Internet of Things Asked by AshUK on August 23, 2021
This is yet another provisioning BLE/Wifi question.
We are looking to secure the initial communication between our mobile application and smart device (esp32, ble and wifi). We want to make this as seamless as possible and also accessible to users with potential sight loss. Out of the box the ESP-IDF supports Blufi and Unified Provisioning (ble prov). Which is great as this keeps the ssid and password encrypted when configured correctly. To prevent MITM attacks you can also optionally pass a proof of possession key. However this would require the user to read a code from a sticker or alternatively scan a QR code. I understand why this is required. However I have also seen on products such as a googles chrome cast and the amazon echo. Whereby provisioning is just a single touch.
Looking at the current BLE mechanisms I don’t see a perfect solution
My question is how are amazon/google able to achieve this without the inconvenience of QR codes and passkeys and if they are accepting the MITM risk what techniques can be used to reduce this risk ?
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP