BLE data transfer use AES/CCM encryption and unencryption

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Mon, 17 Oct 2022 11:25:22 GMT

Hi Hung,

Thanks for your great information. We will implement it on our product

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Mon, 17 Oct 2022 07:46:42 GMT

Hi John,
Your solution may work. But you may want to consider adding some extra security on top:

- After you check user account , you may want to have a challenge response scheme. For example the device provide a challenge and the app on the phone must provide a response to the device so that the device are sure it's connected to an authorized phone. You can choose to do this by the cloud (connect to server as you said) but then it will come to an issue that if the user doesn't have internet he can't unlock. There is a blog about this scheme here.

- You may want to add a "add new user" mode. Instead of simply allow new bond when the bike is unlocked. For example if the attacker just get close to the bike when it's not locked and not connected to the phone, the he can bond the new phone to it.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Mon, 17 Oct 2022 02:00:36 GMT

Hi Hung,

According to our current plan, we will use the user's account to check on the server to prevent.

If My bike bonded the Phone A(User A account) and "Already Locked". Other users will not be able to bonded this bike. Until user A unlocks this bike

Thank you.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Fri, 14 Oct 2022 11:15:49 GMT

Hi John,

Then how can you avoid an attacker to steal the bike ?

After you bonded the first phone A.

Then an attacker with a phone C come and bond to the device, how do you avoid it being stolen by attacker with phone C ?

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Fri, 14 Oct 2022 11:08:25 GMT

Hi Hung,

When you say passkey, is it the bluetooth bonding passkey ? Yes

Our current thinking as below.

1. The device enter into pairing mode

2. The device show passkey on display when phone A want to pair the device

3. Enter the passkey by keyboard on Phone A. The phone A bonded the device.

4. Make the device enter pairing mode again through a method

5. The device show passkey on display when phone B want to pair the device

6. Enter the passkey by keyboard on Phone B. The phone B bonded the device.

7. User can use phone A or Phone B to lock or unlock device.

Because a bike may be used by two people. Can two Keys be able to unlock or lock this bike?

Thank you.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Fri, 14 Oct 2022 10:54:52 GMT

Hi John,

When you say passkey, is it the bluetooth bonding passkey ?

You can have bond with two different phones. You don't need to clear the first set of bond information.

But the question is how you enable a new phone to connect and control the bike. It's more about security question. It's similar to what I wrote in the last reply. You need to have a way of allowing a new bond. Either by using your phone that already bonded and give a command to allow a new bond. Or by using for example a physical NFC key to allow adding a new bond.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Thu, 13 Oct 2022 08:44:30 GMT

Hi Hung,

After our deeper research, now there is a question

If I already used passkey to connected between my phone and my bike。My transmission is encrypted。

If I lend my bike to my friend，Is he able to establish other passkey secure connection? Because my bike device already has my Key，Can there be two sets of keys? or the first one will be cleared?

Thank you.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Mon, 26 Sep 2022 02:13:55 GMT

Hi Hung,

I fully understand what you mean. After these questions I also know how I should design my system. Thank you very much. I need your help if I have any questions in the future.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Fri, 23 Sep 2022 08:09:07 GMT

Hi John,

On most phones you wouldn't be able to download a LTK and the ask the phone to update the bond with the new LTK.

So in this case when the user loses their phone, it's a security procedure that you need to define on your own. It's the same with what happen when one loses their key.
Be very careful when defining those protocol to recover the key. We are not expert in this topic so you may want to do some study or get help from expert in security.

Usually if you have a secondary way of unlocking the device, then it's easier. For example keypad or NFC tag. You can use the second way to unlock the device, and then can clear the bond information, set the device to bonding mode to allow new bonding.

If you don't have any secondary way then you would need to allow advertise with no white list. Allowing any device to connect to . Then in this case you would need another level of security on top of Bluetooth pairing. You then can apply the feature suggested by Daniel in his blog. The new device need to pass this security level to unlock.

You can have a key inside the lock and the phone can access the cloud to get the same key of the same log (scan QR code or login to user account etc).

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Fri, 23 Sep 2022 02:00:31 GMT

Hi Hung,

Sorry for causing your doubts,but i see what you mean.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Thu, 22 Sep 2022 07:56:39 GMT

Hi John,

I'm not really sure what you are asking about.

If you are not real buyer you can't bond your phone to the lock. The lock will not allow any phone to bond to the device. Bonding is only allowed on the first time setting it up.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Thu, 22 Sep 2022 03:05:51 GMT

Hi Hung,

Is it possible to increase security by hiding the passkey on the QR code that only each buyer has? If you are not real buyer, you don't know what are you going to enter during exchange passkey step.

Thank you.

John

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Wed, 21 Sep 2022 11:15:54 GMT

Hi John,

What exactly you are trying to achieve here ?

It's not possible to customize the Bluetooth pairing on the phone. It's handled by the system.
So what you can do is to make the app that can scan for the QR code and after scanning QR code it can tell the end user on the phone which passkey they should enter.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Wed, 21 Sep 2022 10:46:23 GMT

Hi Hung,

Can I use below flow to do all things.

1. Set a passkey on device.

2. When phone and device connected, send this passkey to phone. But the phone does not display the passkey code. Then user must use a qr code card to scan and automatically fill it in the blanks as like ******.

3. Then reply to the device and complete the comparison

Does that make sense for secure? Does it help to improve safety?

Thank you.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Wed, 21 Sep 2022 10:37:27 GMT

Hi John,

Yes , it's correct. If you can limit the access to bonding mode then it's safer as the attacker need to try at least 20 times to guess the key and it's not possible to find the passkey even when they sniff the communication.

For static passkey, please have a look here. It's for legacy pairing but I believe you can use the same BLE_GAP_OPT_PASSKEY for LESC. You would need to configure your device capability to display (even though it doesn't have a display) and the peer device should have keyboard.

Regarding delete bonded information, you should implement the code on the lock that allow the authorized phone to delete bond. Or to have a failsafe button on the lock that allow it to reset the database and allow new bond.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Wed, 21 Sep 2022 08:29:57 GMT

Hi Hung,

Yes. I know. My current thinking is as below.

1. Use static passkey to bonded my device and phone.(QR code include my static passkey and mac address, My app will know when app scan QR code)

2. Set whitelist. So another phone can't scan and link my device.

3. encrypted data transfer between my phone and device. Then I can send lock or unlock command.

Is it right?

My question is if I use static passkey. What will be the flow of the mechanism for my phone and device to exchange passkeys with each other?

Also,I'm thinking of a way to delete bonded mode.Back to the first pairing

Thank you.

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Wed, 21 Sep 2022 08:06:52 GMT

Hi John,

According to the spec, static passkey is not considered safe. One can just retry bonding 20 times (LESC) to get the correct passkey.

Please make it very clear that bonding and lock/unlock the doorlock are not the same.

So the passkey to bond shouldn't be used to lock or unlock the door . Bonding is to encrypt the link for the first time the two device (phone and doorlock) talk to each other. After that they are secured to talk to each other. Then you can send your command to unlock/lock when the link is encrypted.

Note that you can turn off bonding after you bond with the first device. After that, you can switch to the mode that the device doesn't bond with any new device and only can be switch to bond mode when you open it or send a command from the phone.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Wed, 21 Sep 2022 01:53:51 GMT

Hi Hung,

Thank you for your answer. Very clear.

One more question. If my lock don't have keyboard or display. Only have some hardware buttons.

The only way I can do what you describe. Is there only a static passkey way?

It would work this way for me:

Step 3a. Lock device have a static passkey "123456". I provided a QR code include my static passkey. phone scan this QR code to get and send passkey "123456" to lock device.

Step 3a-1 Lock device get "123456" from phone to compare passkey in lock device side. If match. then bonded.

Is it right?

Thank you.

John.,

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Tue, 20 Sep 2022 10:48:25 GMT

Hi John,

It would work this way:

Step 1. User turns on the Lock

Step 2. Customer open the app on the phone to connect to the lock for the first time and bonding process starts

Step 3a. If there is keyboard on the lock, the phone can display passkey and user need to type the same passkey on the lock . It's the random passkey the phone generated.

Step 3b. If there is display on the lock, the lock can display the passkey and user type the same passkey on the phone. It's the random passkey the lock generated

Step 4. Two device bonded . They now have generated and stored the same LTK (long term key). This is Bluetooth LTK.

Here the set up process is done.

Step 5 when the user with the phone come close to the lock, the lock automatically connect to it

Step 6 The phone and the lock encrypt the connection using the previously stored LTK. The lock now know for sure that it connect to the authenticated phone.

Step 7 The link is now encrypted , and the phone can now send the command to lock or unlock the door.

Step 8 After the door is locked or unlocked, the phone can disconnect the encrypted connection.

At step 7 you can implement your extra security protocol if you want.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Tue, 20 Sep 2022 09:31:28 GMT

Hi Hung,

Maybe I'll describe as below what I understand, see if that's right.

Step 1: I use MITM function to bonding my device and phone.

Step 2: Use key in passkey on phone to confirm your own.

Step 3: When I will lock device, the device will connect to my phone

Step 4: AES encrypt and unencrypt some information transfer between device and phone

Step 5: If authentication succeeded, device will lock

As I know, if I enable MITM function. The transfer data between device and phone will protected by AES. But AES need a key on device and phone side. When will I get this key? I need burn in this key in my device during production in factory? and transfer this key to phone when user enable lock feature? - I don't understond.

Do you have any user flow can refer it?

Thank you

John.

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Tue, 20 Sep 2022 09:14:21 GMT

Hi John,

Yes it's possible to do what described in Daniel's blog for your application.

But I want to make it clear that the bonding process (with passkey or NFC) only needed on the first time the phone connect to the lock. On the next connection the phone and the lock will use a common LTK to encrypt the link.
Imagine when a new user setting up his phone as the key, he would need to either read the NFC tag on the log or type the code that show on the log. After that the lock automatically open when the phone is close by (connect - encrypt - unlock command - disconnect)

If you want to have an extra security layer you can also implement what Daniel described, on top of BLE encryption.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Tue, 20 Sep 2022 02:00:31 GMT

Hi Hung and Torsten,

Thank you for your quickly answer.

But for our design, we must auto lock or unlock our device. Don't need to pick up the phone and enter the passkey. Do I have any way that I can use MITM without passkey(Maybe our key already save in our phone app)

Also, I want to know that can I use below method(ECB) with softwaredevice to do our secure way?

devzone.nordicsemi.com/.../intro-to-application-level-security-using-the-ecb-

Have any issue or limit?

Thank you.

John

RE: BLE data transfer use AES/CCM encryption and unencryption

Hung Bui — Mon, 19 Sep 2022 11:03:35 GMT

Hi John,

As Torsten already explained, you can have a secure way of transferring data between your device and the phone using the standard Bluetooth pairing. The link is considering secured if you use LESC with MITM (Man In The Middle) or legacy pairing with OOB (NFC for example) .

Please have a look at the examples in our SDK: ble_app_gls (MITM with passkey) or ble_app_hrs_nfc_pairing, ble_nfc_pairing_reference (for NFC OOB)

RE: BLE data transfer use AES/CCM encryption and unencryption

Torsten Robitzki — Mon, 19 Sep 2022 10:34:37 GMT

The concrete implementation of MITM protection depends on the IO capabilities you can implement with your lock. Every version of the Nordic SDK will provide this very basic and very fundamental security concept. Think of a keyboard. It would be a nightmare, if not all keystrokes would be encrypted properly.

I'm not using the Nordic SDK very much, so I'm not able to point you to a concrete example.

There is an other method that might be interesting for your application OOB (out of band) data. This basically means, you provide the Key to both communication partners, so that they do not have to exchange the key over the air.

RE: BLE data transfer use AES/CCM encryption and unencryption

JohnCC — Mon, 19 Sep 2022 10:22:41 GMT

Hi Robitzki,

You mean I just need to enable MITM protected.

1. My All data should encrypted by AES.

2. Phone app can get a key from device when pairing boths.

3. Is MITM a standard function on BLE?

Do you have any example that can refer it? which Nordic SDK version can support it?

Also, we don't want the user to have to enter the passkey by phone. In fact the user doesn't need to pick up the phone to unlock my device(Like auto lock and unlock)

Thank you.

John.