Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

Smart Bluetooth Forum Discussions

Anonymous
Not applicable

Hi,

    We are very interested in using BLE in our new product, and particularly your modules. However, as our comms link will carry very sensitive data we are concerned about the lack of Ellipitical curve cryptography during the pairing process. Therefore my question is, is it feasible to implement RSA for authentication at this stage, to effectively replicate the old more secure classic Bluetooth atandard, or does the existing BLE stack restrict you from manipulating the data passed during pairing etc?

Thanks in advance!

0 Likes
1 Solution
MiTo_1583836
Level 5
Level 5
50 likes received 25 likes received 10 likes received

As far as I can see ECDH (Elliptic Curve Diffie-Hellman) is not part of the Bluetooth Low Energy specification yet (see here: LE Security | Bluetooth Development Portal ), maybe in the next release. This means the communication is sensitive to eavesdropping.

You will need to probably come up with your own key agreement protocol on top of the BT Low Energy. Depending the capability of your slave, you may be able to implement ECDH. If the target device is not powerfull enough you may need to find something else. I have seen, on-line, implementation with the Merkel's puzzle: Merkle's Puzzles - Wikipedia, the free encyclopedia

View solution in original post

0 Likes
2 Replies
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

It's my understanding that the RSA support within the BCM20737S will provide a path for authentication and other security mechanisms that rely on the capability to run standard security functions (SHA1, MD5 etc.).

For instance, you may need to authenticate a user before opening/unlocking a BLE based device or authenticate a secure medical device before granting it access to an iPhone.

I don't think pairing is excluded, but will need to check with the developers.

I know that one of our partners,iDevices, also supports custom authentication within their BCM20732S based module as well.

smonteith1  victorz  j.t

0 Likes
MiTo_1583836
Level 5
Level 5
50 likes received 25 likes received 10 likes received

As far as I can see ECDH (Elliptic Curve Diffie-Hellman) is not part of the Bluetooth Low Energy specification yet (see here: LE Security | Bluetooth Development Portal ), maybe in the next release. This means the communication is sensitive to eavesdropping.

You will need to probably come up with your own key agreement protocol on top of the BT Low Energy. Depending the capability of your slave, you may be able to implement ECDH. If the target device is not powerfull enough you may need to find something else. I have seen, on-line, implementation with the Merkel's puzzle: Merkle's Puzzles - Wikipedia, the free encyclopedia

0 Likes