• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 75 subscribers
  • Views 1621 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 278832
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MITM protection implementation for BLE pairing

Kaveh.M

I have two Adafruit feather with nRF52832 on them, using one as central and the other as peripheral. 

I have created some codes based on ble_app_uart from Nordic SDK and combine peer manager with it for security.

They work fine, but when I set "#define SEC_PARAM_MITM              1" on both, they stop connecting to each other. 

How can I include MITM protection to my connection? 

Thanks

  • 0

    You need to have certain features to enable this, or use NFC Out-of-band(OOB)


    #define SEC_PARAM_IO_CAPABILITIES   BLE_GAP_IO_CAPS_NONE                /**< No I/O capabilities. */

    With IO capabilities enabled you would be able to display a code or enter a code, to enable MITM capabilities.

  • 0

    Hi

    Did you check the log on the peripheral and central side to see if there is any indication there why they won't connect?

    Have you checked that they both successfully start advertising and scanning?

    Best regards
    Torbjørn

  • 0 in reply to fhfs

    Do I need to enter a code through I/Os to be able to use MITM?  

  • 0 in reply to Kaveh.M

    I believe so, have a look at nRF5_SDK_17.0.2_d674dde\examples\ble_peripheral\ble_app_gls\main.c

    In this example MITM is enabled, and the device has the ability to display.

    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                /**< Display I/O capabilities. */

    Alternatively you could use NFC or UART OOB and also have MITM protection. Have a look at the example project nRF5_SDK_17.0.2_d674dde\examples\ble_central\experimental\ble_app_hrs_nfc_c

    The Idea with MITM protection is that it there must be some part that is not accessible to the man-in-the-middle. In BLE it is done by passing a code to the user through a display or passed from one device to another through NFC / UART.

  • 0 in reply to fhfs

    Thanks. So these seems the only options for MITM protection implementation: Display a code, NFC, and UART OOB.

    In my case I have two Adafruit Feather seating far from each other, seems to me that MITM is not implementable in this case and I should perform BLE paring as Just Works. Please confirm. 

Related
Terms of service