1. STM32WB-WBA Encrypted Advertising
This feature - introduced in Bluetooth® 5.4 provides a standardized approach to the secure broadcasting of data in advertising packets.
It is possible to encrypt advertising data by encapsulating the normal advertising data within an Encrypted Advertising Data type (new AD type)
Because the encrypted advertising data nonce is changed whenever the private address is changed, the encrypted data before and after the change is also different.
This approach prevents the tracking of devices based solely on the private address and advertising data.
Only devices that have the key material can decrypt and authenticate messages and track the advertising device.
1.1. Principles
Encrypted Advertising Data (EAD) is a feature that adds the ability to encrypt advertising data.
Encrypted advertisement data can be received by any device but can only be decrypted and authenticated by devices that have previously shared the session key.
This feature allows encrypting the totality or just a sub-set of the payload on a given advertising packet by adding a new AD type called Encrypted Advertising Data (type 0x31) that encapsulates all the AD fields to be encrypted.
Encryption of "Encrypted Advertising Data" is based on an algorithm using the value of a new characteristic added to GAP service (or other service) and AES..(to complete)
The characteristic: Encrypted Data Key Material is readable and indicatable by a device authenticated and authorized.
The peer device, receiving advertising reports containing AD type "Encrypted Advertising Data" is able to decode encrypted data using the previously read Encrypted Data Key Material.
Encrypted Data Key Material characteristic (UUID: 0x2B88) contains a 24-octet value which is made up of:
*session key: 16 bytes *iv: 8 bytes
Bluetooth® Read Encrypted Data Key Material characteristic |
---|
Bluetooth® Encrypted Data Key Material characteristic Indication |
---|
1.2. Transmission of encrypted data
A new AD type called Encrypted Data is defined to be used as a container for the data produced by encrypting the sequence of one or more AD types that need to be secured.
In addition to the data payload, the Encrypted Data AD structure’s data field contains a 40-bit Randomizer field and a 32-bit Message Integrity Check (MIC).
Below an example of advertising payload which contains 1 AD type (Local Name) that has been encrypted and encapsulated within the Encrypted Data AD type and one AD type (Flags) which is included unencrypted.
Bluetooth® Encrypted Data AD type |
---|
1.3. Advertising data
At startup, Peer To Peer Server application starts Advertising.
Data advertised are composed as follows:
P2P Server Long Range Advertising packet | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
1.3.1. STM32WB
1.3.2. STM32WBA
Manufacturer data are encoded following STMicroelectronics BlueST SDK v2 as described below:
STMicroelectronics Manufacturer Advertising data | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
1.4. STM32WB EAD Central and Peripheral applications
Extended advertising is used to allow more data in adverting reports.
EAD Central acts as a Central device with the support of GATT Client Layer.
At reset, EAD Client application initialization:
- Starts scanning to detect EAD Server application by filtering the Firmware ID of the STMicroelectronics Manufacturer advertising data
- Stops Scanning once EAD server detected
- Push SW3: Connects to the EAD Server to establish the connection.
- Discovers GAP and GATT Services & Characteristics of the EAD server
- Enable all GATT server notification characteristics
- Starts pairing procedure
- Performs ATT MTU exchange procedure
- Reads "Encrypted Data Key Material" characteristic
- Push SW2: Sends disconnection request
- Push SW1: starts scanning. if Encrypted Advertising Data AD flag is present, decryption is requested
EAD Peripheral acts as a Peripheral device with the support of GATT Server Layer.
At reset, EAD Peripheral application starts one extended advertising set containing an encrypted field.
- After disconnection, peripheral restarts advertising.
Example of flow diagram between STM32WB EAD Server & EAD Client |
---|
1.5. STM32WBA EAD Central and Peripheral applications
Extended advertising is used to allow more data in adverting reports.
EAD Central acts as a Central device with the support of GATT Client Layer.
At reset, EAD Client application initialization:
- Push B1: Starts scanning to detect EAD Server application by filtering the Firmware ID of the STMicroelectronics Manufacturer advertising data
- Stops Scanning once EAD server is detected
- Push B3: Connects to the EAD Server (founded device) to establish the connection.
- Discovers GAP and GATT Services & Characteristics of the EAD server
- Enable all GATT server notification characteristics
- Performs ATT MTU exchange procedure
- Starts pairing procedure
- Reads "Encrypted Data Key Material" characteristic
- Push B2: Sends disconnection request
- Push B1: Starts scanning. if Encrypted Advertising Data AD flag is present, decryption is requested and successed.
EAD Peripheral acts as a Peripheral device with the support of GATT Server Layer.
At reset, EAD Peripheral application starts one extended advertising set containing an encrypted field which is not decrypted.
- After disconnection, peripheral restarts advertising.
Example of flow diagram between STM32WBA EAD Server & EAD Client |
---|
1.6. On-board buttons configuration
1.6.1. STM32WB
Button configuration for Bluetooth® Low Energy Long Range application on Nucleo-WBA55CG boards | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
1.6.2. STM32WBA
1.7. Collector applications compatibility
For STM32WB:
Both projects from STM32WB BLE_p2pServer_EAD_Ext and BLE_p2pClient_EAD_Ext are compatible.
...change name
For STM32WBA:
Both projects from STM32WB BLE_p2pServer_EAD_Ext and BLE_p2pClient_EAD_Ext are compatible.
...change name
1.8. Code example
A STM32WB EAD code example (peripheral and central) will be shared on STM32-Hotspot GitHub [1]
A STM32WBA EAD code example (peripheral and central) will be shared on STM32-Hotspot GitHub [2]