Creating a Heart Rate Service Peripheral Example Application That Requires Mode 1 Level 3 Security

Hi,

In Bluetooth, the security level is set per characteristic. Referring to the Heart Rate example in nRF5 SDK 15.3, you can see that the security level of the heart rate characteristics is set in services_init():

    // Here the sec level for the Heart Rate Service can be changed/increased.
    hrs_init.hrm_cccd_wr_sec = SEC_OPEN;
    hrs_init.bsl_rd_sec      = SEC_OPEN;

If you want to use level 3, change this to SEC_MITM intend of SEC_OPEN. With this, security level 3 is required in order to access the specific characteristics. Note that the mode essentially means that MITM or OOB is used, so you do not need to do other changes in this part regardless of if you are using numeric comparison, passkey or OOB.

The second part is to expand the example to use the MITM protection method you want to use/test. For that, you can refer to other examples and copy-past in relevant parts. For instance, ble_app_gls use passkey (with the nRF being the display), printing the passkey over UART. Which MITM method that works is depending on the I/O capabilities of your product. If it has both a keyboard and a display, you can use numeric comparison (only with LE secure connections and provided the peer also supports it). If it has a keyboard or a display, it can use passkey, provided the peer has the opposite (or both). For OOB you would typically need something application specific.

I found the hrm_ccd_wr_sec setting and changed it to SEC_JUST_WORKS as a start. This resulted in an "Insuffcient Authentication" error when the Central attempted to enable the characteristic notification.

I then enabled the peer manager functionality in the Central to manage the bonding process. That all worked as expected. I am now struggling with the reconnection after both Central and Peripheral have stored the bonding information. I can see that the Central successfully reaches the sd_ble_gap_encrypt() function; however, the peripheral is sending an ATTMTU request prior to the Central enabling encryption and the Central attempts to reply but receives an NRF_ERROR_INVALID_STATE error in response to sd_ble_gatts_exchange_mtu_reply().

I haven't  changed any of the Central logic which was in place prior to supporting security, so typically the nrf_ble_gatt_on_ble_evt() would handle the ATT requests/responses and my application event handler would just start service discovery on the CONNECT event. I suspect this has to change somehow.

Can you point me to a sequence diagram that demonstrates a reconnection between bonded Central and Peripheral (and an example)?

The third screen shot (which I added after the original reply) shows the initial bonding capture. The first screen shot is nRF connect and the second screen shot is my application.

Can you comment on the "More Data" flag being set in the second screen shot?

Here are two example logs (and call stack screen shots) from the peripheral.

# SEGGER J-Link RTT Viewer V7.80c Terminal Log File
# Compiled: 16:09:36 on Sep 27 2022
# Logging started @ 26 May 2023 08:18:31
00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> <info> app: Heart Rate Sensor example started.
00> 
00> <info> app: Fast advertising.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected.
00> 
00> <error> app: Fatal error
00> 

# Logging stopped @ 26 May 2023 08:19:53

# SEGGER J-Link RTT Viewer V7.80c Terminal Log File
# Compiled: 16:09:36 on Sep 27 2022
# Logging started @ 26 May 2023 08:20:47
00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> <info> app: Heart Rate Sensor example started.
00> 
00> <info> app: Fast advertising.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected.
00> 
00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
00> 
00> <info> app: GATT ATT MTU on connection 0x0 changed to 247.
00> 
00> <debug> nrf_ble_gatt: Data length updated to 251 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 251
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 251
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 2120
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 2120
00> 
00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
00> 
00> <error> app: Fatal error
00> 

The error being returned from heart_rate_meas_timeout_handler() is NRF_ERROR_FORBIDDEN.

Can you share code also? Regarding the more data bit in the last screenshot from the previous post I am not able to see much from the screenshot. Can you upload the actual trace file? Generally though, if there are empty packets with MD set, that seems odd.

Once I fixed the behavior of the ble_app_hrs example so it doesn't start the application timers (application_timers_start) at start-up, but rather waits for BLE_GAP_EVT_AUTH_STATUS event on the initial bonding or NRF_BLE_GATT_EVT_ATT_MTU_UPDATED event on reconnection, then all worked as expected.

Also stopping the application timers on a disconnect was necessary so that repeated connect/disconnect operations would work.

So I think I'm all set. Thanks for your attention.

I did have a follow up question related to central and peripheral bonding data becoming of "lost". If the central has it's bonding information, but the peripheral no longer does.

From my BT capture I see that the central sends a LL_ENC_REQ and the peripheral responds with LL_ENC_RSP (which must have something in it that doesn't match. The peripheral then responds with LL_REJECT_IND. I don't see this handled in the SDK and wonder what is the correct action?

Similarly, if the central no longer has the bonding information, but the peripheral does what is the expected behavior?

I did have a follow up question related to central and peripheral bonding data becoming of "lost". If the central has it's bonding information, but the peripheral no longer does.

From my BT capture I see that the central sends a LL_ENC_REQ and the peripheral responds with LL_ENC_RSP (which must have something in it that doesn't match. The peripheral then responds with LL_REJECT_IND. I don't see this handled in the SDK and wonder what is the correct action?

Similarly, if the central no longer has the bonding information, but the peripheral does what is the expected behavior?

The default behavior is to reject pairing attempts from peers where there already exists a bond. This is for security reasons, as if you allow that, it means that an attacker can spoof the address of the peer you are bonded with, and replace that bond. It is however possible to allow re-pairing by BT_SMP_ALLOW_UNAUTH_OVERWRITE if you want to. Sometimes this may be required from a usability perspective, but it is important to be aware of the security implications.

The BT_SMP_ALLOW_UNAUTH_OVERWRITE doesn't pertain to SDK 15.3 I don't believe (at least I don't see any reference to that type of functionality).

Specifically, I purposely deleted the bonding information from the peripheral to see the behavior so I'm trying to understand what the correct procedure is for forcing a re-bonding if either the central or peripheral loses the non-volatile storage holding the bonding information. Obviously, in our app on the central side I can delete the peer information (e.g., pm_peers_delete) which should force a re-bonding. What can I do from the central side if I have lost the bonding information but the peripheral has not? I'm just trying to understand what the spec says should occur in these instances.

Hi,

Sorry, forgot the context over the weekend. The default behavior of the nRF5 SDK as well  is to reject re-pairing attempts for the reasons I explained in my previous points. You can allow re-pairing on that device too though, by doing as described in this post.

mlyonupdesigns said:

What can I do from the central side if I have lost the bonding information but the peripheral has not? I'm just trying to understand what the spec says should occur in these instances.

The spec does not describe how this should be handled, it is up to the product designer. Generally, it is not a good idea to allow re-pairing. But for many small embedded devices it is needed. In the case you describe here, where the bonding information is lost on the central, the only way to recover is if the peripheral either has some mechanism to delete bonding data (for instance with a button press or similar), or if you allow re-pairing. It is commonly done, but as it is a potential security issue, it is prohibited by default in both the nRF5 SDK and nRF Connect SDK.

As described in the "post" you cite...will the LL_REJECT_IND sent by the peripheral trigger the PM_EVT_CONN_SEC_CONFIG_REQ, or more specifically, how is the central informed the the LL_REJECT_IND has been sent (this is received by the soft device, but I don't see how it bubbles up)?

No, it is not like that. If the central initiate pairing/bonding of the link, and the peripheral already have a bond with this central, you will get the PM_EVT_CONN_SEC_CONFIG_REQ event on the peripheral side. If you allow re-pairing by calling pm_conn_sec_config_reply() as shown in the mentioned post, a new pairing procedure will start. If not, the peripheral will send LL_REJECT_IND. If the device that initiated bonding (central in this case) is an nRF, you will get a PM_EVT_CONN_SEC_FAILED event at this point (when it has received the LL_REJECT_IND).