BLE data transfer use AES/CCM encryption and unencryption

Why do you not just rely on the security features of BLE? When you use LE Secure Connections with some kind of MITM prevention, then the connection uses AES/CCM. Just make sure, that your lock makes sure, the connection is actually encrypted with a key that was obtained by the proper pairing.

Hi Robitzki,

       You mean I just need to enable MITM protected.

1. My All data should encrypted by AES.

2. Phone app can get a key from device when pairing boths.

3. Is MITM a standard function on BLE?

Do you have any example that can refer it?  which Nordic SDK version can support it?  

Also, we don't want the user to have to enter the passkey by phone. In fact the user doesn't need to pick up the phone to unlock my device(Like auto lock and unlock)

Thank you.

John.

Hi Hung,

    Yes. I know. My current thinking is as below.

1. Use static passkey to bonded my device and phone.(QR code include my static passkey and mac address, My app will know when app scan QR code)

2. Set whitelist. So another phone can't scan and link my device.

3. encrypted data transfer between my phone and device. Then I can send lock or unlock command.

Is it right?

My question is if I use static passkey. What will be the flow of the mechanism for my phone and device to exchange passkeys with each other?

Also,I'm thinking of a way to delete bonded mode.Back to the first pairing

Thank you.

John. 

Hi John, 

Yes , it's correct. If you can limit the access to bonding mode then it's safer as the attacker need to try at least 20 times to guess the key and it's not possible to find the passkey even when they sniff the communication. 

For static passkey, please have a look here. It's for legacy pairing but I believe you can use the same BLE_GAP_OPT_PASSKEY for LESC. You would need to configure your device capability to display (even though it doesn't have a display) and the peer device should have keyboard. 

Regarding delete bonded information, you should implement the code on the lock that allow the authorized phone to delete bond. Or to have a failsafe button on the lock that allow it to reset the database and allow new bond. 

Hi Hung,

    Can I use below flow to do all things.

1. Set a passkey on device.

2. When phone and device connected, send this passkey to phone. But the phone does not display the passkey code. Then user must use a qr code card to scan and automatically fill it in the blanks as like ******.

3. Then reply to the device and complete the comparison

Does that make sense for secure? Does it help to improve safety?

Thank you.

John.

Hi John,

 
What exactly you are trying to achieve here ? 

It's not possible to customize the Bluetooth pairing on the phone. It's handled by the system. 
So what you can do is to make the app that can scan for the QR code and after scanning QR code it can tell the end user on the phone which passkey they should enter. 

Hi Hung,

    Is it possible to increase security by hiding the passkey on the QR code that only each buyer has? If you are not real buyer, you don't know what are you going to enter during exchange passkey step.

Thank you.

John

Hi Hung,

    Is it possible to increase security by hiding the passkey on the QR code that only each buyer has? If you are not real buyer, you don't know what are you going to enter during exchange passkey step.

Thank you.

John

Hi John, 

I'm not really sure what you are asking about. 

If you are not real buyer you can't bond your phone to the lock. The lock will not allow any phone to bond to the device. Bonding is only allowed on the first time setting it up. 

Hi Hung,

        Sorry for causing your doubts,but i see what you mean.

Other question is

If I have already bounded and set up encryption and whitelist with Phone A. What should I do if I change or lost my phone A? Can I store LTK in SERVER? When the user enters the account and password on my APP. I can download LTK from server to phone.

Thank you.

John.,

Hi John, 

On most phones you wouldn't be able to download a LTK and the ask the phone to update the bond with the new LTK. 

So in this case when the user loses their phone, it's a security procedure that you need to define on your own. It's the same with what happen when one loses their key. 
Be very careful when defining those protocol to recover the key. We are not expert in this topic so you may want to do some study or get help from expert in security. 

Usually if you have a secondary way of unlocking the device, then it's easier. For example keypad or NFC tag. You can use the second way to unlock the device, and then can clear the bond information, set the device to bonding mode to allow new bonding. 

If you don't have any secondary way then you would need to allow advertise with no white list. Allowing any device to connect to . Then in this case you would need another level of security on top of Bluetooth pairing.  You then can apply the feature suggested by Daniel in his blog.  The new device need to pass this security level to unlock.  

You can have a key inside the lock and the phone can access the cloud to get the same key of the same log (scan QR code or login to user account etc). 

Hi Hung,

        I fully understand what you mean. After these questions I also know how I should design my system. Thank you very much. I need your help if I have any questions in the future.

John.

Hi Hung,

    After our deeper research, now there is a question

If I already used passkey to connected between my phone and my bike。My transmission is encrypted。

If I lend my bike to my friend，Is he able to establish other passkey secure connection? Because my bike device already has my Key，Can there be two sets of keys? or the first one will be cleared?

Thank you.

John.