5 Replies Latest reply on Jul 11, 2018 2:32 AM by yssu

    secure connection/pairing with BLE

    vmore_3321141

      Hello!

       

      I am using the sample app serial_gatt_db and its peer app on Android. In the application, the device is connected to the phone but not paired. I think this does not ensure a secure transfer of data (please correct me if I am wrong). How can I enable LE security / encryption when using this app so that the data transferred(in this case 'serial' data). Is there any reference that I can take a look at?

        • 1. Re: secure connection/pairing with BLE
          yans

          Hi Agusta

           

          Which chip do you use?

           

          Regards

          Jenson

          • 2. Re: secure connection/pairing with BLE
            vmore_3321141

            Hello, I have the CYW43438 bt chip and STMF4 mcu.

            What is the general practice like? To encrypt data yourself and write to the characteristic when just 'connected' (not paired) OR pairing with the device and sending un-encrypted data (relying on BLE security) ?

            Will changing

            .security_requirement_mask = BTM_SEC_NONE

            to

            .security_requirement_mask = BTM_SEC_ENCRYPT

            ensure some level of encryption by the ble controller? How is this different from secure passkey exchange demonstrated in ble wifi introducer for example. Some clarification on this would be really helpful.

            • 3. Re: secure connection/pairing with BLE
              yssu

              Using the default encryption procedure specified by Bluetooth would be better than trying to encrypt the data from application.

              You could use the wiced_bt_dev_sec_bond() API to request the peer device for pairing and bonding.

               

              The .security_requirement_mask is not used for LE, so you can omit it.

              1 of 1 people found this helpful
              • 4. Re: secure connection/pairing with BLE
                vmore_3321141

                yssu Does the wiced_bt_dev_sec_bond() API need to be used in conjunction with the wiced_bt_dev_set_encryption() API, ie once pairing is complete do we need to set the encryption explicitly? Is the connection guaranteed to be secure after the keys are exchanged/pairing is complete? I tried to add wiced_bt_dev_set_encryption() function in the BTM_PAIRING_COMPLETE_EVT event but I get NO_RESOURCES error 8034. I am not sure if this is required, it'd be great if you could clarify.

                Additionally, the wiced_bt_dev_get_bonded_devices() API doesnt seem to be supported, so in order to be able to pair multiple devices, do we need to store the bluetooth address of the peer device and it's corresponding keys in DCT? The struct wiced_bt_device_link_keys_t stores the static LE address which doesn't match with the public one, so do these addresses and their keys need to be stored in some custom struct (which is doable, but if there is a better way I'd like to know). Thanks!

                • 5. Re: secure connection/pairing with BLE
                  yssu

                  - You don't have to explicitly call wiced_bt_dev_set_encryption(). wiced_bt_dev_sec_bond() API will take care of encrypting the link once the devices are paired.

                   

                  - You need to store the peer device keys to NVRAM under the BTM_PAIRED_DEVICE_LINK_KEYS_UPDATE_EVT event. You can use the wiced_hal_write_nvram() API to store the data to NVRAM.

                   

                  - In the wiced_bt_device_link_keys_t struct, both the public address and the random address are present. wiced_bt_device_link_keys_t->wiced_bt_device_address_t gives the random address (if used by the peer) and the wiced_bt_device_link_keys_t->wiced_bt_device_sec_keys_t has the ID address of the peer device.

                  1 of 1 people found this helpful