The Out of Band (OOB) association model is primarily designed for scenarios where an Out of Band mechanism is used to both discover the devices as well as to exchange or transfer cryptographic numbers used in the pairing process. In order to be effective from a security point of view, the Out of Band channel should provide different properties in terms of security compared to the Bluetooth radio channel. The Out of Band channel should be resistant to MITM attacks. If it is not, security may be compromised during authentication. The user's experience differs a bit depending on the Out of Band mechanism. As an example, with a Near Field Communication (NFC) solution, the user(s) will initially touch the two devices together, and is given the option to pair the first device with the other device. If "yes" is entered, the pairing is successful. This is a single touch experience where the exchanged information is used in both devices. The information exchanged includes discovery information (such as the Bluetooth Device Address) as well as cryptographic information. One of the devices will use a Bluetooth Device Address to establish a connection with the other device. The rest of the exchanged information is used during authentication. The OOB mechanism may be implemented as either read only or read/write. If one side is read only, a one-way authentication is performed. If both sides are read/write, a two-way authentication is performed. The OOB protocol is selected only when the pairing process has been activated by previous OOB exchange of information and one (or both) of the device(s) gives OOB as the IO capabilities. The protocol uses the information which has been exchanged and simply asks the user to confirm connection. The OOB association model supports any OOB mechanism where cryptographic information and the Bluetooth Device Address can be exchanged. The OOB association model does not support a solution where the user has activated a Bluetooth connection and would like to use OOB for authentication only.
SDK – Simplicity Studio v4 and Bluetooth Smart SDK v2.0.1
Kits – BGM111v2
Baud rate: 115200
Data bits: 8
Stop bit: 1
Flow control: False
The example contains 2 projects, OOB-Central and OOB-Peripheral, which implement both central and peripheral devices to connect to each other to demonstrate the OOB security feature. This example also demonstrates the connection process of each role, periodical notifying (Server to Client), periodical write (Client to Server). This example uses UART as the OOB protocol, the OOB data which is generated randomly and automatically when boot or disconnect will be exchanged by UART.
The ‘Write Char’ has the property ‘authenticated_write’, which means writing the characteristic requires authentication. If the bonding process fails, this characteristic can’t be written.
The ‘Notification Char’ is used to demonstrate notifying.
There are 2 symbols in the example.
BGM111 #1(Central) ----- Serial terminal program #3(COM4 of the pictures)
BGM111 #2(Peripheral) ----- Serial terminal program #4(COM66 of the pictures)
Serial Terminal #3 Output(Central)
Serial Terminal #4 Output(Peripheral)
The example code is attached.