How to secure connection with mbed BLE

27 Jun 2015

A already ask a question about it here(https://developer.mbed.org/questions/54121/How-to-secure-ReadWriteGattCharacteristi/) , but nobody have any ideas on this.

May somebody have any experience deeper than demo examples?

27 Jun 2015
29 Jun 2015

Rohit, thanx a lot for this example! I try to implement this in my solution this way:

I add securityManager setup for BLE and security callbacks: ble.securityManager().init(enableBonding, requireMITM, SecurityManager::IO_CAPS_DISPLAY_ONLY);

ble.securityManager().onPasskeyDisplay(passkeyDisplayCallback); ble.securityManager().onSecuritySetupCompleted(securitySetupCompletedCallback);

Then i add security for my Characteristics: some1Characteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM); some2Characteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);

Everything works fine, while i try to write any to my some1Characteristic a have to pass security check once, and i got the passkey on onPasskeyDisplay Callback:

void passkeyDisplayCallback(Gap::Handle_t handle, const SecurityManager::Passkey_t passkey) { serial.printf("Input passKey: "); for (unsigned i = 0; i < Gap::ADDR_LEN; i++) { serial.printf("%c ", passkey[i]); } serial.printf("\r\n"); }

This process for devices with display, but when i try to put my own passkey - i have a problems: uint8_t pass[6] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01}; ble.securityManager().init(enableBonding, requireMITM, SecurityManager::IO_CAPS_DISPLAY_ONLY, pass);

So, how i can implement my own pass?

29 Jun 2015

I haven't tried to set my own passkey, but I think the problem is caused by the passkey value "0x01". The passkey should be vaild ASCII value from '0' to '9'.

For example, if you want to set your passkey to "111111", then your passkey array should be uint8_t passkey[6] = {0x49, 0x49, 0x49, 0x49, 0x49, 0x49}. Because ASCII '1' equals to 0x49.

29 Jun 2015

Need to make a small correction to the reply above, 49 is an ASCII 1 character. The 0x notation indicates a hexadecimal number. In that case it would be 0x31 for the ASCII 1 character.

29 Jun 2015

I've just tried this and it works!

/* Initialize BLE security */ bool enableBonding = true; bool requireMITM = true; uint8_t pass[6] = {'1', '2', '3', '4', '5', '6'}; ble.securityManager().init(enableBonding, requireMITM, SecurityManager::IO_CAPS_DISPLAY_ONLY, pass);

27 Jul 2016

The method that you are talking about, what does it accomplish? Is is that a phone that is now connected to the ble device will have to enter a password in order to pair with the device or is it that the password will have to be entered on the device running ble?

25 Oct 2016

Hi,

I have gone through the tutorial of ble secure heart rate example. I am able to do bonding with static passkey but no security is happening. I'm unable to define a passkey for particular service. Please guide me, where should I need to do change to ask for bond for particular characteristics and services bonding so that after bonding only, I can use the services(not before bonding)?

Please guide me as soon as possible. Thanks.

04 Nov 2016

Hi everyone,

I have tried the example of ble secure heart rate and successfully provide bonding for particular characteristics. Thank you very much for this example, it helped me a lot in securing particular services and characteristics..

I want to secure my ble device meaning it should ask for passkey before connection establishment. Is there a way, I can use static passkey to secure the ble device. Please help me. Thanks Priya

23 Feb 2017

Hi everyone,

I'm making a project smart key using nRF51822 and mbed library. Some features I want to make for my project are: - Mobile register an account on server and then receive passkey from server. - Server send key to the lock and compare the key of mobile. If they are matched, the lock will be unlocked.

I've tried security manager . In situation that I lost my phone, it means that I lost the key, I will ask the server to create new key for me, how can I reset the passkey to the lock. Anyone can help me?

Thank you and best regard, Ruby

25 Aug 2017

Hello! I would like to ask if your method is possible to be applied at the Simple Chat application of RedBearLab to secure the connection with a password. https://developer.mbed.org/teams/RedBearLab/code/nRF51822_SimpleChat/

30 Aug 2017

Yes, you can apply the same principles to SimpleChat.