Bluetooth LE SDK introduces secure over-the-air updates

September 06, 2016 // By Jean-Pierre Joosting
The latest nRF5 SDK v12.0 from Nordic Semiconductor supports secure and signed over-the-air device firmware updates (OTA-DFU) to strengthen application updates from potentially damaging malicious device upgrade attacks by using secure signatures to authenticate that only updates coming from a verified and trusted source can be made on a given device.

In addition, the SDK now supports the Arduino development kit used with the Nordic nRF52832 SoC-based Arduino Primo base board, features a CMSIS configuration Wizard that allows graphical configuration in Keil, offers Bluetooth low energy Continuous Glucose Meter (CGM) profile support, and provides optimized Floating Point Unit execution.

In operation, a classic public/private key security structure is employed whereby public keys are distributed and private keys remain solely with the sending party, thus ensuring one-to-one security. Using ciphers to create keys in the Nordic nRF5 SDK v12.0 can be done in various ways and Leonard says the company invested great effort in allowing developers flexibility to create ciphers in whichever way they prefer.

This includes Nordic-authored examples using, for example, ECDH using the P256 curve to establish secure connections in Bluetooth® low energy. (Nordic has also reserved two dedicated 16-bit UUIDs with the Bluetooth SIG for use with signed and unsigned firmware.)

Nordic also supports secure DFU application development with a suite of cross-platform PC tools and additionally mobile tools for Android and iOS.

Furthermore, if a secure OTA-DFU is interrupted, a 'resume-from-failure' feature is said to allow updates to resume from the last know good point and complete instead of re-starting the entire upgrade process from scratch.