• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 51 subscribers
  • Views 2122 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Gap Bond Manager

Farshad Firouzi
Intellectual 400 points
Other Parts Discussed in Thread: CC2650, CC2640

I have two problems with BLE security:

1) I would like to add some security to my sensortag (cc2650). To do so, I am using GapBondMgr profile. The main issue is MITM (man in the middle) during key exchange (AES key). BLE solution is to use a passcode to prevent the attackers from listening the key transferred wirelessly. In this approach,  the passcode cannot transmit wirelessly and is displayed on one device (LCD).  Now the problem is that sensortag does not have LCD or keyboard.  I thought about replacing a global key and private key to exchange the AES key. After that, the connection can be secured by AES key? ----> I am talking about ECDH approach?

I think it is not released yet! Is it possible to add it  to the system? or we need to wait till TI release it?

2) I would like to have a small user management system in the sensor tag as well. In a way that as a owner of my sensortag, I give permission to some friend to read the data. How can I implement it? I would to ask the sensor to generate an access token for me and store the token in its memory. and then I will share the generated token with my friend. whenever my friend wants to work with the sensor, sensortag asks for a token and looksup it in its memory to see its valid or not? does make sense? if yes, where should I add this function? in the GapBondMgr?

Thanks

  • 0
    TI__Guru** 105180 points
    Hello,

    The LE Security / Legacy Pairing, as defined in BT4.0 & BT4.1, is susceptible to eavesdropping, even with MITM protection. What you describe with EDCH is defined in the BT4.2 LE Secure Connections security specification. Support for BT4.2 & LE Secure Connections on CC2640 will occur sometime next year.

    For your second proposal, this schema would need to be implemented as a BLE application, i.e., above GATT. The GAP Bond Manager can't be used as described.

    Best wishes
  • 0 in reply to JXS
    Intellectual 400 points
    Hello,

    Thanks for clarification.
    -In one of the previous discussion, I noticed that EDCH is going to be released Q4 by TI. is it postponed?

    -sometimes next year might be too late for us. Meanwhile, do you think it is practical to implement EDCH at application layer as well?

    Thank you
  • 0 in reply to Farshad Firouzi
    TI__Guru** 105180 points
    Hi Farshad,

    We are not able to provide precise dates on E2E as other factors may result in adjustments to the schedule. I can tell you that CC2640 will receive a SW update to support BT4.2 in 2016. Please contact your TI Representative to discuss schedules, etc.

    You can implement anything in your application that is within bounds of the computing resources & environment of the CM3 MPU. Keep in mind that, although the CC2640 will support BT4.2 LE Secure Connections, you can't guarantee that every peer device will have similar support. For that reason, many developers elect to implement security in their app (above BLE) commiserate to the data they need to protect.

    Best wishes