[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKJfos-Hxcf3TC03H7-m0DskYPDTOVBx=X9OXCi8h+9=y8+z4g@mail.gmail.com>
Date: Fri, 1 Nov 2019 17:18:12 -0700
From: Yy Bb <by312139@...il.com>
To: linux-kernel@...r.kernel.org
Subject: How to implement BLE security?
We implemented the communication between a Linux device and mobile app
via BLE. We are able to read and write data by using a free app "nRF
Connect".
Now we need to support the BLE security. Basically our data is
sensitive. We want to protect our data from MITM. So we need to
support a reasonable high standard of security. It seems "Security
Mode 1, Level 3: Authenticated pairing with encryption" is what we
need. Our device doesn't support visually input. We use BlueZ, D-Bus
and Python3 on the Linux side.
But I have some practical questions:
1. For pairing, how do we support password protection? Is this
something only for the mobile app developer?
2. How do we know when pairing happens on the Linux side? Is there a
callback or notification we can use from BlueZ Python API?
3. How does data encryption work? Some mentioned AES-CMAC, some
mentioned AES-CCM? Which one should we use? So we'll just need to
encrypt the data on the Linux Python and send the data?
Thanks in advance!
Powered by blists - more mailing lists