5 posts / 0 new
Last post
payanek
Offline
Last seen:9个月5天前
加入:2015-08-18 15:24
DSPS Security

Hi support team,

I am trying to dig into the DSPS example based on the SDK5.0. I have question regarding the security.
I ran across CFG_APP_SECURITY so I tried to set up device side according to the this tutorial.
http://support.dialog-semiconductor.com/resource/tutorial-6-pairing-bond...

When i try to connect from android app, I am requested to fill in pairing key and then connection is working.
Now I would expect host side to be not working, but when I load host app into the another DA14580 chip, connection is estabilished and data are transferred.

My question is, have I missed something, is the security really implemented by having done those steps marked in the tutorial? Is the connection secure in some way now?

Thank you for your help
Best Regards
Pavel

Device:
MT_dialog
Offline
Last seen:2 months 6 days ago
工作人员
加入:2015-06-08 11:34
Hi payanek,

Hi payanek,

There are different kinds of security on the BLE seems that you ve implemented the PIN requirement as the tutorial intructs. How you are enabling security ? are you sending a GAPC_SECURITY_CMD in order to force the central to start a security ? If you are, the android will respond to that command and will start the pairing procedure and the encryption procedure, as the peripheral device instructs, but in the case of the 580 host there is no implementation that will respond to that request and there will be no security over your connection. The reason for being able to exchange data is probably because you ve haven't placed the proper rights in the attributes of the database, if you left some the permissions into just ENABLE then the central has all the rights in reading and writing your characteristics so the peripheral will just let it. So in case of the android, yes you have a secure connection, but in the 580 host there is no security since the central never issues a pairing request.

Thanks MT_dialog

payanek
Offline
Last seen:9个月5天前
加入:2015-08-18 15:24
Hi MT_dialog,

Hi MT_dialog,
thank you very much for the answer. The database permission for each entry was ENABLE.
Changed to the AUTH permits access without pin.
Do you have any hints, how to implement pairing with 580 host?
As i understand, encryption of the data requires further implementation and is not easily accesible from the stack side. Is that correct? I have read about the AES HW, is there any reference how to use this in the data exchange?

thank you very much for help
Pavel

MT_dialog
Offline
Last seen:2 months 6 days ago
工作人员
加入:2015-06-08 11:34
Hi payanek,

Hi payanek,

There is no example in showing how to implement security on the host side, you can check the RW_BLE_GAP_IS.pdf in order to check the messages that should be exchanged between the peripheral and host in order to do that. You dont need to interact with the AES hardware when using the security feature, with the proper messages the stack will take care of the encryption on your connection. Regarding the usage of the AES is for implementing additional encryption to your data from your application (i repeat that you dont need to do anything in stack level the stack will apply encryption automatically), you can check how it can be used in the document i ve indicated, check the GAPM_USE_ENC_BLOCK_CMD.

Thanks MT_dialog

payanek
Offline
Last seen:9个月5天前
加入:2015-08-18 15:24
Thank you for your answer, I

Thank you for your answer, I will check the document and let´s see, if I succeed with host implementation.