BLE data transfer use AES/CCM encryption and unencryption


      I development a elock device to use nordic 52832 chip. I want to transfer some information between phone app and my device. Like UUID / user account / user password.

for against BLE sniffer, we need use AES method to protect our information.

Can I follow  \examples\crypto\nrf_cc310\aes example to do it? Or any suggest for us? Our data transfer flow as below

 - phone app sent unlock command to our device

 - our device sent a random number to phone app

 - phone app response

- our device check response to unlock

Thank you.


  • Why do you not just rely on the security features of BLE? When you use LE Secure Connections with some kind of MITM prevention, then the connection uses AES/CCM. Just make sure, that your lock makes sure, the connection is actually encrypted with a key that was obtained by the proper pairing.

  • Hi Robitzki,

           You mean I just need to enable MITM protected.

    1. My All data should encrypted by AES.

    2. Phone app can get a key from device when pairing boths.

    3. Is MITM a standard function on BLE?

    Do you have any example that can refer it?  which Nordic SDK version can support it?  

    Also, we don't want the user to have to enter the passkey by phone. In fact the user doesn't need to pick up the phone to unlock my device(Like auto lock and unlock)

    Thank you.


  • The concrete implementation of MITM protection depends on the IO capabilities you can implement with your lock. Every version of the Nordic SDK will provide this very basic and very fundamental security concept. Think of a keyboard. It would be a nightmare, if not all keystrokes would be encrypted properly.

    I'm not using the Nordic SDK very much, so I'm not able to point you to a concrete example.

    There is an other method that might be interesting for your application OOB (out of band) data. This basically means, you provide the Key to both communication partners, so that they do not have to exchange the key over the air.

  • Hi John, 

    As Torsten already explained, you can have a secure way of transferring data between your device and the phone using the standard Bluetooth pairing. The link is considering secured if you use LESC with MITM (Man In The Middle) or legacy pairing with OOB (NFC for example) .

    Please have a look at the examples in our SDK:  ble_app_gls (MITM with passkey) or ble_app_hrs_nfc_pairing, ble_nfc_pairing_reference (for NFC OOB) 

  • Hi Hung and Torsten,

             Thank you for your quickly answer.

    But for our design, we must auto lock or unlock our device. Don't need to pick up the phone and enter the passkey. Do I have any way that I can use MITM without passkey(Maybe our key already save in our phone app)

    Also, I want to know that can I use below method(ECB) with softwaredevice to do our secure way?

    Have any issue or limit? 

    Thank you.