• State Verified Answer
  • Replies 5 replies
  • Subscribers 76 subscribers
  • Views 1069 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 257405
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to improve the security of BLE data in our specific use case

bojan

Hello, guys!

We are in an evaluation phase of our future product. Our plan is to use nRF52840-based module and the latest SDK 17.0.2 or FreeRTOS or Zephyr RTOS (will be decided later).

Here is a short description of the use-case:

The device containing nRF52840 SoC should act as both central and peripheral (dual role).

Peripheral role:

As a peripheral, the nRF52840 will advertise itself (its name + UUIDs of services). Central devices will be smartphones (Android/iOS).

Once a smartphone discovers nRF52840 peripheral, it should have the possibility to safely transfer some data containing its unique ID on the pressure of a Button on the phone screen. There will be no pairing and bonding between nRF52840 and smartphones. 

 - What would be the ways to protect that kind of data transfer from spoofing attacks? To disable sniffing unique ID and reproducing it from the faulty device.

 - Is it some kind of dynamic data encryption on the application level the only thing that remains?

I am aware that nRF52840 contains Cryptocell, AES CCM,  ECB blocks.

 -  Can we benefit from them for doing data encryption/decryption?  

What we would need on the phone side for the reverse operation decryption/encryption?

Thanks in advance for your time and efforts!

Sincerely,

Bojan.

Parents
  • 0

    I am not expert here but as far as I understand you must perform pairing/bonding between the devices. This will enable the central and peripheral devices to establish shared secret keys. With this shared secret both will be able to securely perform communications ( The shared  secret keys are necessary for encryption and decryption). Without pairing a peripheral is as good as a beacon device, wherein any interceptor can read it.

  • 0 in reply to Himanshu

    Hey, ,

    Thanks for your feedback! Our data exchange process should execute in an instant (as fast as possible after the button is pressed).

    We can not benefit from the security BLE is enabling after pairing and bonding. Moreover, that kind of security seems not to be enough nowadays (link, link).

    It seems that we need to encrypt our data on the application level. I wonder if we can benefit from that encryption hardware built into nRF52840.

    Cheers,

    Bojan.

Reply
  • 0 in reply to Himanshu

    Hey, ,

    Thanks for your feedback! Our data exchange process should execute in an instant (as fast as possible after the button is pressed).

    We can not benefit from the security BLE is enabling after pairing and bonding. Moreover, that kind of security seems not to be enough nowadays (link, link).

    It seems that we need to encrypt our data on the application level. I wonder if we can benefit from that encryption hardware built into nRF52840.

    Cheers,

    Bojan.

Children
No Data
Related
Terms of service