This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

gzll keycode (optional host id validation stage)

To the kind attention of Nordic support team,

I'm interested in implementing some sort of validation stage using a keycode, as you mention in:

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fsdk_nrf5_v16.0.0%2Fgzp_02_user_guide.html&cp=7_5_0_5_4_3&anchor=key_ex_stages

Is there something you can share so to better understand how this can be achieved the best way?

Some implementation that you know about and could be as a starting point?

Any relevant documentation/idea about this subject, please?

Thank you very much for your attention and your help

Best regards

Top Replies

ovrebekk over 5 years ago in reply to astella +1 verified

Hi Stella You can definitely change the encryption scheme on top of Gazell to use a more sophisticated security scheme, such as ECDH. Assuming you are using nRF52 devices on both sides this should not…

Parents

0 ovrebekk over 5 years ago

Hi Stella

We don't have any examples showing how to use the authentication feature in GZP unfortunately.

In general, if security is important to you I would greatly recommend using BLE instead of Gazell/GZP.

The GZP pairing and encryption library is quite outdated at this point, and is not very secure. For instance the system is based on a pre-programmed secret key which is shared between all the systems, so if a hacker manages to break one device and find this key they will get access to all the devices.

Best regards
Torbjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 ovrebekk over 5 years ago

Hi Stella

We don't have any examples showing how to use the authentication feature in GZP unfortunately.

In general, if security is important to you I would greatly recommend using BLE instead of Gazell/GZP.

The GZP pairing and encryption library is quite outdated at this point, and is not very secure. For instance the system is based on a pre-programmed secret key which is shared between all the systems, so if a hacker manages to break one device and find this key they will get access to all the devices.

Best regards
Torbjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 astella over 5 years ago in reply to ovrebekk

Hi ovrebekk thank you very much for your reply, it is very interesting. We have got the requirement to both use BLE and gzll protocol. We are thinking, related to what you said, to modify the open code of gzp, so to implement an ECDH key-exchange first (maybe over gzp pipe0), for replacing the pre-programmed secret key. Is it feasible in your opinion? In theory we want to replicate over the air what you have in your sdk crypto folder, and then get a brand new key to use in place of the pre-programmed one. Based on your experience does it seem feasible to you? And you see any problem in this approach? Thank you very much
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 ovrebekk over 5 years ago in reply to astella

Hi Stella

You can definitely change the encryption scheme on top of Gazell to use a more sophisticated security scheme, such as ECDH. Assuming you are using nRF52 devices on both sides this should not be a problem.

The only 'problem' I would point out is that you need to implement this yourself, so it will add a significant amount of software development and testing that you need to go through.

Best regards
Torbjørn
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 astella over 5 years ago in reply to ovrebekk

thank you for your kindness
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ovrebekk over 5 years ago in reply to ovrebekk

I am happy to help Stella. The best of luck with your project
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel