In this exercise, we will start with a version of the Bluetooth Peripheral LBS sample that does not have any security support. This is similar to the application we created in Lesson 4 Exercises 1 and 2, where we created our own custom LED Button Service. All characteristics of the service are open and anyone can read and write to them without any encryption. This also means anyone with a sniffer can follow the connection and read the exchanged data.
We will start by adding the encryption requirement to a LED characteristic’s write permission. Then, we will add pairing support to the application and practice encrypting the link to be able to write to the LED characteristic.
The second part of the exercise focuses on increasing the security level to have man-in-the-middle protection, i.e security level 3 and 4. We will add a display callback to display the passkey in the log output so that we can see the passkey and enter the key to the phone. This way, the end user can ensure that they are pairing to the correct device.
In nRF Connect for Mobile, connect to the device Nordic_LBS. Try to write to the LED characteristic to turn it on, as we have done in previous exercises. Notice that the LED (LED3) on the board does not react. This is because the characteristic now requires encryption, but the firmware does not have pairing support. The phone may terminate the connection because of this.
Let’s add pairing support to the firmware.
4. Add the Security Management Protocol layer to the Bluetooth LE stack.
The Kconfig symbol CONFIG_BT_SMP will add the Security manager Protocol to the Bluetooth LE stack, which is the layer that makes it possible to pair devices over Bluetooth LE.
Add the following line to the prj.conf file
5. Add a callback function for when the security level of the connection has changed.
Recall the connection callback structure struct bt_conn_cb that we used in the previous exercises. Let’s add a callback for the security_changed event as well.
5.1 Add the security_changed member to the callback structure
Add the following line in main.c
.security_changed = on_security_changed,
5.2 Define the callback function on_security_changed().
We want this callback function to display the current security level of the connection and inform if the link has been encrypted successfully or not.
This will increase the security level of the write permission of this characteristic from level 2 to level 3 or 4, depending in whether you are using legacy pairing or LE Secure Connections.
At this stage, even though you would still be able to pair with the board, the phone wouldn’t be able to control the LED. This is because the security level of the application doesn’t meet the requirement of the characteristic permission.
9. Define authentication callback functions
We have the authenticated pairing callback structure struct bt_conn_auth_cb with numerous members. In our case, we will only add two.
9.1 Define the callback function auth_passkey_display
Let’s define a function for the passkey_display event, which has the following signature
This will print the passkey needed for the central (your phone) to pair with the peripheral (the board).