2 Replies Latest reply on Oct 29, 2015 7:51 AM by dasmc_2125571

    Questions about GATT properties/permissions




      I have several characteristics that I want to make readable and writable(no response) ONLY when the link is encrypted.  I've searched the forum, but haven't found a definitive answer to the following questions:

      1) Do the permissions logically AND with the properties?  For example, if I enabled the read property and the read(authenticated) permission, does that allow reading only over an encrypted link?


      2) Does the "authenticated" modifier on permissions solely indicate encryption required, or is MITM authentication being performed as well?


      3) What combination of properties/permissions would result in requiring an encrypted link before the characteristic can be accessed?


      4) I've seen mentions in a few other threads on the forum (late last year & earlier this year) a security app note that was in the process of being developed.  Is it available yet, and if so, where?


      Thank you for any assistance,


        • 1. Re: Questions about GATT properties/permissions



          1). I don't know how permissions and properties are implemented at the lower level and if they are logically AND. But here is what our document says about permissions:


          How to Write WICED Smart Applications on page 11:

          "The permission parameter specifies whether the characteristic value can be read and/or written by the client

          and identifies the security level required for the read, write, notify, and indicate procedures. These are

          permissions set up by this application (Table 2 on page 12 lists the defined permission bits)"


          So yes if you want a read property, also give read permissions. Now depending on which permission you give, it will define the security level required. The Table 2 on page 12 has the definitions of the permissions.


          if I enabled the read property and the read(authenticated) permission, does that allow reading only over an encrypted link? yes.


          2). This depends on what kind of pairing has been established.

          I think our implementation of the stack allows three types of pairing: Just Works, Passkey, Out of Box(OOB)


          According to Bluetooth SIG (LE Security | Bluetooth Development Portal), "MITM protection is obtained by using the passkey entry pairing method or may be obtained using the out of band pairing method."


          You can refer to hello_client to for passkey and OOB implementations


          3). as an example you can do something like this:






          You can try playing around with WICED Bluetooth Designer to create a new GATT DB.

          (File->New->WICED Bluetooth Designer)


          WICED Smart Video BLOG: SDK 2.1 Smart Designer Tool Walk-Thru


          4). Can you give us the links to the forums you are referring to? Don't know what you are referring to.


          Does this help? Let us know.




          • 2. Re: Questions about GATT properties/permissions

            Thank you for the answer userc_19497.  I think it clarifies the situation somewhat for me.


            The security document/app note I was asking about in #4 above was mentioned in the following posts ...

            Re: BCM20737S security features

            mwf_mmfae said -- "A security AppNote was originally due out this quarter, but I'm not sure if that is still the case as this may move to Q4." [2014]


            Re: Update on RSA and/or app note for BCM20737?

            andrew997 said -- "Any updates on the availability of an app note and/or example app demonstrating the RSA capabilities of the BCM20737?" [2015]