Strict pairing with BLE

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
FrSt_4749731
Level 3
Level 3
10 replies posted 10 questions asked 10 sign-ins

Hello,

 

I read the BLE component datasheet for v3.66 about the strict pairing and is now clear to me how it should work, but some things are still not clear to me. In our project we are using OTA Upgradable Stack mode and strict pairing was checked for both BLE components (BLE Stack and BLE Application). The pairing worked fine. We are using following security settings:

GAP_Security_Strict_Pairing_YES.png 

Then we updated to the v3.66 and problems started. The pairing still worked for the application, but not anymore when the device was in bootloader mode.

I then found out this discussion:

https://community.cypress.com/t5/PSoC-4-MCU/Can-t-pair-to-a-phone-when-update-BLE-module-from-3-30-t...

So I disabled strict pairing and now everything is working also under the bootloader.

Questions are:

- Why is in the application mode still working when I have enabled strict pairing? And why do I need to disable strict pairing for the bootloader mode?

- If mobile phone does not use security or encryption, will the device go to unsecure mode and still perform the connection? What are the minimum security requirements that pairing will still work regarding the device security settings?

 

Thanks for the answers, Frenk

0 Likes
1 Solution
lock attach
Attachments are accessible only for community members.
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hi Frenk,

1. Irrespective of the security level and Strict pairing setting, the Central and peripheral devices will connect to each other. 

2. After connection, if suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is No Security No pairing and with Strict pairing as No, then the AUTHENTICATION FAILS. This answers to your question that even in case of Strict pairing set as No, the devices will not authenticate each other if the security level requirements are not met.

3. If suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is Unauthenticated pairing with encryption and with Strict pairing as No, then the AUTHENTICATION SUCCEEDS with a negotiation from the Central (Unauthenticated pairing with encryption).

4. If suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is Unauthenticated pairing with encryption and with Strict pairing as Yes, then the AUTHENTICATION FAILS. This is because of the definition of the Strict pairing property.

Please find the attached PSoC Creator projects for Central and Peripheral we tested at our side to provide you the above results. We recommend you to test them with different settings at your side and see the tera term log for pairing information.

Hope this helps!

Thanks

Ganesh

 

View solution in original post

3 Replies
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hi Frenk,

Ideally the Strict pairing option is not affected the BLE component version. Can you please share your project? We will check it here.

Thanks

Ganesh

0 Likes
FrSt_4749731
Level 3
Level 3
10 replies posted 10 questions asked 10 sign-ins

Hello Ganesh,

 

Thanks for replying to this question.

For the project the testers did not test it correctly so problem with the strict pairing was in normal mode and in the bootloader mode.

I found similar thread: https://community.cypress.com/t5/PSoC-4-MCU/Discover-Security-capability-of-Peripheral-via-API-call-...

But also there I did not find the actual answer what does really happen if the strict pairing is disabled:

If mobile phone does not use security or encryption, will the device go to unsecure mode and still perform the connection? What are the minimum security requirements that pairing will still work regarding the device security settings? As I mention for the security we are using Mode 1 and Authentication with encryption. So how secure are we if we disable strict pairing?

 

Thanks, Frenk

0 Likes
lock attach
Attachments are accessible only for community members.
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hi Frenk,

1. Irrespective of the security level and Strict pairing setting, the Central and peripheral devices will connect to each other. 

2. After connection, if suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is No Security No pairing and with Strict pairing as No, then the AUTHENTICATION FAILS. This answers to your question that even in case of Strict pairing set as No, the devices will not authenticate each other if the security level requirements are not met.

3. If suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is Unauthenticated pairing with encryption and with Strict pairing as No, then the AUTHENTICATION SUCCEEDS with a negotiation from the Central (Unauthenticated pairing with encryption).

4. If suppose security level of peripheral is Authenticated pairing with encryption and security level of Central is Unauthenticated pairing with encryption and with Strict pairing as Yes, then the AUTHENTICATION FAILS. This is because of the definition of the Strict pairing property.

Please find the attached PSoC Creator projects for Central and Peripheral we tested at our side to provide you the above results. We recommend you to test them with different settings at your side and see the tera term log for pairing information.

Hope this helps!

Thanks

Ganesh