• State Verified Answer
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 2621 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 107890
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Product Security

WestCoastDaz

I am hoping someone can point me in the correct direction as I have posted my question on the SIG forum and didn't receive any responses.

With a nRF51422 device is there a way to restrict a smart phone or tablet from connecting to a peripheral.

For example if a customer purchases a group of our products is their way to restrict them to be able to connect and interact with their group but no other products? The catch is the customer may have multiple people interacting the their devices each with their own central.

Can this use case be accomplished within the Bluetooth standard or does it need to be handled off line through a registration process?

Thanks.

Parents
  • 0

    Hi Darren,

    If your questions is "Could I prevent device attempting connect to BLE peripheral?" then answer is "No". You can advertise that your device is not connectable and that your device is supporting certain Service UUID which should not be recognized by nothing else then your device, but if some central device (app) wants to override this and try to connect, you will obviously never prevent that.

    However if your device accepts the connection that's different story. You can start from filtering of MAC address (which can be obviously cloned/spoofed easily) through security mechanisms offered by BLE (bonding + setting up shared key and securing the link) up to whatever strong security scheme on application layer.

    Cheers Jan

Reply
  • 0

    Hi Darren,

    If your questions is "Could I prevent device attempting connect to BLE peripheral?" then answer is "No". You can advertise that your device is not connectable and that your device is supporting certain Service UUID which should not be recognized by nothing else then your device, but if some central device (app) wants to override this and try to connect, you will obviously never prevent that.

    However if your device accepts the connection that's different story. You can start from filtering of MAC address (which can be obviously cloned/spoofed easily) through security mechanisms offered by BLE (bonding + setting up shared key and securing the link) up to whatever strong security scheme on application layer.

    Cheers Jan

Children
  • 0 in reply to endnode

    Jan,

    Thank you for taking the time to answer so quickly. So to be clear if I have a group of centrals and a group of peripherals and I want to allow only these groups to interact together the Bluetooth spec doesn't cover this correct?

  • 0 in reply to endnode

    Hi Darren,

    There is no complete solution or mode (e.g. on GAP layer) how to "isolate" group of devices as you suggest. But BT SIG 4.x specifications are giving all tools to achieve that - either by using "Security Manager" layer from BT LE stack (e.g. together with "Resolvable Private MAC Address" mechanism defined on GAP layer) or by completely offloading this to application layer (but then you obviously loose all from standard GAP services and you need to do all over the proprietary service(s)).

    Being here on Nordic's forum worth mentioning that nRF51 allows you to implement both ways with any of their BLE stacks (tested). If you want to learn more about Security Manager it might be enough to say that it's similar to BT EDR SSP protocol which is explained here.

    Cheers Jan

Related
Terms of service