This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to verify that BLE comms are encrypted using 128bit AES (Mode 1, Security Level 2)

My device is a medical device, we are now beginning verification. One of the items on the spec requires verification that 128bit AES is used during post-bond comms with the device. The device uses 'Just Works' legacy pairing, Mode 1, with Security level 2. I am aware that this is using 128Bit AES-CMAC, but am wishing to know if, from the outside anyone has an idea how this could be verified?

My only thought is doing this via the Nordic Sniffer app with wireshark, but this is pretty long winded!

Karen

Parents

0 Einar Thorsrud over 4 years ago

Hi Karen,

The way this is implemented in the SoftDevice and nRF5 HW there are only two possibilities. Either the BLE packets are clear text or they are encrypted with 128 bit AES-CCM. You can use a sniffer, as you write. Or you could use a tool such as nRF Connect BLE (provided that you trust the information it gives you).

Einar
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Einar Thorsrud over 4 years ago

Hi Karen,

The way this is implemented in the SoftDevice and nRF5 HW there are only two possibilities. Either the BLE packets are clear text or they are encrypted with 128 bit AES-CCM. You can use a sniffer, as you write. Or you could use a tool such as nRF Connect BLE (provided that you trust the information it gives you).

Einar
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data