Zamkatimu kubisa
1 silabs 21Q2 otetezedwa BLE chipangizo Security Lab
2 BLE Security Lab Manual
3 Kupitilira Zoyambira
4 Chidziwitso Chotetezedwa
5 Zowonjezera A - Maluso a I / O ndi Njira Zophatikizira Zowonjezera B - Njira Zachitetezo ndi Milingo
6 Zolemba / Zothandizira
6.1 Maumboni
7 Zolemba Zogwirizana

silabs 21Q2 otetezedwa BLE chipangizo Security Lab

BLE Security Lab Manual

Mu labu iyi, muwona momwe mungapangire chipangizo chotetezeka cha BLE. Tiyamba ndi kupitiliraview za momwe mungagwiritsire ntchito zina mwa stack ndikupita ku upangiri wamba wokhudza njira zolumikizirana zotetezeka kwambiri ndipo pomaliza tiwona momwe tingagwiritsire ntchito ziphaso za chipangizo pa BLE kuti tizindikire zotumphukira ngati zowona.

Kuyambapo

Bluetooth sampPulogalamu yomwe mumangapo idapangidwa kuti igwiritsidwe ntchito ndi bootloader. Ngati mukugwira ntchito ndi EFR32MG21B yatsopano, sikhala ndi bootloader. Mutha kupeza bootloader yomangidwa kale papulatifomu\bootloader\sample-apps\bootloader-storage-internalsingle\efr32mg21a010f1024im32-brd4181a chikwatu cha SDK yanu.

  1. Yambani ndi sampndi app. Izi sample app imagwiritsidwa ntchito ngati template ndipo imapanga poyambira bwino pa pulogalamu iliyonse ya BLE.
    1. Tsegulani Silicon Labs Project Wizard kuchokera ku Simplicity Studio File menyu -> watsopano.
    2. Sankhani BRD4181C ndikudina batani la 'lotsatira'.
    3. Dinani bokosi la 'Bluetooth (9)' pansi pa mtundu waukadaulo.
    4. Onetsani 'Bluetooth - SoC Empty' ndikudina lotsatira.
    5. Dinani batani la 'Malizani'.
  2. Tsopano mutha kuwonjezera zina kuti muwone momwe mawonekedwe otetezedwa ndi osatetezedwa amachitiridwa mosiyana.
    1. Tsegulani slcp ya polojekiti file podina kawiri pawindo la Project Explorer
    2. Onetsani tabu ya 'SOFTWARE COMPONENTS' ndikutsegula chida chosinthira GATT monga momwe zilili pansipa: Ndipo gwiritsani ntchito chida cholowetsa chomwe chawonetsedwa pansipa kuti mulowetse gatt_configuration.btconf file kuchokera ku chikwatu cha seva muzinthu zomwe zaperekedwa.Dongosolo la data la GATT lili ndi ntchito yokhazikika, yotchedwa 'Training', yokhala ndi data yomwe imatetezedwa pomwe ina yotetezedwa. Izi zimakuthandizani kuti mufananize zomwe zimachitika mukayesa kupeza mawonekedwe otetezedwa motsutsana ndi osatetezedwa. Iyi ndi njira yachangu yopangira chipangizo chokhala ndi chitetezo chofunikira kwambiri.
  3. Tigwiritsa ntchito doko la serial kusindikiza mpaka ku Siplicity Studio kuti tiwone zomwe zikuchitika mu pulogalamuyi. Njira yosavuta yopezera zigawozi ndikuzisaka mu bokosi la SOFTWARE COMPONENTS monga momwe zasonyezedwera:
      1. Ikani gawo la IO Stream UART
      2. Ikani gawo la IO Stream Retarget STDIO
      3. Ikani gawo la Standard I/O
      4. Ikani gawo la Log
      5. Tsegulani gawo la Board Control ndikuyatsa 'Yambitsani Virtual COM UART'
      6. Dinani kumanja adaputala mu gulu la 'Debug adapters' ndikusankha 'Launch Console'. Sankhani tabu ya 'Serial 1' ndikuyika cholozera m'gawo lolowera pawindo la console ndikudina Enter kuti mudzutse cholumikizira.
  4. Pangani chosinthika chapafupi mu sl_bt_on_event(), chopezeka mu app.c, kuti musunge chogwirizira. Kusinthaku kuyenera kukhala kosasunthika popeza ntchitoyi imatchedwa nthawi iliyonse chochitika chikwezedwa ndi stack ndipo tikufuna kuti mtengowo ukhale wokhazikika. Chogwirizira cholumikizira chidzagwiritsidwa ntchito mtsogologawo la labu.
  5. Ikani mawu a app_log() kuti zochitika ziziwoneka titalumikizidwa, njira zotetezera, ndi zina zambiri
      1. Phatikizani mutu wa app_log.h file
      2. sl_bt_evt_connection_opened - sindikizani chogwirira cha bond ndikusunga cholumikizira. Ngati chogwirira cha bondi ndi 0xFF, palibe mgwirizano pakati pa zida zolumikizidwa. Sinthani chowongolera chomwe chilipo kuti chiwoneke motere:
      3. sl_bt_evt_connection_parameters - chitetezo mode. Izi zachitika kuti muwone ngati njira yachitetezo ikusintha. Pali kusiyana mu chiwerengero cha njira zotetezera pamene njira yachitetezo 1, imawerengedwa ndi mtengo 0, ndi zina zotero. Onjezani chowongolera zochitika ku pulogalamu yanu:
      4. sl_bt_evt_connection_closed_id. Chowongolera chochitikachi chasinthidwa kuti chiwongolere chogwirizira. Mtengo wa 0xFF umagwiritsidwa ntchito kusonyeza kuti palibe kulumikizana komwe kumachitika. Lamulo la app_log() limagwiritsidwa ntchito kusindikiza chifukwa chake kulumikizana kutsekedwa, mndandanda wama code ali pano. Sinthani chowongolera chomwe chilipo kuti chiwoneke motere:
  6. Pangani ndi kuwunikira polojekitiyi. Panthawi imeneyi, tidzayendetsa sample app kuti muwone momwe zimakhalira popanda kusintha kulikonse, kuphatikiza nkhokwe ya GATT.
  7. Lumikizanani ndi pulogalamu yam'manja ya EFRConnect motere:
      1. Dinani chizindikiro cha 'Bluetooth Browser'.
      2. Dinani chizindikiro cha 'Connect' pa chipangizo chotchedwa 'Training'.
  8. Werengani mawonekedwe osatetezedwa motere:
      1. Dinani ulalo wa 'More Info' pansi pa ntchito yosadziwika ndi UUID a815944e-da1e-9d2a- 02e2-a8d15e2430a0.
      2. Werengani mawonekedwe osatetezedwa, UUID f9e91a44-ca91-4aba-1c33-fd43ca270b4c podina chizindikiro cha 'Werengani'. Palibe zodabwitsa apa. Popeza chikhalidwecho sichimatetezedwa mwanjira iliyonse, chidzatumizidwa mwachidule.
  9. Tsopano werengani mawonekedwe otetezedwa, UUID d4261dbb-dcd0-daab-ec95-deec088d532b. Foni yanu yam'manja iyenera kukulimbikitsani kuti mulumikizane ndikulumikizana, uthengawo ukhoza kusiyanasiyana kutengera foni yanu ya OS. Mukavomereza pempho loti muphatikize, muyenera kutumiza uthenga pa console motere: Zindikirani: Zowonjezera A zomwe zili kumapeto kwa bukhuli zili ndi chidule cha luso la I/O ndi njira zoyanjanitsa kuti zigwiritsidwe ntchito. Zowonjezera B zikufotokozera mwachidule mitundu yachitetezo cha Bluetooth.

Kukonzekera kwa Security Manager

Woyang'anira chitetezo ndi gawo la stack ya Bluetooth yomwe imatsimikizira zomwe zimagwiritsidwa ntchito. Zinthu izi zikuphatikizapo chitetezo cha munthu-pakati (MITM), LE Secure Connections (aka ECDH), chomwe chimafuna kutsimikiziridwa kwa mgwirizano, ndi zina zotero. Woyang'anira chitetezo amagwiritsanso ntchito mphamvu za I / O zomwe zimagwiritsidwa ntchito kuti adziwe njira yomwe imagwiritsidwa ntchito pawiri. /kugwirizanitsa (onani Zowonjezera A kuti mufotokoze mwachidule). Mu gawoli mudzawona khwekhwe losavuta.

  1. Konzani SM ndi kasinthidwe komwe mukufuna. Zida za labu iyi zimapangitsa kuti zikhale zosavuta kuwonetsa passkey pa console. Kulowetsa Passkey ndikofunikira kuti muteteze chitetezo cha MITM. Onjezani nambala yotsatirayi kwa sl_bt_system_boot_id chowongolera chochitika. Izi zimathandiza munthu-pakati ndikudziwitsa chipangizo chakutali kuti tili ndi mphamvu yowonetsera passkey, koma ndizo zonse.
  2. Kuti muwonetse passkey pa console, chothandizira chochitika chikufunika monga momwe zilili pansipa:
  3. Khazikitsani njira yolumikizirana, kuchuluka kwa ma bonding, ndi zina zambiri. Gwiritsani ntchito khodi ili kuti muyambe:Zokonda izi zitha kugwiritsidwa ntchito kuchepetsa kuthekera kwa woukira kuti azitha kulumikizana ndi chipangizo chanu. Ngati mankhwala anu akuyenera kukhala ndi wogwiritsa ntchito m'modzi, ndiye kuti mutha kuchepetsa zomangira zazikulu ku 1. Malo abwino owonjezera mafoniwa ali mu sl_bt_system_boot_id event handler. Sitingalole kuti ma bonding pakadali pano apangitse kuti labu yonse ipite bwino koma timakhazikitsa lamulo loti tilole chikole chimodzi chokha. Kuti muwone, zolemba za ma APIwa zimapezeka apa ndi apa.
  4. Onjezani zosamalira zochitika za sl_bt_evt_sm_bonded_id ndi sl_bt_evt_sm_bonding_failed_id. Kugwiritsiridwa ntchito kwakukulu kwa zochitikazi ndizodziwitsa panopa koma pambuyo pake mu labu mudzawonjezera magwiridwe antchito.
  5. Pangani ndi kung'anima ku bolodi yomwe mukufuna. Lumikizanani ndi EFRConnect ndikuwerenga mawonekedwe otetezedwa monga kale. Panthawiyi, mudzawona passkey ikuwonetsedwa pa console. Lowetsani chinsinsi ichi pa foni yanu yam'manja mukafunsidwa.
  6. Yesetsani kutsimikizira mgwirizano. Izi zimapereka mwayi kwa wogwiritsa ntchito kuti atsimikizire kuti zopempha zomangirira zitsimikizidwe. Kutero kumapereka chiwongolero cha pulogalamu pa zida za anzawo zomwe zimalumikizana nazo. Kuthekera kumodzi ndikofuna kuti wogwiritsa ntchito akanikize batani asanalole chomangiracho.
    1. Tsegulani zoikamo za Bluetooth mu foni yanu yam'manja ndikuchotsa cholumikizira ku chipangizo cha EFR32. Kukhazikitsa foni yam'manja kumasiyanasiyana kotero kuti izi sizingakhale zofunikira. Ngati simukuwona chipangizo cha 'Training' muzokonda zanu za Bluetooth, ingopitirirani ku sitepe yotsatira.
    2. M'zigawo za mapulogalamu, yikani chitsanzo chimodzi cha chothandizira batani losavuta.
    3. Phatikizanipo mutu file sl_simple_button_instances.h mu app.c
    4. Onjezani chothandizira pazochitika za sl_bt_evt_sm_bonding_confirm_id. Ntchito yayikulu ya chogwirizira chochitika ichi ndikudziwitsa wogwiritsa ntchito kuti chipangizo chakutali chikupempha chomangira chatsopano.
    5. Onjezani ntchito yoyimba foni kwa chothandizira mabatani osavuta kutumiza chizindikiro ku stack ya Bluetooth kuwonetsa kuti batani ladindidwa. Izi zimaposa kuyimba foni komwe kumangobweranso.
    6. Onjezani chothandizira chizindikiro chakunja. Chochitikachi chimakwezedwa poyankha kulandira chizindikiro, monga momwe tawonera kale. Chizindikiro chakunja chidzagwiritsidwa ntchito kutsimikizira kugwirizana.
    7. Sinthani kuyimba kuti sl_bt_sm_configure kufuna chitsimikiziro chomangirira monga
    8. Kumanganso ndi kung'anima.
    9. Lumikizanani ndi EFRConnect ndikuwerenga mawonekedwe otetezedwa monga kale. Tsopano muwona uthenga pa console motere:Dinani PB0 kuti mutsimikizire kugwirizana. Tsopano console iwonetsa chinsinsi kuti chilowetsedwe pa foni yam'manja kuti igwirizane. Lowetsani chiphaso kuti mumalize kulumikiza.

 

Langizo: Gwiritsani ntchito chikwama chokhazikika muzosamalira zochitika kuti musindikize uthenga pamene stack itumiza chochitika chomwe sichinasamalidwe. Okwana angakhale akuyesera kukuuzani chinthu chofunika kwambiri.

Kupitilira Zoyambira

Panthawiyi, mwatenga advantage zachitetezo zomwe stack yathu ikupereka. Tsopano tiyeni tiwongolere kachitidweko pogwiritsa ntchito mwanzeru zinthu zomwe tili nazo. Masitepe otsatirawa ndi osankha komanso osagwirizana, mutha kupanga ndikuwunikira pambuyo pa chilichonse kuti muwone zomwe zikuchitika kapena kuyesa zonse palimodzi.

  1. Lumikizani pamayesero olephera. Awa ndi malo abwino kuti muzindikire zowopseza. Ngati chipangizo chakutali sichigwirizana ndi kubisa / kutsimikizira kapena kungokhala ndi makiyi olondola, akhoza kukhala owononga. Choncho, tiyeni tiwononge kugwirizana. Yesani kuwonjezera foni ku sl_bt_connection_close() mu sl_bt_sm_bonding_failed_id chochitika. API yalembedwa apa.Mutha kuyesa izi polowetsa passkey yolakwika.
  2. Kungolola kugwirizana nthawi zina. Izi zimachepetsa nthawi yomwe wowukirayo amayenera kupanga cholumikizira ndikupangitsa kuti zitheke kugwiritsa ntchito mawonekedwe a 'ngolola ma bonded connections'. Wopanga amatha kusankha momwe angayambitsire kapena kuletsa njira yolumikizira. Pazifukwa zowonetsera apa, tidzatsegula 'mode yokhazikitsira' ndi PB1 ndikugwiritsa ntchito chowerengera kuti tiyimitse pakadutsa masekondi 30.
    1. Ikani chitsanzo chachiwiri cha mawonekedwe osavuta a batani. Izi zidzathandiza kugwiritsa ntchito PB1.
    2. Sinthani kuyimbanso kuti mutumize siginecha ina ku stack kuti mutsegule/kuletsa kulumikizana. Chotsatiracho chiyenera kuwoneka motere:
    3. Sinthani chowongolera chochitika chakunja kuti chigwire chizindikiro chatsopanochi. Chotsatiracho chiyenera kukhala chonchi:
    4. Onjezani chowongolera chochitika cha sl_bt_evt_system_soft_timer_id chochitika. Izi zitha kugwiritsidwa ntchito kuletsa khwekhwe mode.
    5. Nambala yotsatirayi ingagwiritsidwe ntchito kuti muzitha kulumikizidwa ndikulola maulumikizidwe onse kapena kuletsa njira yolumikizidwa ndikungolola kulumikizana kuchokera ku zida zomangika:
    6. Onjezani kuyimba kotsatira mu sl_bt_system_boot_id chowongolera zochitika
    7. Pangani polojekiti ndikuwunikira ku chipangizocho.
    8. Yesani kulumikiza ku chipangizochi ndi EFRConnect. Kulumikizana kuyenera kulephera.
    9. Tsopano yesani kukanikiza PB1 musanalumikizane ndi EFRConnect. Nthawi ino kulumikizana kudzakhala kopambana. Pambuyo pa masekondi a 30 muwona uthenga pa console wosonyeza kuti chipangizocho chikutuluka mu njira yokhazikitsira. Izi zikutanthauza kuti njira yolumikizirana ndiyoyimitsidwa.
  3. Wonjezerani chitetezo pakupanga kulumikizana. Popeza chitetezo ndichosasankha, tiyenera kupempha kulumikizana kwachinsinsi posachedwa m'malo modalira mawonekedwe a GATT. API yalembedwa apa. Malo abwino oti mutchule API iyi ali muzochitika za sl_bt_evt_connection_opened_id. Chogwirizira cholumikizira chilipo muzosiyana zolumikizira.

Chidziwitso Chotetezedwa

Tsopano popeza tili ndi chipangizo chotetezedwa cha Bluetooth, tiyeni tiwongolere gawo lotsimikizira. Mwawona kale momwe mungatsimikizire zotetezedwa za zida za vault ndi mzere wolamula m'ma laboratories am'mbuyomu. Mu gawoli, tiwona momwe chida chimodzi cha BLE chingatsimikize kuti chipangizo china cha BLE ndi ndani popempha satifiketi yake ndikutumiza zovuta. Magawo onse otetezedwa amakhala ndi satifiketi ya chipangizo chawo ndi satifiketi ya batch. Satifiketi ya fakitale ndi mizu ndi zolembedwa molimba mu pulogalamu yamakasitomala kuti zitsimikizire kutsimikizika kwa satifiketi yonse. Onani AN1268 kuti mumve zambiri zachitetezo chotetezedwa.

  1. Tanthauzirani chitetezo chapadziko lonse chosungira siginecha yotsimikizira za chipangizochi motere:
  2. Khazikitsani kasinthidwe ka woyang'anira chitetezo kuti mugwiritse ntchito pairing ya JustWorks. Izi zimachitidwa kuti kugwirizanako ndi encrypted. Pochita, chitetezo cha MITM chiyenera kugwiritsidwa ntchito koma kuti labu ikhale yosavuta, tidzagwiritsa ntchito JustWorks. Sinthani kuyimba kwa sl_bt_sm_configure kubwerera ku zotsatirazi:Komanso, perekani ndemanga ku setup_mode(zoona) mu system_boot event handler.
  3. Tsegulani helpers.c kuchokera pazomwe zaperekedwa ndikukopera zomwe zili mu app.c. Ntchito zoyimbanso izi zimagwira ntchito monga kugawa masatifiketi kuti athe kutumizidwa ku BLE, kutsimikizira unyolo wa satifiketi, ndikupanga / kutsimikizira zovuta.
  4. Ndikofunikira kudziwa kukula kwakukulu kosinthira (MTU) kuti ziphaso zitha kugawidwa ndikuphatikizidwanso. Tanthauzirani kusintha kwapadziko lonse kuti musunge MTU monga momwe zasonyezedwera apa:Kenako onjezani chochitika chosamalira kwa GATT MTU anasinthanitsa chochitika monga pansipa:
  5. Pali mawonekedwe atatu a data omwe angawerengedwe. Makhalidwewa amagwiritsidwa ntchito polumikizana ndi satifiketi ya chipangizocho, satifiketi ya batch ndi zovuta. Kuyimba foni kumagwiritsidwa ntchito poyankha zopempha zowerengedwa ndi ogwiritsa ntchito. Onjezani chogwirizira kuti muyitane ntchitoyi monga zikuwonekera pansipa:Kuyimbanso kumagwiritsa ntchito MTU kuchokera pagawo #2 kupita kugawo ndikutumiza ziphaso ngati pakufunika. Imagwiranso ntchito potumiza zovuta zomwe zasainidwa.
  6. Makasitomala amatumiza zovuta, nambala yachisawawa yosainidwa ndi seva, polemba chimodzi mwamakhalidwe a GATT. Pachifukwa ichi, pulogalamuyo iyenera kukhala ndi chothandizira kuti wogwiritsa ntchito alembe zomwe zili pansipa:
  7. Onjezani chithandizo chodziwika bwino files ku polojekiti:
    1. app_se_manager_macro.h, app_se_manager_secure_identity.c ndi app_se_secure_identity.h kuchokera kuzinthu zoperekedwa ku polojekiti. Izi files ali ndi ntchito zina monga kupeza kukula kwa satifiketi, kupeza kiyi yapagulu ndi kusaina zovuta.
    2. Phatikizani app_se_manager_secure_identity.h mu app.c.
  8. Lowetsani gatt_configuration-attest.btconf kuchokera kuzinthu zomwe zaperekedwa. Database iyi ya GATT imatchedwa chitetezo chotsimikizika chomwe chili ndi zinthu zinayi zomwe zigwiritsidwe ntchito kutsimikizira kuti chipangizo chathu ndi ndani. Izi zikuphatikiza satifiketi ya chipangizo, satifiketi ya batch, kutsutsa ndi mayankho.
  9. Makasitomala, omwe amagwiritsidwa ntchito kuyerekezera chipangizo monga chipata, amaperekedwa ngati pulojekiti yathunthu popeza ndizovuta kwambiri kumanga. Kawirikawiri, ntchito ya kasitomala ndi motere:
    1. Sikani zazida zotsatsa zachitetezo chachitetezo ndikulumikizana nazo.
    2. Imapeza ntchito za database ya GATT ndi mawonekedwe.
    3. Imawerenga ziphaso za chipangizocho ndi batch ndikutsimikizira mayendedwe a satifiketi pogwiritsa ntchito satifiketi ya fakitale ndi mizu yomwe yasunga mu flash.
    4. Imatumiza zovuta zachisawawa ku seva.
    5. Kuyesera kutsimikizira kuyankha kuzovuta.
    6. Imatseka kulumikizako ngati kutsimikizira kulikonse kwalephera.
  10. Pangani ndikuwunikira projekiti ya seva ku seva yanu WSTK / wailesiboard.
  11. Lowetsani pulojekiti yamakasitomala kuchokera pafoda yamakasitomala muzinthu zomwe zaperekedwa. Pangani ndikuwunikira projekiti ya kasitomala kwa kasitomala wanu WSTK/radioboard.
  12. Dinani Bwezerani pa kasitomala WSTK ndikutsegula cholumikizira chosalekeza. Makasitomala amayamba kuyang'ana zida zomwe zimatsatsa zidziwitso zathu zotetezeka ndipo amalumikizana akachipeza.
  13. Makasitomala awonetsa mauthenga ena osonyeza kuti wapeza seva ndi ntchito yomwe akufuna komanso mauthenga okhudzana ndi kutsimikizira kwa satifiketi.
  14. Ngati chitsimikiziro chidutsa, kasitomala apanga nambala yosasinthika, yotchedwa zovuta, ndikuitumiza ku seva. Seva idzasaina zovutazo ndi kiyi yake yachinsinsi yomwe ili ndi chitetezo ndikusayinanso kwa kasitomala, izi zimatchedwa kuyankha kwazovuta. Wogulayo ndiye amagwiritsa ntchito kiyi yapagulu mu satifiketi ya chipangizo yomwe idalandilidwa kale kuti atsimikizire siginecha yake. Izi zimachitika kuti zitsimikizire kuti seva ili ndi kiyi yachinsinsi yomwe imati ili nayo. Ngati vuto litsimikiziridwa molondola, uthenga umawonetsedwa; mwinamwake, kugwirizana kwatsekedwa, ndipo uthenga ukuwonetsedwa kufotokoza chifukwa chake.
  15. Tsopano tumizani satifiketi yolakwika kuti mutsimikizire kuti kutsimikizira kumagwiradi ntchito. Mutha kusintha user_read_request_cb() kuti asokoneze data ya satifiketi kapena kuyankha kotsutsa.

Zowonjezera A - Mphamvu za I / O ndi Njira Zogwirizanitsa
Zowonjezera B - Njira Zachitetezo ndi Milingo

Njira yachitetezo 1 ndiye njira yokhayo yothandizidwa ndi Bluetooth Low Energy mu stack ya Silicon Labs. Ma Level ndi awa:

  • Level 1 palibe chitetezo
  • Level 2 kulumikizana kosavomerezeka ndi kubisa
  • Level 3 yotsimikizika yolumikizana ndi encryption
  • Level 4 yotsimikizika yolumikizidwa yotetezedwa yokhala ndi encryption yolimba (ECDH key exchange)

 

Zolemba / Zothandizira

silabs 21Q2 otetezedwa BLE chipangizo Security Lab [pdf] Buku Logwiritsa Ntchito
21Q2 otetezedwa BLE chipangizo Security Lab, chitetezo BLE chipangizo Security Lab, Security Lab

Maumboni

Zolemba Zogwirizana

Siyani ndemanga

Imelo yanu sisindikizidwa. Minda yofunikira yalembedwa *