Experimental: LE Secure Connections Multirole Example

This example requires one of the following SoftDevices: S132, S140

Important: Before you run this example, make sure to program the SoftDevice.

The BLE LE Secure Connections Multirole Example demonstrates how to use LE Secure Connections (LESC) to enforce GAP Security Mode 1, Level 4. This security mode requires pairing or bonding using LESC with man-in-the-middle (MITM) protection. The application includes the Peer Manager module, which supports LESC in both the Central and the Peripheral role.

The application can act either as a Peripheral or as a Central, depending on how the connection is set up. The application both advertises and scans at startup and after disconnection, and the role that is established first is selected for the next connection.

If you want the application to act as a Peripheral, connect to it from nRF Connect or from another board that runs the same application. If you want the application to act as a Central, provide a Peripheral that is advertising with the Heart Rate Service UUID in its advertising data. The Peripheral can either be nRF Connect or another board that runs the same application.

The application includes the Heart Rate Service both as a server and as a client:

• Heart Rate Service
• Heart Rate Service Client

Security for the Client Characteristic Configuration Descriptor (CCCD) in the Heart Rate Measurement characteristic is set at Security Mode 1 Level 4, which requires LESC with MITM. This means that whenever the collector tries to enable notifications, it must first secure the connection.

This example demonstrates the use of Low Energy Secure Connections (LESC). The default cryptographic backend used for LESC is CC310 (when run on nRF52840) or Oberon (for other SoCs). To use micro-ecc instead, follow the steps in Enabling micro-ecc support in selected examples.

Note

This application is not power optimized!

You can find the source code and the project file of the example in the following folder: <InstallFolder>\examples\ble_central_and_peripheral\experimental\ble_app_multirole_lesc

LED assignments:

• LED 1: ON if the Central side is scanning.
• LED 2: ON if the Central side is connected to a Peripheral.
• LED 3: ON if the Peripheral side is advertising.
• LED 4: ON if the Peripheral side is connected to a Central.

Testing

You can test the application in two different ways:

1. Test with one board and nRF Connect. This test setup requires:
   • 1 application board: nRF5 Development Kit board containing the SoftDevice and the example application.
   • nRF Connect: nRF Connect running either on a computer or on a smart device (smartphone or tablet) with an operating system that supports LE Secure Connections. For example, iOS supports LESC from version 8.2.
2. Test with two boards. This test setup requires:
   • 2 application boards: nRF5 Development Kit boards containing the SoftDevice and the example application.

Test the BLE LESC Multirole Example application by performing the following steps:

1. If you are using the software backend of the Cryptography library - nrf_crypto, ensure that you have installed and enabled the micro-ecc library.
2. Compile the application and program both the SoftDevice and the application on the application board (or boards, depending on your test setup).
3. Start a terminal emulator like PuTTY and connect to the used COM port with the following UART settings:
   • Baud rate: 115.200
   • 8 data bits
   • 1 stop bit
   • No parity
   • HW flow control: None
4. On the board or boards, observe that LEDs 1 and 3 are on. This indicates that both the Central and the Peripheral side of the application are looking for peers.
5. Test the connection, depending on your test setup.
   • If you are testing with one board and nRF Connect:
     1. Open nRF Connect and bond to the device (the device is advertising as 'NordicLESCApp'). To bond, click the settings button for the server in nRF Connect, select "Security parameters", check "Enable LE Secure Connection pairing", "Enable MITM protection", and "Perform Bonding". Click "Apply", then connect to the device.
     2. When connected, a secure bond must be established. To bond, click the settings button for the device in nRF Connect, select "Pair", make sure "Perform Bonding" is checked, and click "Pair". A numerical comparison will appear. Verify that the passkey in nRF Connect and the passkey logged on UART are identical. Click "Match" in nRF Connect to confirm, and press Button 1 on the device to confirm.
     3. Observe that bonding is established and the device logs the BLE_GAP_EVT_AUTH_STATUS event with lv4 set to 1.
     4. You can now enable notifications on the HR Service.
   • If you are testing with two boards:
     1. Observe that one of the boards connects to the other and the bonding security procedure takes place.