|
Coming soon |
1. STM32WB - BLE security
Vocabulary and BLE security configuration. Legacy Pairing and Secure Connection
The BLE security model includes 5 security features:
- Pairing: process for creating one or more shared secret keys.
- Bonding: act of storing the keys created during pairing for use in subsequent connections in order to form a trusted device pair.
- Device authentication: verification that the two devices have the same keys.
- Encryption: provides message confidentiality.
- Message integrity: protects against fake messages.(4 bytes Message Integrity Check MIC)
BLE uses 2 security levels:
- Legacy Pairing – Short Temporary Key (STK). STK will be created to encrypt connection. Then, if bonding, LTK will be used for subsequent connections. Legacy Pairing with passkey entry[1]
- Secure Connection – Long Term Key (LTK). LTK will be created to encrypt connection. Pairing feature exchange, key generation method selection, authentication and LTK principle[2]
Initialization (when no link is established)
Set the IO capability of the device with aci_gap_set_io_capability
| IO capability |
|---|
Set the authentication requirements for the device with aci_gap_set_authentication_req
| Set authentication requirement |
|---|
1.1. Legacy pairing and no fixed pin
- Initialization
aci_gap_set_io_capability(0x04 - IO_CAP_KEYBOARD_DISPLAY)
aci_gap_set_authentication_req (0, - no bonding mode
1, - mitm_mode
0, - SC pairing not supported
0, - keypress notification not supported
7, - min_encryption_key_size
16, - max_encryption_key_size
1, - do not use a fixed pin
111111, - fixed pin
0 - identity address type)
| Legacy pairing and no fixed pin |
|---|
1.2. Legacy pairing and fixed pin initiated by the peripheral
- Initialization
aci_gap_set_io_capability(0x00 - IO_CAP_DISPLAY_ONLY)
aci_gap_set_authentication_req (0, - no bonding mode
0, - no mitm
0, - SC pairing not supported
0, - keypress notification not supported
7, - min_encryption_key_size
16, - max_encryption_key_size
0, - use a fixed pin
111111, - fixed pin (used)
0 - identity address type)
| Legacy pairing and fixed pin |
|---|
1.3. Pairing Secure connection
- Initialization
aci_gap_set_io_capability(0x04 - IO_CAP_KEYBOARD_DISPLAY)
aci_gap_set_authentication_req (0, - no bonding mode
1, - mitm mode
1, - SC pairing supported but optional
0, - keypress notification not supported
7, - min_encryption_key_size
16, - max_encryption_key_size
1, - do not use a fixed pin
111111, - fixed pin (not used)
0 - identity address type)
| Secure Connection pairing |
|---|
2. Additional information - BLE characteristics and security permissions
2.1. STM32WB - BLE GATT characteristic
When a characteristic is created (aci_gatt_add_char), following security permissions could be given:
- 0x00: none
- 0x01: AUTHEN_READ (need authentication to read)
- 0x02: AUTHOR_READ (need authorization to read)
- 0x04: ENCRY_READ (need encryption to read)
- 0x08: AUTHEN_WRITE (need authentication to write)
- 0x10: AUTHOR_WRITE (need authorization to write)
- 0x20: ENCRY_WRITE (need encryption to write)
2.1.1. READ and WRITE properties
A characteristic is created with properties READ and WRITE
2.2. AUTHEN_READ and AUTHEN_WRITE security permissions
After the discovery of services and characteristics, if the client tries to read or write this characteristic, an error is returned (ACI_GATT_ERROR_RESP_EVENT) with error_code=0x05 (insufficient authentication)
Set MITM (in aci_gap_set_authentication_requirement) is necessary and need of start pairing to be able to read/write the characteristic with 'need authentication' permissions.
Security permission 'need authentication' is more restrictive than 'need encryption'.
2.3. ENCRY_READ and ENCRY_WRITE security permissions
After the discovery of service and characteristic, if the client tries to read or write this characteristic, an error is returned (ACI_GATT_ERROR_RESP_EVENT) with error_code=0x0F (insufficient encryption)
If the devices are paired and encryption is started, read and write operations can be done. No need to set MITM and need of starting pairing to be able to read/write the characteristic with 'need encryption' permissions
2.4. AUTHOR_READ and AUTHOR_WRITE security permissions
The way to use characteristic with 'need authorization' permissions: after the connection_complete_event, the server sends the command aci_gap_set_authorization_requirement (for current connection handle) the master initiates pairing. When the pairing is complete, ACI_GAP_AUTHORIZATION_REQ_EVENT is generated on server side which sends aci_gap_authorization_resp(conn_handle, authorize) then the client can read/write the characteristic.