• State Verified Answer
  • Replies 2 replies
  • Subscribers 87 subscribers
  • Views 1980 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 258700
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to configure a secure BLE link between a nRF52840 and a smartphone ?

MartinD

Hi !

I need to develop a BLE communication link between a smartphone (Android first, iOS after) and the BL654 Laird platform (based on nRF52840).

I found multiples strategies on this forum but I don't know which one is the best for my project.

Here is what I want from my app :

- the user pairs the smartphone to the nRF52840

- once the communication is encrypted, the smartphone sends a unique ID so that the nRF52840 can authentificate the user. If the ID is not recognized or if a random usersimply tries to pair his phone with the nRF52840 without sending an ID, the connection is ended. If the ID is recognized, the smartphone and the nRF52 can bond their connection.

How do you think I can do this correctly ? Do I just need to configure the Peer manager or do I need I to develop a customized secure communication ?

FYI :

- The nRF52840 is directly connected to a display that can be used for the pairing process but for now, there are no librairies to communicate with this I/O.

- There is a NFC antenna on my board which also can be used for the pairing process

My setup :

- nRF52840, SDK 15.0.0

Thank you for your help !

Parents
  • +1

    Hi Martin, 

    The only mechanism in Bluetooth spec to limit the connection from random peer device is to implement whitelist. 
    By having a whitelist the device only accepts the connection request from the devices in the list. To create such a list you can implement 2 modes first mode is pairing mode when your device allow pairing from all devices. After it has bonded and has the identity of the central it can switch to normal mode where it only allows connection from the devices in the list. 

    If such mechanism doesn't match with what you need, you can implement what you described where the central need to provide an unique ID in a period of time after connection otherwise the connection will be terminated. 

    In stead of using simply a password (unique ID) you can think of using a challenge-response mechanism to make it more secure. The nRF52 can send a random challenge and the central need to reply with a correct response before your device start to accept command/send data. If you receive no response or wrong response, you can terminate the connection. 

    You can also use NFC to transfer such challenge/response as well, this can make it extra secure. 

Reply
  • +1

    Hi Martin, 

    The only mechanism in Bluetooth spec to limit the connection from random peer device is to implement whitelist. 
    By having a whitelist the device only accepts the connection request from the devices in the list. To create such a list you can implement 2 modes first mode is pairing mode when your device allow pairing from all devices. After it has bonded and has the identity of the central it can switch to normal mode where it only allows connection from the devices in the list. 

    If such mechanism doesn't match with what you need, you can implement what you described where the central need to provide an unique ID in a period of time after connection otherwise the connection will be terminated. 

    In stead of using simply a password (unique ID) you can think of using a challenge-response mechanism to make it more secure. The nRF52 can send a random challenge and the central need to reply with a correct response before your device start to accept command/send data. If you receive no response or wrong response, you can terminate the connection. 

    You can also use NFC to transfer such challenge/response as well, this can make it extra secure. 

Children
  • 0 in reply to Hung Bui

    Hi Hung, thanks for your answer.!

    Do you think I can manually encrypt the characteristic data with a pre-shared symmetric key so that the smartphone can only access to it only if it has the key ?

    By the way, would it be possible to develop a customized secure communication using characteristics ?

    This layer could stands over an Legacy Just Works pairing method and would permit a user to authenticate and sign data.

    Maybe this link would help you to understand what I mean.

Related
Terms of service