8 years, 2 months ago.

BLE Security, Numeric Passkey vs Private key

Hi to all BLE security gurus

I have a device with no IO capacity, but want the maximum security possible. I can set the key internally, however if I use the Numeric passkey security model then I'm restricted to 6 digit 0-9, however according to the BLE spec the private key used for the ECDH is 128bits. Is it possible to use the OOB model and write the private key directly to the stack? I haven't found any reference in the API to setting OOB or accessing the private key so don't know if this is even feasible.

My proposal is that at default my devices private key is set to a known value. When user/central first connects and is authenticated they have to write a new key. For all connections after that the new key is used. The only weakness should then be in the initial exchange of the new key, so user has to ensure this is done securely, maybe even reduce tx power so range is limited.

Regards Andrew

Chasing through the Nordic forum I've found that only the latest Softdevice S130 v2.0.0 supports the LE secure connections, so I presume this also mean the ECDH. Which version softdevice is mbed using, and how do I specify S130 or S110?

posted by Andrew Fox 14 Apr 2016

1 Answer

6 years, 11 months ago.

Hi Andrew,

Similar issue here, did you happen to find any solution? We also have the issue where iPhone has trouble on second connection as you mentioned here: https://developer.mbed.org/forum/team-63-Bluetooth-Low-Energy-community/topic/5661/

Any help or feedback on whether you were able to fix this would be highly appreciated!


Sorry for late reply, we ended up with a work around, implementing our own security key on top of BLE. Still have occasional problems with iPhone. Something to do with the BLE stacks record of registered peers getting out of sync. Unfortunately not happening often enough to nail down the problem.

posted by Andrew Fox 25 Oct 2017