RE: How to configure a secure BLE link between a nRF52840 and a smartphone ?

MartinD — Tue, 27 Oct 2020 11:21:31 GMT

Hi Hung, thanks for your answer.!

Do you think I can manually encrypt the characteristic data with a pre-shared symmetric key so that the smartphone can only access to it only if it has the key ?

By the way, would it be possible to develop a customized secure communication using characteristics ?

This layer could stands over an Legacy Just Works pairing method and would permit a user to authenticate and sign data.

Maybe this link would help you to understand what I mean.

RE: How to configure a secure BLE link between a nRF52840 and a smartphone ?

Hung Bui — Tue, 27 Oct 2020 10:34:24 GMT

Hi Martin,

The only mechanism in Bluetooth spec to limit the connection from random peer device is to implement whitelist.
By having a whitelist the device only accepts the connection request from the devices in the list. To create such a list you can implement 2 modes first mode is pairing mode when your device allow pairing from all devices. After it has bonded and has the identity of the central it can switch to normal mode where it only allows connection from the devices in the list.

If such mechanism doesn't match with what you need, you can implement what you described where the central need to provide an unique ID in a period of time after connection otherwise the connection will be terminated.

In stead of using simply a password (unique ID) you can think of using a challenge-response mechanism to make it more secure. The nRF52 can send a random challenge and the central need to reply with a correct response before your device start to accept command/send data. If you receive no response or wrong response, you can terminate the connection.

You can also use NFC to transfer such challenge/response as well, this can make it extra secure.