• State Not Answered
  • Replies 5 replies
  • Subscribers 74 subscribers
  • Views 3694 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 265395
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE Secure connection with LE Secure Connection

Hamza_HK

Hi, 

I am working on implementing the security aspect of our BLE application using nRF52832 MCU with SDK 17. 

The goal is to establish a secure connection between peripheral and phone, on the phone side I'm using nrf connect. I have looked into different implementations regarding the secure connection establishment on BLE and come to conclusion that LE Secure Connection is most suitable for our application. 

The peer manager settings are as follows: 

// Security parameters to be used for all security procedures.
    sec_param.bond           = SEC_PARAM_BOND; //True
    sec_param.mitm           = SEC_PARAM_MITM; //True 
    sec_param.lesc           = SEC_PARAM_LESC; //True 
    sec_param.keypress       = SEC_PARAM_KEYPRESS; //False
    sec_param.io_caps        = BLE_GAP_IO_CAPS_DISPLAY_ONLY; 
    sec_param.oob            = SEC_PARAM_OOB; //False
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE; //7
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE; //16
    sec_param.kdist_own.enc  = 1;
    sec_param.kdist_own.id   = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id  = 1;


We are using static passkey that is expected from the phone input. During idle state in the main code we access the nrf_ble_lesc_request_handler().

The implementation chosen is based on this following connection establishment process from infocenter
/resized-image/__size/320x240/__key/communityserver-discussions-components-files/4/Screen-Shot-2021_2D00_02_2D00_26-at-2.15.03-PM.png

Currently our application works such that we are able to enter the passkey on the phone. But I am not sure what happens afterwards. Are the authentication steps listed in LESC Pairing all happening accordingly? 

Our goal is to establish secure connection through e.g. ECDH, where we have a shared secret which the devices calculate and get the symmetric key. Which keys are used by default and where can we access them?

nrf_ble_lesc.c file has the following: 

__ALIGN(4) static ble_gap_lesc_p256_pk_t m_lesc_public_key;                             /**< LESC ECC Public Key. */
__ALIGN(4) static ble_gap_lesc_dhkey_t   m_lesc_dh_key;                                 /**< LESC ECC DH Key. */
....
....
uint8_t  * p_shared_secret    = m_lesc_dh_key.key;

Where is m_lesc_dh_key.key value set? 

Thank you for all the help! 

Best regards,
Hamza

Parents Reply
  • 0 in reply to Simonr

    Hi Simon! 

    By default, the keys generated in nrf_ble_lesc_keypair_generate, are those random keys? How is that possible if both devices has to have the same shared secret to compute correct LTK? 

    We want to simply have a pre-shared key on the our devices such that the phone application has to have the correct key (shared secret) for it to acquire the symmetric key, based on ECDH protocol.

    Regards,
    Hamza

Children
No Data
Related
Terms of service