BLE data transfer use AES/CCM encryption and unencryption

Why do you not just rely on the security features of BLE? When you use LE Secure Connections with some kind of MITM prevention, then the connection uses AES/CCM. Just make sure, that your lock makes sure, the connection is actually encrypted with a key that was obtained by the proper pairing.

Hi Robitzki,

       You mean I just need to enable MITM protected.

1. My All data should encrypted by AES.

2. Phone app can get a key from device when pairing boths.

3. Is MITM a standard function on BLE?

Do you have any example that can refer it?  which Nordic SDK version can support it?  

Also, we don't want the user to have to enter the passkey by phone. In fact the user doesn't need to pick up the phone to unlock my device(Like auto lock and unlock)

Thank you.

John.

Hi John, 

It would work this way: 

Step 1. User turns on the Lock

Step 2. Customer open the app on the phone to connect to the lock for the first time and bonding process starts

Step 3a. If there is keyboard on the lock, the phone can display passkey and user need to type the same passkey on the lock . It's the random passkey the phone generated.

Step 3b. If there is display on the lock, the lock can display the passkey and user type the same passkey on the phone. It's the random passkey the lock generated

Step 4. Two device bonded . They now have generated and stored the same LTK (long term key). This is Bluetooth LTK.

Here the set up process is done. 

Step 5 when the user with the phone come close to the lock, the lock automatically connect to it

Step 6 The phone and the lock encrypt the connection using the previously stored LTK. The lock now know for sure that it connect to the authenticated phone. 

Step 7 The link is now encrypted , and the phone can now send the command to lock or unlock the door. 

Step 8 After the door is locked or unlocked, the phone can disconnect the encrypted connection. 

At step 7 you can implement your extra security protocol if you want. 

Hi Hung,

       Thank you for your answer. Very clear.

One more question. If my lock don't have keyboard or display. Only have some hardware buttons. 

The only way I can do what you describe. Is there only a static passkey way?

It would work this way for me:

Step 3a. Lock device have a static passkey "123456". I provided a QR code include my static passkey. phone scan this QR code to get and send passkey "123456" to lock device.

Step 3a-1 Lock device get "123456" from phone to compare passkey in lock device side. If match. then bonded.

Is it right?

Thank you.

John.,

Hi John, 

According to the spec, static passkey is not considered safe. One can just retry bonding 20 times (LESC) to get the correct passkey. 

Please make it very clear that bonding and lock/unlock the doorlock are not the same. 

So the passkey to bond shouldn't be used to lock or unlock the door . Bonding is to encrypt the link for the first time the two device (phone and doorlock) talk to each other. After that they are secured to talk to each other. Then you can send your command to unlock/lock when the link is encrypted.

Note that you can turn off bonding after you bond with the first device. After that, you can switch to the mode that the device doesn't bond with any new device and only can be switch to bond mode when you open it or send a command from the phone. 

Hi Hung,

    Yes. I know. My current thinking is as below.

1. Use static passkey to bonded my device and phone.(QR code include my static passkey and mac address, My app will know when app scan QR code)

2. Set whitelist. So another phone can't scan and link my device.

3. encrypted data transfer between my phone and device. Then I can send lock or unlock command.

Is it right?

My question is if I use static passkey. What will be the flow of the mechanism for my phone and device to exchange passkeys with each other?

Also,I'm thinking of a way to delete bonded mode.Back to the first pairing

Thank you.

John. 

Hi John, 

Yes , it's correct. If you can limit the access to bonding mode then it's safer as the attacker need to try at least 20 times to guess the key and it's not possible to find the passkey even when they sniff the communication. 

For static passkey, please have a look here. It's for legacy pairing but I believe you can use the same BLE_GAP_OPT_PASSKEY for LESC. You would need to configure your device capability to display (even though it doesn't have a display) and the peer device should have keyboard. 

Regarding delete bonded information, you should implement the code on the lock that allow the authorized phone to delete bond. Or to have a failsafe button on the lock that allow it to reset the database and allow new bond. 

Hi John, 

Yes , it's correct. If you can limit the access to bonding mode then it's safer as the attacker need to try at least 20 times to guess the key and it's not possible to find the passkey even when they sniff the communication. 

For static passkey, please have a look here. It's for legacy pairing but I believe you can use the same BLE_GAP_OPT_PASSKEY for LESC. You would need to configure your device capability to display (even though it doesn't have a display) and the peer device should have keyboard. 

Regarding delete bonded information, you should implement the code on the lock that allow the authorized phone to delete bond. Or to have a failsafe button on the lock that allow it to reset the database and allow new bond. 

Hi Hung,

    Can I use below flow to do all things.

1. Set a passkey on device.

2. When phone and device connected, send this passkey to phone. But the phone does not display the passkey code. Then user must use a qr code card to scan and automatically fill it in the blanks as like ******.

3. Then reply to the device and complete the comparison

Does that make sense for secure? Does it help to improve safety?

Thank you.

John.

Hi John,

 
What exactly you are trying to achieve here ? 

It's not possible to customize the Bluetooth pairing on the phone. It's handled by the system. 
So what you can do is to make the app that can scan for the QR code and after scanning QR code it can tell the end user on the phone which passkey they should enter. 

Hi Hung,

    Is it possible to increase security by hiding the passkey on the QR code that only each buyer has? If you are not real buyer, you don't know what are you going to enter during exchange passkey step.

Thank you.

John

Hi John, 

I'm not really sure what you are asking about. 

If you are not real buyer you can't bond your phone to the lock. The lock will not allow any phone to bond to the device. Bonding is only allowed on the first time setting it up. 

Hi Hung,

        Sorry for causing your doubts,but i see what you mean.

Other question is

If I have already bounded and set up encryption and whitelist with Phone A. What should I do if I change or lost my phone A? Can I store LTK in SERVER? When the user enters the account and password on my APP. I can download LTK from server to phone.

Thank you.

John.,