nRF52832 and Android Nougat – simple and secure touch-to-pair.

It is exciting to see that in the release of Android Nougat, in addition to 72 new emojis, support for Bluetooth pairing with NFC using the out-of-band (OOB) method is included. By utilizing NFC pairing on Android Nougat, you can avoid the need to type in a passkey on your product, and still perform a secure pairing. And it is so simple that your grandma can do it :).

The nRF52832 have a built-in NFC radio (dynamic NFC Tag). So the additional cost to enable NFC pairing to your product is very low. In fact, all you need is 2 small passive components and an NFC antenna. The rest is implemented on the nRF52832. For the software needed, we have examples in our nRF5 SDK of how to do secure pairing (among other things) using NFC. In fact, we have had examples to do NFC pairing using the OOB method in our nRF5 SDK for quite a while and it worked with Android Nougat “out-of-the-box”.

What is new in Android Nougat?

So what is the difference between the NFC pairing perform by previous versions of Android and Android Nougat? Let me try to explain. Take a look at the figure below, there you can see the transactions during a pairing over NFC using the OOB method.

image description

Previously, Android phones didn’t use the security key (“TK Value” – as per BT spec) which was sent over NFC, and paired using the “just works method”. The pairing process was simple, but not very secure, because for generating encryption keys, the “just works method” uses a key with all values set to zeros. This makes the pairing process susceptible to eavesdropping attacks.

Now, with Android Nougat, the 16-byte temporary key, sent over NFC is used to generate the encryption keys used later in the pairing process. Thus, now the pairing process protects against both man-in-the-middle attacks, due the short range of NFC, as well as passive eavesdropping attacks.

Getting started

To get stated with this you need a nRF52DK and the newest SDK. The examples which show secure pairing using NFC are: “experimental_ble_app_hrs_pairing_nfc”, and “experimental_ble_app_hids_keyboard_pairing_nfc”