STM32WB-WBA BLE security

Revision as of 13:47, 10 September 2021 by Registered User (→‎STM32WB - BLE security)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.
Under construction.png Coming soon

1. STM32WB - BLE security

Vocabulary and BLE security configuration. Legacy Pairing and Secure Connection

The BLE security model includes 5 security features:

Pairing: process for creating one or more shared secret keys. Bonding: act of storing the keys created during pairing for use in subsequent connections in order to form a trusted device pair. Device authentication: verification that the two devices have the same keys. Encryption: provides message confidentiality. Message integrity: protects against fake messages.(4 bytes Message Integrity Check MIC)

BLE uses 2 security levels:

  • Legacy Pairing – Short Temporary Key (STK). STK will be created to encrypt connection. Then, if bonding, LTK will be used for subsequent connections.
  • Secure Connection – Long Term Key (LTK). LTK will be created to encrypt connection.

1.1. Legacy pairing

Example 1: legacy pairing and no fixed pin

Initialization (when no link is established)

Set the IO capability of the device with *aci_gap_set_io_capability Parameter: IO capability aci_gap_set_io_capability(0x04) (IO_CAP_KEYBOARD_DISPLAY)

Set the authentication requirements for the device with *aci_gap_set_authentication_req Parameters: Bonding_mode, mitm_mode, sc_support, keypress notification, min_encryption_key_size, max_encryption_key_size, use_fixed_pin,fixed_pin, identity_address_type aci_gap_set_authentication_req(0,1,0,0,7,16,1,111111,0) (no bonding, MITM, secure connection pairing not supported, keypress notification not supported, min encryption key size, max encryption key size, no use of fixed pin, fixed pin (not used), public address type)


File:security1.png

Example 2: legacy pairing and fixed pin (111111) – initiated by the peripheral

aci_gap_set_io_capability(0x00) (IO_CAP_DISPLAY_ONLY)

aci_gap_set_authentication_req(0,0,0,0,7,16,0 (use fixed pin), 111111 (used fixed pin),0) (no bonding, no MITM, secure connection pairing not supported, keypress notification not supported, min encryption key size, max encryption key size, use of fixed pin, fixed pin (used), public address type)


File:security2.png

1.2. References

Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Connectivity:STM32WB-WBA_BLE_security&oldid=13771"