TI中文支持网我用的设备是CC2640,在调试一个ONCHIP的例程,OAD成功更新后,我发现了一个问题,那就是,OAD的复位服务,FFD1一直可以被外界访问,如果对方是恶意的,那么它可以强行让OAD回到待更新的状态……这样还有什么安全可言呢,有没有什么办法去阻止呢。刚开始接触板子没几天,啥都不知道,让大家见笑了。
Alvin Chen:
连接时的配对pairing
yue zhang:
回复 Alvin Chen:
感谢您的回答,那假如一些设备,比如智能灯或者鼠标,它并没有input和output的接口,那么只能使用just works来进行pairing,也就是说,任何人都可以和它进行pair,那么这种情况该怎么办呢?有没有什么安全的措施呢?
yue zhang:
回复 Alvin Chen:
感谢您的回复!思路1确实是个方法。针对于思路2,我好像还是没有彻底理解。比如,别人要攻击我的产品,直接就可以通过重置reset服务使得其回到待更新状态。不管新的Image加密也好不加密也好,攻击者甚至不需要Image都可以做攻击。
那最后一个问题,如果就单纯考虑这种情况,在默认justwork的时候,怎么能防止别人重置服务呢?
不胜感激!
Alvin Chen:
回复 yue zhang:
justwork 是无法干预的,
建议使用passcode 模式也是我们例程里面pairing的模式,
下面是一些加密方式,具体优缺点可以见于SIG标准的Core v5.
//Setup the Gap Bond Manager{//common GAPBondMgr paramsuint8_t pairMode = GAPBOND_PAIRING_MODE_INITIATE;uint8_t bonding = FALSE;GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);//initializtion for secure connections OOB #if (PAIRING == OOB_SC)uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY;GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); #if STATIC_KEYSGAPBondMgr_SetParameter(GAPBOND_ECC_KEYS, sizeof(gapBondEccKeys_t), &eccKeys);#endif//initialization for legacy OOB pairing#elif (PAIRING == OOB_LE)uint8_t scMode = GAPBOND_SECURE_CONNECTION_NONE;uint8_t oobEnabled = TRUE;GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);GAPBondMgr_SetParameter(GAPBOND_OOB_DATA, sizeof(uint8_t) * KEYLEN, oobRemoteData.oob);GAPBondMgr_SetParameter(GAPBOND_OOB_ENABLED, sizeof(uint8_t), &oobEnabled );//initialization for numeric comparison pairing (only possible with secure connections)#elif (PAIRING == NUMCOMP)uint8_t mitm = TRUE;uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_YES_NO;uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY;GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);//initialization for passcode entry pairing #elif (PAIRING == PASSCODE)uint8_t mitm = TRUE;uint8_t ioCap = GAPBOND_IO_CAP_KEYBOARD_ONLY;uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW;GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);//initialization for just works pairing #elif (PAIRING == JUSTWORKS)uint8_t mitm = FALSE;uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW;GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); #endif}
