lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKJfos-Hxcf3TC03H7-m0DskYPDTOVBx=X9OXCi8h+9=y8+z4g@mail.gmail.com>
Date:   Fri, 1 Nov 2019 17:18:12 -0700
From:   Yy Bb <by312139@...il.com>
To:     linux-kernel@...r.kernel.org
Subject: How to implement BLE security?

We implemented the communication between a Linux device and mobile app
via BLE. We are able to read and write data by using a free app "nRF
Connect".
Now we need to support the BLE security. Basically our data is
sensitive. We want to protect our data from MITM. So we need to
support a reasonable high standard of security. It seems "Security
Mode 1, Level 3: Authenticated pairing with encryption" is what we
need. Our device doesn't support visually input. We use BlueZ, D-Bus
and Python3 on the Linux side.
But I have some practical questions:
1. For pairing, how do we support password protection? Is this
something only for the mobile app developer?
2. How do we know when pairing happens on the Linux side? Is there a
callback or notification we can use from BlueZ Python API?
3. How does data encryption work? Some mentioned AES-CMAC, some
mentioned AES-CCM? Which one should we use? So we'll just need to
encrypt the data on the Linux Python and send the data?

Thanks in advance!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ