St St25dv-i2c User manual

Introduction

This document shows how to run the ST25DV-I2C out-of-band pairing demonstration, using NFC to improve the security of

Bluetooth® Low Energy (BLE) connections.

The ST25DV-I2C is a dynamic NFC Tag IC able to communicate with NFC readers and smartphones, and also with a

microcontroller through an I2C interface.

One of the most vulnerable phase is the one where the two Bluetooth® devices exchange keys and agree on the encryption key

to use. This information is exchanged over the air so it is vulnerable to man-in-the-middle (MITM) attacks.

NFC provides a side communication channel with the advantage of being very short distance (a few centimetres) so the hackers

cannot intercept this communication. The information, exchanged through NFC, is used to authenticate the cryptographic keys

exchanged by the two Bluetooth® devices. Hence, the data transfer is safe.

The following packages are available on www.st.com for this demonstration:

• STSW-ST25DV004 firmware

• STSW-ST25005 Android™ application

ST25DV-I2C out-of-band pairing demonstration

UM2710

User manual

UM2710 - Rev 1 - April 2020

For further information contact your local STMicroelectronics sales office.

www.st.com

1General information

The application described in this document runs on to STM32WB55 Arm®-based devices.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

1.1 Purpose and scope

The ST25DV-I2C out-of-band pairing demonstration runs on the MB1355C board plus a X-NUCLEO-NFC04A1

shield, featuring a ST25DV-I2C tag connected to an STM32WB55 device through the I2C bus.

The pairing with a Bluetooth® device is greatly facilitated by the use of NFC. Instead of selecting a Bluetooth®

device in a list, the user can tap the NFC Tag. The Bluetooth® connection is automatically set up, avoiding the risk

of selecting the wrong device in the list. This is the Bluetooth® handover over NFC.

NFC can be seen as a side communication channel between the Bluetooth® device and the Android™ phone.

This extra communication channel is used to exchange some data, called out-of-band data, used during the

Bluetooth® pairing.

These data contain a random number and a commitment value used to check the validity of the "Public Key"

received during the "Public Key exchange" phase, preventing a MITM attack.

Figure 1. Out-of-band BLE pairing

MS53551V1

BLE device

1.2 Glossary and acronyms

Table 1. Glossary and acronyms

Glossary/Acronyms Meaning

NFC Near field communication

BLE Bluetooth® Low Energy

ECDH Elliptic curve Diffie-Hellman

MITM attack Man-in-the-middle attack

NDEF NFC Data Exhange format

OOB pairing Out-of-band pairing

UM2710

General information

UM2710 - Rev 1 page 2/16

1.3 Hardware equipment

The following hardware is needed for this demonstration:

• MB1355C board plus X-NUCLEO-NFC04A1 shield

• An Android™ smartphone with at least the version 7.0 (Android™ Nougat)

Figure 2. MB1355C board

UM2710

Hardware equipment

UM2710 - Rev 1 page 3/16

Figure 3. X-NUCLEO-NFC04A1 board

1.4 Installation

This package includes the firmware for the MB1355C board and the Android™ executable (APK) to be used on

Android™ smartphones.

1.4.1 MB1355C board installation

To program the MB1355C board, perform following steps:

1. Install the ST-LINK USB driver, available on www.st.com

2. Connect the MB1355C board to a PC with the ST-Link USB-micro

3. The MB1355C board icon appears in the computer directory

4. Drag-and-drop the firmware to the MB1355C board icon

5. Restart the MB1355C board

UM2710

Installation

UM2710 - Rev 1 page 4/16

1.4.2 Android™ APK application installation

This application is not available on Google Play™ store so it must be installed manually. By default, Android™

prevents the installation of programs not coming from Google Play™ so go through the following steps:

1. Navigate to setting → Security.

2. Check the option "Unknown sources".

3. Tap “OK” on the prompt message.

4. Select "Trust".

5. Connect the Android™ phone to a PC with an USB cable and copy the APK to the phone’s internal memory.

6. With a file explorer, browse the memory of the phone and go to the folder where the APK is copied. Click on

the file to install it.

Note: Depending upon the Android™ version and the phone model, the wording may vary.

Note: If there is no file explorer, the program "File commander" is available for free on Google Play™.

1.5 License scheme

The Android™ application and the associated firmware are provided under the SLA0052 software license

agreement, available on www.st.com.

The software components provided in this package come with different license schemes, as shown in Table 2.

Table 2. License scheme

Component Copyright License

Application projects

STMicroelectronics

SLA0052

LibNDEF

Board support package (BSP)

BSD 3-Clause

STM32WB HAL/LL APIs

STM32WB Bluetooth® HCI

SLA0044

STM32WB Bluetooth® stack

STM32WB Bluetooth® profiles and

services

STM32WB Bluetooth®/Thread

concurrent stack

Cortex®-M CMSIS v4.5.0 Arm®BSD 3-Clause

UM2710

License scheme

UM2710 - Rev 1 page 5/16

2ST25DV-I2C "OobDemo" application screens

Figure 4. Home screen

Launch the application “ST25OobDemo” and tap the NFC Tag

of the X-NUCLEO-NFC04A1 board.

UM2710

ST25DV-I2C "OobDemo" application screens

UM2710 - Rev 1 page 6/16

Figure 5. Give confirmation

A pop-up requests confirmation to do a Bluetooth® pairing

with this device.

UM2710

ST25DV-I2C "OobDemo" application screens

UM2710 - Rev 1 page 7/16

Figure 6. Setup launching

If user clicks ‘Yes’, the BLE connection is installed. The

smartphone then starts receiving some fictive heart rate data

from the Bluetooth® device and starts displaying them as a

graph.

Click on the "DISCONNECT" button to stop the connection

with this device (otherwise, the device remains connected).

UM2710

ST25DV-I2C "OobDemo" application screens

UM2710 - Rev 1 page 8/16

3Technical information

The NFC Tag contains an NDEF record with Bluetooth® handover information and OOB data:

• Record type name : “application/vnd.bluetooth.le.oob"

• Bluetooth® device name: e. g. « ST25OOB »

• Bluetooth® device address: e. g. 80:e1:26:00:6A:a8

• LE secure connections "Random Value" (16 bytes)

• LE Secure connections "Confirmation Value" (16 bytes)

The last two fields are optional and correspond to the OOB data.

When taping the NFC Tag, this NDEF message is read natively by the NFC service of the Android™ phone. A

pop-up is displayed to ask the user to confirm if it really wants to do a pairing with this Bluetooth® device. The

Bluetooth® pairing starts if the user clicks "Yes".

If the OOB data are present, it is used during the pairing process.

The Android™ application uses a "Broadcast Receiver" to be notified when a Bluetooth® connection is done. This

"Broadcast Receiver" checks if the connected Bluetooth® device has the expected device name. If this is the

case, the application starts displaying the data received.

Note: In this demonstration, the user is not authenticated. In a real product, the device checks if the user has the

permission to read the data. This is out of the scope of this demonstration, which shows how the NFC facilitates

the pairing with a Bluetooth® device.

3.1 Secure simple pairing

The used pairing method is called “Secure simple pairing” (refer to §7 of [1]), performed in five steps:

1. Public key exchange: The devices exchange their public keys and compute a shared secret information

thanks to Diffie-Hellman protocol.

2. Authentication Stage 1

The OOB protocol is used during this phase. The smartphone uses the random value and the commitment

value received from the Bluetooth® device. The protocol checks if the "Public Key" received during the "Key

Exchange" phase is really the one of the device. If a hacker has substituted the "Public Key" during the

phase 1, the verification of the commitment value fails. This is the protection against MITM attack.

Note: The NDEF data contained in the tag must be protected in write so that the data cannot be modified through the

RF interface and cannot be manipulated.

3. Authentication Stage 2

This stage confirms that both devices have successfully completed the exchange.

4. "Link Key" calculation

Calculation of the "Link Key".

5. LMP Authentication and Encryption

The final phase in simple pairing consists in authentication and generation of the encryption key.

UM2710

Technical information

UM2710 - Rev 1 page 9/16

4Known issues

The current implementation has some issues, detailed in the table below. The following tickets have been opened

on Android™ "Bug Tracker".

Table 3. Issues description

Ticket number Short description

142410444

OOB pairing does not work if user puts only the “Heart Rate”

profile. As a workaround, user must add also an “HID

profile“ (handled natively by Android™)

143335473 After Bluetooth® handover through NFC, the NFC of the

phone cannot be used for about 15 seconds.

143939066

If Bluetooth® is not enabled on the phone when user taps the

NFC Tag containing Bluetooth® handover the NFC service

automatically starts the Bluetooth® but it is running in a

special mode called “Quiet mode”, which has a bug.

As a workaround, the Bluetooth® is enabled by default when

the application starts.

UM2710

Known issues

UM2710 - Rev 1 page 10/16

Other manuals for ST25DV-I2C

Table of contents

Other ST Microcontroller manuals

ST STM32F103 series Installation and operating instructions

ST PSD4256G6V User manual

ST STM32C0 Series Installation and operating instructions

ST STM32F401 Discovery User manual

ST STM32F103 series Installation and operating instructions

ST STM32F072 User manual

ST STM32F746NGH6 User manual

ST STM32U575I-EV User manual

ST STM32F030 User manual

ST STM32F40 Series User manual

ST STM32W-SK User manual

ST STM32F2 Series User manual

ST SPC574S-DISP Sphaero Discovery+ User manual

ST STM32H745I-DISCO User manual

ST STM32 Nucleo User manual

ST STM32L4 5 Series User manual

ST iNEMO STEVAL-MKI062V2 Series User manual

ST STM32F0 Series Installation and operating instructions

ST STM32F20 Series Installation and operating instructions

ST UM2140 User manual

ST ST10 Series Owner's manual

ST AN3155 Installation and operating instructions

ST UM2334 User manual

ST STM8AF Series User manual

Popular Microcontroller manuals by other brands

Novatek

Novatek NT6861 manual

Espressif Systems

Espressif Systems ESP8266 SDK AT Instruction Set

Nuvoton

Nuvoton ISD61S00 ChipCorder Design guide

STMicrolectronics

STMicrolectronics ST7 Assembler Linker user manual

Texas Instruments

Texas Instruments Chipcon CC2420DK user manual

Lantronix

Lantronix Intrinsyc Open-Q 865XR SOM user guide

NEC

NEC 78GK0S/K 1+ Series Application note

Mikroe

Mikroe SEMITECH N-PLC Click Application note

Intel

Intel Agilex user guide

Cypress

Cypress CY4607 HX2VL quick start guide

DIGITAL-LOGIC

DIGITAL-LOGIC MICROSPACE manual

Texas Instruments

Texas Instruments TMS320F2837 D Series Workshop Guide and Lab Manual

CYPRES

CYPRES CY14NVSRAMKIT-001 user guide

Espressif Systems

Espressif Systems ESP8266EX Programming guide

Abov

Abov AC33M8128L user manual

Laird

Laird BL654PA user guide

Silicon Laboratories

Silicon Laboratories C8051F800 user guide

Energy micro

Energy micro EFM32 Giant Gecko Starter Kit user manual

ST ST25DV-I2C User manual

Popular Microcontroller manuals by other brands