• State Not Answered
  • Replies 26 replies
  • Subscribers 63 subscribers
  • Views 3122 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 295523
Options

BLE data transfer use AES/CCM encryption and unencryption

JohnCC

Hi,

      I development a elock device to use nordic 52832 chip. I want to transfer some information between phone app and my device. Like UUID / user account / user password.

for against BLE sniffer, we need use AES method to protect our information.

Can I follow  \examples\crypto\nrf_cc310\aes example to do it? Or any suggest for us? Our data transfer flow as below

 - phone app sent unlock command to our device

 - our device sent a random number to phone app

 - phone app response

- our device check response to unlock

Thank you.

John.

  • 0 in reply to Hung Bui

    Hi Hung,

        Yes. I know. My current thinking is as below.

    1. Use static passkey to bonded my device and phone.(QR code include my static passkey and mac address, My app will know when app scan QR code)

    2. Set whitelist. So another phone can't scan and link my device.

    3. encrypted data transfer between my phone and device. Then I can send lock or unlock command.

    Is it right?

    My question is if I use static passkey. What will be the flow of the mechanism for my phone and device to exchange passkeys with each other?

    Also,I'm thinking of a way to delete bonded mode.Back to the first pairing

    Thank you.

    John. 

  • 0 in reply to JohnCC

    Hi John, 

    Yes , it's correct. If you can limit the access to bonding mode then it's safer as the attacker need to try at least 20 times to guess the key and it's not possible to find the passkey even when they sniff the communication. 

    For static passkey, please have a look here. It's for legacy pairing but I believe you can use the same BLE_GAP_OPT_PASSKEY for LESC. You would need to configure your device capability to display (even though it doesn't have a display) and the peer device should have keyboard. 

    Regarding delete bonded information, you should implement the code on the lock that allow the authorized phone to delete bond. Or to have a failsafe button on the lock that allow it to reset the database and allow new bond. 

  • 0 in reply to Hung Bui

    Hi Hung,

        Can I use below flow to do all things.

    1. Set a passkey on device.

    2. When phone and device connected, send this passkey to phone. But the phone does not display the passkey code. Then user must use a qr code card to scan and automatically fill it in the blanks as like ******.

    3. Then reply to the device and complete the comparison

    Does that make sense for secure? Does it help to improve safety?

    Thank you.

    John.

  • 0 in reply to JohnCC

    Hi John,

     
    What exactly you are trying to achieve here ? 


    It's not possible to customize the Bluetooth pairing on the phone. It's handled by the system. 
    So what you can do is to make the app that can scan for the QR code and after scanning QR code it can tell the end user on the phone which passkey they should enter. 

  • 0 in reply to Hung Bui

    Hi Hung,

        Is it possible to increase security by hiding the passkey on the QR code that only each buyer has? If you are not real buyer, you don't know what are you going to enter during exchange passkey step.

    Thank you.

    John

Related