Other Parts Discussed in Thread: CC2640, CC2640R2F, CC2650
Hello all,
I have a project that utilize TI dual mcu solution which is MSP432 + CC2650MODA (SNP firmware) that acts as BLE peripheral.
The BLE central would be an Android or iOS Smartphone in my project scheme.
Security is one of key requirement on my project and since I also quite new to this BLE world but I have slight experience on cryptography on embedded such as polarssl.
So I tried to find as much information as I could about BLE 4.2 security feature and also read the limitations for SNP on CC2640 SNP API Guide, but I need help to verify and clear my understanding about this whole things.
My project obviously requires the peripheral for not having input or output and from what I read this shall left me with Just Works association model that results in unauthenticated communication and no Man In the Middle (MITM) protection.
However the pairing process of Just Works is said to be the same with Numeric Comparison except for the last 6 digits that should be verified and that is not performed on Just Works.
So my questions are:
- I wonder for Just Works case, especially in regard to this dual MCU solution, does this mean that ECDH process on pairing has been automatically performed by CC2650MODA (on its stack)?
- What about the end of pairing process which results in Long Term Key Calculation, is there any SNP API that I can access to get the LTK?
I only found SNP Set Security Parameter and SNP Set Authentication Data but it seems that it has nothing to do with key, please advise if it is not true. - If I set the security request on SNP Set Security Parameter, then I will do the LE secure pairing with Just Works association model.
Does it also implies that my data communication through GATT are encrypted? (I think I will buy BLE sniffer to verify this one) - Since this left me on unauthenticated communication due to Just Works, are there any advice to achieve authenticity?
Should I implement my own authentication or maybe key management/distribution on application layer by utilizing cryptographic library (ported to MSP432) and create data exchange (key, user input, nonce random, etc) through a characteristic on GATT layer?
Pardon me for the long post, I hope you all have a good day.
Best regards,
Pranata