security - Securing Bluetooth LE Messages -


i have requirement communicate custom bluetooth le device. communication needs be

  • secure (plain text cannot read)
  • not vulnerable replay attacks
  • contained within 20 or 22 bytes per message bluetooth le restrictions (or phone api implementation restrictions)

trusting bluetooth le's native encryption alone seems poor choice based on this:

https://github.com/mikeryan/crackle/

so come implementing our own encryption. in normal client / server communication (tcp example) no message size restriction, aes-128 in cbc mode pre-shared private key might choice.

however bluetooth le

  • there's not enough space transmit initialization vector each characteristic read / write
  • it seems error prone keep track of changing ivs based on last block of last message received / transmitted, given multiple characteristics being broadcast etc.

have missed other way of making bluetooth le secure?

...fragment data 20 bytes , multiple write ble characteristic stored in gatt. need come protocol reassemble fragmented data.

to fight replay attack can generate, before each new connection, new challenge request , broadcast via advertisement. picked central , returned encrypted peripheral. make sure generate new challenge each new connection.

the bluetooth le pairing (not including oob) cannot trusted security point. there need encrypt data @ firmware application level on top of pairing (using work or better). implementation of symmetric encryption (aes128 or 256) challenge request way start.

lastly, suggest dig ble oob (out-of-band) pairing allows exchange of symmetric pairing key between central , peripheral. decent alternative secure communication. there couple of implementation nfc available.


Comments

Post a Comment

Popular posts from this blog

php - Submit Form Data without Reloading page -

i know question has been asked , answered bunch of times life of me can not solution work on code. believe if redo code, work properly, , in retrospect time i've spent on issue should have redone code...but beyond deadline , have working prototype up... can advise how update multiple forms on single page without reloading page? horrible @ php , complete noob js/jquery/ajax @ best. html/php in single file , believe causing me problems/is largest obstacle @ getting ajax form processing work. basically, want users to: select teams multiple dropdowns in form group 1 (league champs) , on update update db newly selected team without reloadding page. edit team scores per match , on score submit/update, update db new scores. for each requirement there multiple forms (1 each leagues, 1 each per match) have set class on each form id. everything works via php, form submission reloads page each time submitted , not ideal. i have tried ajax code here http://scotch.io/tutoria...
Read more

linux - Rails running on virtual machine in Windows -

the reason why want switch ubuntu people said gems works better on linux on windows. i don't want macbook pro rails development since love windows , cannot stand lack of apps mac. moreover, people saying ubuntu "better" mac: http://www.reddit.com/r/ubuntu/comments/1bgj1s/are_there_advantages_of_ubuntu_over_os_x_for/ does virtual box work enough doesn't have lag @ all? using i7-3517u cpu 8gb memory. need program in environment lag-free , not sluggish. or there alternatives recommend? i unsure permission settings or complicated stuffs regarding terminal. i'll using terminal develop. i'm still quite new here development in linux. please kind me >< thanks. @holyxiaoxin pretty sure should asking on superuser instead. nevertheless, suggest install ubuntu in partition instead of running virtual machine. here's guide https://help.ubuntu.com/community/windowsdualboot also, yes. developing in virtual machine accurate, @ end experiment w...
Read more