• State Verified Answer
  • Replies 6 replies
  • Subscribers 76 subscribers
  • Views 1477 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 261067
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

INVALID PARAMS when migrating to security mode 1 level 4

Bloq

I am attempting to migrate my BLE project to a higher security level with bonding.  Was mode 1 level 2 and am upgrading to mode 1 level 4.  When I change the configuration to the following:

#define SEC_PARAM_BOND                  1                                       /**< Perform bonding. */
#define SEC_PARAM_MITM                  0                                       /**< Man In The Middle protection not required. */
#define SEC_PARAM_LESC                  1                                       /**< LE Secure Connections not enabled. */
#define SEC_PARAM_KEYPRESS              0                                       /**< Keypress notifications not enabled. */
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_NONE                    /**< No I/O capabilities. */
#define SEC_PARAM_OOB                   0                                       /**< Out Of Band data not available. */
#define SEC_PARAM_MIN_KEY_SIZE          7                                       /**< Minimum encryption key size. */
#define SEC_PARAM_MAX_KEY_SIZE          16                                      /**< Maximum encryption key size. */

I get [NRF ERROR INVALID PARAM] errors when adding my second service and even when trying to sd_ble_gap_device_name_set.  I'm not sure where I should be looking for the problem and how to find out what which parameter is invalid.

I'm very new to this so any help would be great.  Thanks

Parents Reply Children
  • 0 in reply to Amanda Hsieh

    Thank you both for the helpful responses.  I have proceeded with two implementations.  They are as follows, both WITH BONDING:

    1:  LESC With MITM Using Numeric Comparison (mode 1 level 4) : The only adjustment that I made was automatically accepting the numeric comparison on the peripheral side because of a lack of buttons or display.  I know this is sort of cheating but we are still accepting the pairing on the IOS side.  So only half cheating.  How does this effect the level of security and allow for MITM attacks?  Is this any safer than implementation 2?

    2: LESC with JUST WORKS (mode 1 level 2) : This is basically what we will use if your answers to my questions above are level 2 security.

    Lastly, with bonding, MITM attacks can only occur if the attacker is present during pairing.  How would this attack work if we use implementation 1 with the half numeric comparison authentication.

    Thanks in advanced,

    Bloq

  • +1 in reply to Bloq

    Hi Bloq, 

    Good question. It is certainly not how it should be used. I do not see how this would be better than just works. If only the iOS has input or output device, then this does not give you any benefit. There is no way to know if you have connected to the device you intend to or an attacker.

    So this just gives an illusion of security, but that is all. It is better to use just works then in my opinion.

    -Amanda H.

Related
Terms of service