• State Not Answered
  • Replies 21 replies
  • Subscribers 77 subscribers
  • Views 4900 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 293123
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

Implementing BLE security for the application

Sreejith Sundh

Greetings to Nordic team!

I would like to provide BLE security for my application (to my BLE Peripheral device). I am planning to apply the following features such as

1. Generate a 128 bit key for my BLE Peripheral and share this via a secure channel (not important here) to central device. (As I can use here the passkey or 6 digit pin but inorder to improve the security I would suggeste to use 128 bit key)

2. Central device initiates pairing, encrypt and distribute the key.

Is it possible to implement this security type? If so how can I generate a 128 bit key key for my peripheral device? and is it possible for a central device to implement pairing by reading this 128 bit value ? I am really not good in BLE and BLE Security...looking forward to hearing from you.

Thanks and Regards,

Sreejith

Parents
  • 0

    Hello,

    Does your application already include the Peer Manager module? In that case, it should be sufficient to increase the required security level of your Bluetooth characteristics. The peer manager will handle the pairing/bonding procedure initiated by the central device.

    The passkey, which is an optional security mechanism in BLE, is used to enable man-in-the-middle (MITM) protection during the bonding procedure where the 128-bit encryption key gets exchanged. It does affect how the encryption key is generated.

    Best regards,

    Vidar

  • 0 in reply to Vidar Berg

    Hi Vidar,

    I am trying to update my application with OOB Legacy Pairing with static Passkey, I have updated the application as follows

    #define SEC_PARAM_BOND 1
    #define SEC_PARAM_MITM 1
    #define SEC_PARAM_LESC 0 
    #define SEC_PARAM_KEYPRESS 0
    #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE 
    #define SEC_PARAM_OOB 1
    #define SEC_PARAM_MIN_KEY_SIZE 7 
    #define SEC_PARAM_MAX_KEY_SIZE 16 

    static ble_advdata_tk_value_t m_oob_auth_key = {
    .tk = {0x35, 0x34, 0x33, 0x32,
    0x31, 0x30, 0x39, 0x38,
    0x37, 0x36, 0x35, 0x34,
    0x33, 0x32, 0x31, 0x30}
    };

    /* in BLE event handler */

    case BLE_GAP_EVT_AUTH_KEY_REQUEST:
    NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST %d", p_ble_evt->evt.gap_evt.params.auth_key_request.key_type);

    err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gap_evt.conn_handle,
    BLE_GAP_AUTH_KEY_TYPE_OOB,
    m_oob_auth_key.tk);
    APP_ERROR_CHECK(err_code);
    break;

    case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
    NRF_LOG_INFO("BLE_GAP_EVT_LESC_DHKEY_REQUEST");
    break;

    there was no any error in compile, but the SDK not advertising...is my code right? or is anything required to update in SDK config?

    Thanks and Regards,

    Sreejith

Reply
  • 0 in reply to Vidar Berg

    Hi Vidar,

    I am trying to update my application with OOB Legacy Pairing with static Passkey, I have updated the application as follows

    #define SEC_PARAM_BOND 1
    #define SEC_PARAM_MITM 1
    #define SEC_PARAM_LESC 0 
    #define SEC_PARAM_KEYPRESS 0
    #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE 
    #define SEC_PARAM_OOB 1
    #define SEC_PARAM_MIN_KEY_SIZE 7 
    #define SEC_PARAM_MAX_KEY_SIZE 16 

    static ble_advdata_tk_value_t m_oob_auth_key = {
    .tk = {0x35, 0x34, 0x33, 0x32,
    0x31, 0x30, 0x39, 0x38,
    0x37, 0x36, 0x35, 0x34,
    0x33, 0x32, 0x31, 0x30}
    };

    /* in BLE event handler */

    case BLE_GAP_EVT_AUTH_KEY_REQUEST:
    NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST %d", p_ble_evt->evt.gap_evt.params.auth_key_request.key_type);

    err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gap_evt.conn_handle,
    BLE_GAP_AUTH_KEY_TYPE_OOB,
    m_oob_auth_key.tk);
    APP_ERROR_CHECK(err_code);
    break;

    case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
    NRF_LOG_INFO("BLE_GAP_EVT_LESC_DHKEY_REQUEST");
    break;

    there was no any error in compile, but the SDK not advertising...is my code right? or is anything required to update in SDK config?

    Thanks and Regards,

    Sreejith

Children
Related
Terms of service