• State Verified Answer
  • Replies 8 replies
  • Subscribers 73 subscribers
  • Views 5434 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 107963
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

LE Secure Connections (ECDH) on S130

Dominik

Is the ECDH encrypted key exchange supported on the new S130? If not, when can we expect it to be available?

I am surprised this is not given a higher priority, since now the only safe solution is to use OOB, which requires additional hardware. The other two solutions, where the key exchange over the air is unencrypted, is essentially useless. See here and video here.

Parents
  • 0

    Hi Dominik,

    I back your question because having this is important for "BLE only" devices to have complete security from the point zero. However I'd like to clarify your claim (supported by the reference to the Blackhat talk) that all 3 security modes (JustWorks, 6-digit Passkey and Out Of Band) are vulnerable to the passive (or even active) attack. My understanding is that in OOB you exchange raw 128-bit AES Long Term Key by other way then over the air and thus you are completely safe. Sure this is applicable only for specific devices/infrastructures (most probably minority) but still it's usable if you want this level of security. Could you point me to any reference for attack against OOB mode?

    Thanks for clarification Jan

Reply
  • 0

    Hi Dominik,

    I back your question because having this is important for "BLE only" devices to have complete security from the point zero. However I'd like to clarify your claim (supported by the reference to the Blackhat talk) that all 3 security modes (JustWorks, 6-digit Passkey and Out Of Band) are vulnerable to the passive (or even active) attack. My understanding is that in OOB you exchange raw 128-bit AES Long Term Key by other way then over the air and thus you are completely safe. Sure this is applicable only for specific devices/infrastructures (most probably minority) but still it's usable if you want this level of security. Could you point me to any reference for attack against OOB mode?

    Thanks for clarification Jan

Children
No Data
Related
Terms of service