Implementing BLE security for the application

Hi Emil,

This is exactly I am looking for and I would like to ask you some doubts because I am completely new in BLE.

1. How can I generate 128 bit key for my peripheral device (TK)

2. Implementation of this Legacy Pairing with TK, how can implement? Is there any example to refer or any Vlogs from Nordic to implement this type of security. It helps me to refer for more information.

Thanks Emil.

with Regards,

Sreejith

Thanks for the clarification, Emil. I thought the idea was to exchange a pre-defined LTK out-of-band and my security concern was related to the key management of said key.

Sreejith, will the end user have a central device which can support this OOB input? If it doesn't, then an alternative may be to look at adding an additional layer of security in your application as discussed in this blog post:  Intro to Application-level Security Using the ECB Peripheral

Thanks Vidar,

Vidar Berg said:

Sreejith, will the end user have a central device which can support this OOB input? If it doesn't, then an alternative may be to look at adding an additional layer of security in your application as discussed in this blog post:  Intro to Application-level Security Using the ECB Peripheral

We were planning to share the key in different manner and the central device get this key finally (But not yet planned) of course central device will get those key. Thanks for sharing the reference website.

I am trying to implement BLE security on the peripheral side as Emil mentioned. Is there any documentation, vlogs or any example in oredr to impment this so that I can refere it.

Thanks Vidar for the support,

with Regards,

Sreejith

Hi Sreejith,

Implementing this pairing method on the nRF side should be fairly straight forward. Emil already described the required steps for this in his other reply. The question is if you will be able to do the same on the central side. As I have indicated earlier, the Bluetooth framework in Android and iOS does expose this level of control to the app.

There are some Android phones which support OOB pairing, but that is through NFC. I do not know of any other OOB channels that are supported.

Hi Vidar,

I am trying to update my application with OOB Legacy Pairing with static Passkey, I have updated the application as follows

#define SEC_PARAM_BOND 1
#define SEC_PARAM_MITM 1
#define SEC_PARAM_LESC 0 
#define SEC_PARAM_KEYPRESS 0
#define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE 
#define SEC_PARAM_OOB 1
#define SEC_PARAM_MIN_KEY_SIZE 7 
#define SEC_PARAM_MAX_KEY_SIZE 16 

static ble_advdata_tk_value_t m_oob_auth_key = {
.tk = {0x35, 0x34, 0x33, 0x32,
0x31, 0x30, 0x39, 0x38,
0x37, 0x36, 0x35, 0x34,
0x33, 0x32, 0x31, 0x30}
};

/* in BLE event handler */

case BLE_GAP_EVT_AUTH_KEY_REQUEST:
NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST %d", p_ble_evt->evt.gap_evt.params.auth_key_request.key_type);

err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gap_evt.conn_handle,
BLE_GAP_AUTH_KEY_TYPE_OOB,
m_oob_auth_key.tk);
APP_ERROR_CHECK(err_code);
break;

case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
NRF_LOG_INFO("BLE_GAP_EVT_LESC_DHKEY_REQUEST");
break;

there was no any error in compile, but the SDK not advertising...is my code right? or is anything required to update in SDK config?

Thanks and Regards,

Sreejith