secure connection/pairing with BLE

agmi_3321141 · ‎Jun 12, 2018

Hello!

I am using the sample app serial_gatt_db and its peer app on Android. In the application, the device is connected to the phone but not paired. I think this does not ensure a secure transfer of data (please correct me if I am wrong). How can I enable LE security / encryption when using this app so that the data transferred(in this case 'serial' data). Is there any reference that I can take a look at?

Anonymous · ‎Jun 25, 2018

Using the default encryption procedure specified by Bluetooth would be better than trying to encrypt the data from application.

You could use the wiced_bt_dev_sec_bond() API to request the peer device for pairing and bonding.

The .security_requirement_mask is not used for LE, so you can omit it.

View solution in original post

ShengY_96 · ‎Jun 12, 2018

Hi Agusta

Which chip do you use?

Regards

Jenson

agmi_3321141 · ‎Jun 13, 2018

Hello, I have the CYW43438 bt chip and STMF4 mcu.

What is the general practice like? To encrypt data yourself and write to the characteristic when just 'connected' (not paired) OR pairing with the device and sending un-encrypted data (relying on BLE security) ?

Will changing

.security_requirement_mask = BTM_SEC_NONE

to

.security_requirement_mask = BTM_SEC_ENCRYPT

ensure some level of encryption by the ble controller? How is this different from secure passkey exchange demonstrated in ble wifi introducer for example. Some clarification on this would be really helpful.

Anonymous · ‎Jun 25, 2018

Using the default encryption procedure specified by Bluetooth would be better than trying to encrypt the data from application.

You could use the wiced_bt_dev_sec_bond() API to request the peer device for pairing and bonding.

The .security_requirement_mask is not used for LE, so you can omit it.

agmi_3321141 · ‎Jun 27, 2018

yssu Does the wiced_bt_dev_sec_bond() API need to be used in conjunction with the wiced_bt_dev_set_encryption() API, ie once pairing is complete do we need to set the encryption explicitly? Is the connection guaranteed to be secure after the keys are exchanged/pairing is complete? I tried to add wiced_bt_dev_set_encryption() function in the BTM_PAIRING_COMPLETE_EVT event but I get NO_RESOURCES error 8034. I am not sure if this is required, it'd be great if you could clarify.

Additionally, the wiced_bt_dev_get_bonded_devices() API doesnt seem to be supported, so in order to be able to pair multiple devices, do we need to store the bluetooth address of the peer device and it's corresponding keys in DCT? The struct wiced_bt_device_link_keys_t stores the static LE address which doesn't match with the public one, so do these addresses and their keys need to be stored in some custom struct (which is doable, but if there is a better way I'd like to know). Thanks!

Anonymous · ‎Jul 11, 2018

- You don't have to explicitly call wiced_bt_dev_set_encryption(). wiced_bt_dev_sec_bond() API will take care of encrypting the link once the devices are paired.

- You need to store the peer device keys to NVRAM under the BTM_PAIRED_DEVICE_LINK_KEYS_UPDATE_EVT event. You can use the wiced_hal_write_nvram() API to store the data to NVRAM.

- In the wiced_bt_device_link_keys_t struct, both the public address and the random address are present. wiced_bt_device_link_keys_t->wiced_bt_device_address_t gives the random address (if used by the peer) and the wiced_bt_device_link_keys_t->wiced_bt_device_sec_keys_t has the ID address of the peer device.

secure connection/pairing with BLE

Re: secure connection/pairing with BLE

Re: secure connection/pairing with BLE

Re: secure connection/pairing with BLE

Re: secure connection/pairing with BLE

Re: secure connection/pairing with BLE

Re: secure connection/pairing with BLE