This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

新手,关于OAD复位的问题,有个安全问题想请教一下。

Other Parts Discussed in Thread: CC2640

我用的设备是CC2640,在调试一个ONCHIP的例程,OAD成功更新后,我发现了一个问题,那就是,OAD的复位服务,FFD1一直可以被外界访问,如果对方是恶意的,那么它可以强行让OAD回到待更新的状态……这样还有什么安全可言呢,有没有什么办法去阻止呢。刚开始接触板子没几天,啥都不知道,让大家见笑了。

  • 连接时的配对pairing
  • 感谢您的回答,那假如一些设备,比如智能灯或者鼠标,它并没有input和output的接口,那么只能使用just works来进行pairing,也就是说,任何人都可以和它进行pair,那么这种情况该怎么办呢?有没有什么安全的措施呢?

  • 1.首先没有input 和output也不一定是justwork,你可以和我们的例程一样设置为GAPBOND_IO_CAP_DISPLAY_ONLY,自己知道默认的key就可以。

    此外你说的你的智能灯和鼠标只是just work 配对我认为是不安全的。

    2.如果没有pair 也可以进行AES加密,加载到你的oad 传输以及你被升级的oad 解密,而这个AESkey为你预设的。

    AES_ECB_EncryptData(inputData, 16, AESkey);

    memcpy(encryptedData, inputData, 16);

    AES_ECB_DecryptData(inputData, 16, AESkey);

    memcpy(decryptedData, inputData, 16);

  • 感谢您的回复!思路1确实是个方法。针对于思路2,我好像还是没有彻底理解。比如,别人要攻击我的产品,直接就可以通过重置reset服务使得其回到待更新状态。不管新的Image加密也好不加密也好,攻击者甚至不需要Image都可以做攻击。
    那最后一个问题,如果就单纯考虑这种情况,在默认justwork的时候,怎么能防止别人重置服务呢?
    不胜感激!
  • justwork 是无法干预的,

    建议使用passcode 模式也是我们例程里面pairing的模式,

    下面是一些加密方式,具体优缺点可以见于SIG标准的Core v5.

      //Setup the Gap Bond Manager
      {
        //common GAPBondMgr params
        uint8_t pairMode = GAPBOND_PAIRING_MODE_INITIATE;
        uint8_t bonding = FALSE;    
        GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);
        GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);  
    
        //initializtion for secure connections OOB
    #if (PAIRING == OOB_SC)
        uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY;
        GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);
    #if STATIC_KEYS
        GAPBondMgr_SetParameter(GAPBOND_ECC_KEYS, sizeof(gapBondEccKeys_t), &eccKeys);     
    #endif    
        
        //initialization for legacy OOB pairing  
    #elif (PAIRING == OOB_LE) 
        uint8_t scMode = GAPBOND_SECURE_CONNECTION_NONE;
        uint8_t oobEnabled = TRUE;
        GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);
        GAPBondMgr_SetParameter(GAPBOND_OOB_DATA, sizeof(uint8_t) * KEYLEN, oobRemoteData.oob);
        GAPBondMgr_SetParameter(GAPBOND_OOB_ENABLED, sizeof(uint8_t), &oobEnabled );        
    
      //initialization for numeric comparison pairing (only possible with secure connections) 
    #elif (PAIRING == NUMCOMP)
        uint8_t mitm = TRUE;
        uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_YES_NO;
        uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY;
        GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
        GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
        GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);   
    
        //initialization for passcode entry pairing
    #elif (PAIRING == PASSCODE)
      uint8_t mitm = TRUE;
      uint8_t ioCap = GAPBOND_IO_CAP_KEYBOARD_ONLY;
      uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW;
      GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
      GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
      GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);
      
      //initialization for just works pairing
    #elif (PAIRING == JUSTWORKS)
      uint8_t mitm = FALSE;
      uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW;
      GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
      GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode);
    #endif     
      }