This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Enable Encryption

Hi,
I am working on a project to send commands from mobile to device and vice versa.
I am using nRF5_SDK_17.0.0_9d13099\examples\ble_peripheral\ble_app_template.
I have made a custom service and characteristics and made secured like this.

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cus_init.custom_value_char_attr_md.read_perm);
    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cus_init.custom_value_char_attr_md.write_perm);

Now is there is built-in enabled encryption or I have to enable? If I have to enable can you please guide how can I do that?
My main purpose is to secure my firmware.
Thanks!

Parents

0 awneil over 4 years ago

Muqarrab said:
My main purpose is to secure my firmware

"securing" firmware is usually a different topic from encrypting your data communications

Could you clarify what you mean by that?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 awneil over 4 years ago

Muqarrab said:
My main purpose is to secure my firmware

"securing" firmware is usually a different topic from encrypting your data communications

Could you clarify what you mean by that?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Muqarrab over 4 years ago in reply to awneil

Yes, I want both.
1- Secure Firmware
2-encrypt data communications
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Hung Bui over 4 years ago in reply to Muqarrab

Hi Muqarrab,

Please describe what exactly you meant by "Secure firmware" or "Secure my firmware". What kind of protection you want to your firmware ?
Regarding encrypting data communication, the ble_app_template uses peer manager library so most of the security procedures are handled by the library.
When you configure the characteristic with BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(), the central/client will receive a Insufficient Authorization when it tries to read/write to the characteristic. After that the default behavior is that the central will initiate the pairing/bonding process. And the link will be encrypted after that.
You don't need to trigger pairing from the server/peripheral side.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Muqarrab over 4 years ago in reply to Hung Bui

Thanks, Hung Bui

I am asking about the "Arm CryptoCell CC310 cryptographic security module" in the nRF52840 document. What is this? Can you please explain what is this and how can I achieve this?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Hung Bui over 4 years ago in reply to Muqarrab

You can read more about the cryptocell cc310 here: https://infocenter.nordicsemi.com/topic/ps_nrf52840/cryptocell.html?cp=4_0_0_5_5

But it's basically a hardware cryptography peripheral that can be utilized to encrypt your data, it can be faster and more efficient compare to using software cryptography library.
It wouldn't help you to encrypt the actual firmware of your application.

To protect your firmware you can use the APPROTECT to block the debug/programmer access, and use the ACL if you want to block access internally from different parts of the flash memory.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel