• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 75 subscribers
  • Views 1627 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 278832
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MITM protection implementation for BLE pairing

Kaveh.M

I have two Adafruit feather with nRF52832 on them, using one as central and the other as peripheral. 

I have created some codes based on ble_app_uart from Nordic SDK and combine peer manager with it for security.

They work fine, but when I set "#define SEC_PARAM_MITM              1" on both, they stop connecting to each other. 

How can I include MITM protection to my connection? 

Thanks

Parents
  • 0

    You need to have certain features to enable this, or use NFC Out-of-band(OOB)


    #define SEC_PARAM_IO_CAPABILITIES   BLE_GAP_IO_CAPS_NONE                /**< No I/O capabilities. */

    With IO capabilities enabled you would be able to display a code or enter a code, to enable MITM capabilities.

  • 0 in reply to fhfs

    Do I need to enter a code through I/Os to be able to use MITM?  

  • 0 in reply to Kaveh.M

    I believe so, have a look at nRF5_SDK_17.0.2_d674dde\examples\ble_peripheral\ble_app_gls\main.c

    In this example MITM is enabled, and the device has the ability to display.

    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                /**< Display I/O capabilities. */

    Alternatively you could use NFC or UART OOB and also have MITM protection. Have a look at the example project nRF5_SDK_17.0.2_d674dde\examples\ble_central\experimental\ble_app_hrs_nfc_c

    The Idea with MITM protection is that it there must be some part that is not accessible to the man-in-the-middle. In BLE it is done by passing a code to the user through a display or passed from one device to another through NFC / UART.

Reply
  • 0 in reply to Kaveh.M

    I believe so, have a look at nRF5_SDK_17.0.2_d674dde\examples\ble_peripheral\ble_app_gls\main.c

    In this example MITM is enabled, and the device has the ability to display.

    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                /**< Display I/O capabilities. */

    Alternatively you could use NFC or UART OOB and also have MITM protection. Have a look at the example project nRF5_SDK_17.0.2_d674dde\examples\ble_central\experimental\ble_app_hrs_nfc_c

    The Idea with MITM protection is that it there must be some part that is not accessible to the man-in-the-middle. In BLE it is done by passing a code to the user through a display or passed from one device to another through NFC / UART.

Children
  • 0 in reply to fhfs

    Thanks. So these seems the only options for MITM protection implementation: Display a code, NFC, and UART OOB.

    In my case I have two Adafruit Feather seating far from each other, seems to me that MITM is not implementable in this case and I should perform BLE paring as Just Works. Please confirm. 

Related
Terms of service