_sec_params_set function only enables mitm and oob, it doesn't require it. The mechanism to require mitm pairing is to set the read_access and write_access fields for the attributes to SEC_MITM when calling characteristic_add.

How can this be done ?

Parents
  • 0

    Hi,

    As you say the attribute security dictates whether or not the peer can interact with these. The problem in this case is that if you have a bond that was established using just works it would not be good enough if you increase the security requirements (must be done by re initializing the attributes...) It is possible to check the security parameters in the application by setting the attribute parameters to require read and write authorization from the application. This could be combined with changing the attributes and checking if the security level is sufficient at the time of bonding (pm_sec_is_sufficient) part of pm_handler_disconnect_on_insufficient_sec.

Reply
  • 0

    Hi,

    As you say the attribute security dictates whether or not the peer can interact with these. The problem in this case is that if you have a bond that was established using just works it would not be good enough if you increase the security requirements (must be done by re initializing the attributes...) It is possible to check the security parameters in the application by setting the attribute parameters to require read and write authorization from the application. This could be combined with changing the attributes and checking if the security level is sufficient at the time of bonding (pm_sec_is_sufficient) part of pm_handler_disconnect_on_insufficient_sec.

Children
No Data
Related
Terms of service