Bluetooth low energy device secure authorization - encryption

I am trying to find solution for secure authorization to my own bluetooth device. Multiple users can connect to that device via Bluetooth Low Energy from their smartphones, but that device is not connected to the Internet. It has no database, low memory and not every user should be able to connect and manage my device (one user can be connected at the same time). How can I authorize user secure? I would to like to avoid storing single plain password in device, but right now I have not any other idea.

Related

Share Bluetooth connection between device

With WiFi you can control which device can connect to your WiFi device by managing which devices know the SSID+wpa2 couple. Is it possible to do the same thing in bluetooth?
In other words, I want to be able to do with Bluetooth what I do in WiFi by connecting two devices with a default SSID+wpa2, once the connection is established, automatically generate new SSID+wpa2 and share this couple to control which others devices can connect.

Possible to make Wifi and 3G dongle network working together?

Hello.
I have recently been trying to mount a home automation station on a raspberry.
I need to communicate with the station via SMS. To do this, I order a 3G dongle (UMTS / GSM / 3G / 4G etc ...) operating on the country's network (verified frequencies). I connect to the network via wifi. But when connecting the 3G dongle, here I am blocked on access to Wifi.
My first question is therefore: is this normal?
And my second is: is it possible to make both work in parallel?
Thx all
It depends on the exact use case or requirement and type of device in hand.
In general, the device will choose/use the wireless connection with better connectivity strength as per its design/specification and also it depends on the support at device.
In case you have the option of WiFi Hotspot tethering enabled, it is possible that most of the devices nowadays allow you to use 3G for the internet communication and at the same time, it allows WiFi hotspot sharing with the help of WiFi from your device.
Also, few devices have support for file sharing between device to device whereby they provide support for wifi direct and wifi sharing while 3G connectivity with internet is still fine. Few devices from Samsung, support an application called "Download Booster" that allows your device to download files using WiFi connection and a mobile data connection simultaneously.
Few devices from Apple starting iOS 7 introduced Multipath TCP enables users to have their streaming music to never get interrupted while on high mobility or in trains and other vehicles with changing connectivity whereby no manual switch from between WiFi and Cellular is required in which case, the device shall stay connected over both cellular and WiFi simultaneously and whenever the WiFi connection fails, the cellular connection shall continue with streaming operation without any interruption.
There is also a app called 'Speedify' in android that uses channel bonding technology to combine multiple Internet connections together for increased throughput & redundancy and thereby it can merge WiFi and Cellular connection simultaneously. Here, a Speedify client software is used to establish a connection to a Speed Server in cloud that acts as a middleman between you and the rest of the internet. The Speedify client software then works together with Speed Server to distribute your internet traffic and deliver the combined speed of all available internet connections.

Implement notification in BLE

How do I implement notification in BLE?
I have a smartphone, and every hour it will send notification to all nearby BLE devices (smartwatch, RFduino, etc) for time synchronization purpose.
Other devices are server now (since it provides data), and smartphone is the client that collect the data.
Could I piggyback into the advertisement packages? For example, the smartphone always broadcast an advertisement packet to annoucement its presence (that's how other devices can find it). Can I modify that packet to be a time sync?
In order to send notifications or advertisements, your smartphone has to act as a server, which also means that in order to be able to receive notifications or scan for advertisements, your peripheral devices must act as clients.
This can be a bit tricky, because if two devices act as client and server, they may not simultaneously fulfil the other role. You need to switch roles whenever needed, which is an open field for all kinds of problems.
Also, I am not convinced that it is really the optimal choice to let the smartphone regularly notify all devices in the vicinity. Each of the devices that wants to receive the notification has to be connected with the device in order to receive the notification, and this connection has to be already active when the notification is sent in order to really get the correct time. So all these devices need to connect in advance to the expected notification time, and hold up the connection until the notification has come.
It might be better to just advertise the current time, but remember that you can't connect to the smartphone as a server while it is advertising, because the link layer may not be in scanning and advertising mode at the same time, and you may also not be connected when advertising for a similar reason.
If you want to do it that way, you can include the time information in the advertising data. See the Supplement to the Bluetooth Core Specification v6, Part A for further information on the structure of the advertising data. You could put it in the manufacturer specific data.
However, another option would be to write the time directly to the device using a write request. You can define your own service and characteristics. You can include a "time synch necessary" information in the advertisement data of the servers, and when the smartphone evaluates the advertisement, it can connect to the corresponding device and send the time directly.
The advantage of this procedure is that time is only updated if you really need it on the device, and that you do not have to switch client/server roles, because the device in server role may advertise as normal, and the smartphone can always stay in client role.

Sony SmartWatch 2 communication with Host Application on phone

As i know host application for Sony products are responsable for communication between phone and accessory.
But, in bluetooth data transfer from phone to watch what is specially transferred?
For examle, My Extension data as a object array and layout which will be displayed passed to watch? Or all rendered 176x220px UI block is send from phone to watch.
In this transfer is there any security issues to be considered?
Thanks.
Everything is passed to the watch from the host application, so it would be the complete 176x220 bitmap.
As far as security, Bluetooth data is encrypted in BT v2.1+ plus the user still has to pair the device and confirm a pairing code as with all BT devices. So it's not any less secure than any other Bluetooth device on the market in that respect.

Transmit or Simulate SMS-CB (Short Messaging Service-Cell Broadcast)

Can a cell phone transmit SMS-CB (Short Messaging Service-Cell Broadcast) ?
If not, Can I get a device that can transmit SMS-CB messages ?
Else, Is there a good simulator that can simulate SMS-CB transmission and receiving mobile phones ?
Thank You
NOTE: Cell Broadcast (SMS-CB) is designed for simultaneous delivery of messages to multiple users in a specified area. For example, information such as Location, Tower name, Ads or Emergency messages can be transmitted.
Technically, the SMS-CB messages originate at a device called "Cell Broadcast Centre (CBC)", which is part of the network operators equipment. It sends the SMS-CB through the Base Station Controller (BSC). This cannot be done over the air, it is something which happens inside the mobile operators network. It would probably be too much to explain all GSM/3G/UMTS network components here, you might want to read up on mobile network architecture.
So the simple answer is no, a handset (mobile phone) cannot directly send SMS-CB messages.
Now the question is, how to tell the CBC to send an SMS-CB to some network cells. There exist some standardized interfaces for that, which are used for emergency alerting, e.g. the Commercial Mobile Alert System (CMAS) in the US. If these interfaces are designed sensibly, they cannot be abused by just about anyone using a mobile handset. But I would not be surprised if there were security gaps in some operator's networks which would allow unauthorized parties to send SMS-CB, e.g. via insecure Internet/SS7 gateways. But that is wild speculation. Normally, it should not be possible to send unauthorized SMS-CB from outside of the operator's network.

Resources