|
Coming soon |
1. Security concerns with Bluetooth® Low Energy
Bluetooth® Low Energy devices are constantly advertising.
Their advertisement data may contain information related to the device: type, manufacturer, capabilities and advertising address.
This address is a unique identifier, represented by the 6-bytes MAC address.
A static MAC address associated with signal strength of the advertisement may result in the location of the device.
| Bluetooth® Low Energy devices tracking |
|---|
 |
Bluetooth® Low Energy specification provides a way to randomize and change periodically the MAC address in advertising packets.
This is allowed by the feature Bluetooth® Low Energy privacy.
| Bluetooth® Low Energy tracking protection using Random Private Address |
|---|
 |
2. STM32WB-WBA - Bluetooth® Low Energy Privacy
The STM32WB-WBA - Bluetooth® Low Energy privacy feature reduces the ability to track a device over a period of time by changing the device address on a frequent basis.
The address of a device using privacy mode is either Resolvable Private Address (RPA) or Non-Resolvable Private Address (NRPA).
Resolvable Private Address (RPA) can be resolved using the Identity Resolving Key (IRK) which is one of the encryption key exchanged during the pairing process.
The local device will add the remote devices in one Resolving list (to maintain remote device identity addresses) along with that IRKs and enables the Resolution, sets privacy mode and connects to the remote device with remote identity address.
3. STM32WB-WBA - Bluetooth® Low Energy Addresses and Privacy
Bluetooth® Low Energy devices have an identity address associated with each device.
A Bluetooth® Low Energy address is a 48-bit value that uniquely identifies a Bluetooth® Low Energy device.
There are two main types of Bluetooth® Low Energy addresses: public and random addresses.
| Bluetooth® Low Energy Address types |
|---|
 |
The four Bluetooth address types are:
- Public Address
- Random Static Address
- Random Private Resolvable Address
- Random Private Non-Resolvable Address
Random Address and Private Address, as shown in the diagram, are simply classifications.
3.1. Public Address
Bluetooth’s public address is a constant worldwide address, i.e., it never changes and is registered with IEEE. The public device address must conform with the IEEE 802-2001 standard, using a valid organization unique identifier (OUI) obtained from the IEEE registration authority. It abides by the same guidelines as MAC Addresses and is an extended unique identifier EUI-48. The following diagram represents the simplified format of a Public Bluetooth® Low Energy Address.
| Bluetooth® LE Public Address | ||||
|---|---|---|---|---|
|
- Company ID: the publicly assigned portion of the address by the IEEE (MSB)
- Company Assigned: the internally assigned ID as part of the allocated block (LSB)
3.2. Random Address
Random addresses do not require registration with the IEEE.
A Random address is an identifier that is either:
- programmed into the device or
- generated at runtime (depending on the subtype).
The two subtypes of Random addresses are:
- Random Static Address
- Random Private Address
3.2.1. Random Static Address
This specific type of Bluetooth address serves as a popular alternative to Public addresses since there are no fees involved with using it.
Random Static Addresses can be used in one of two ways:
- It can be assigned and fixed for the lifetime of the device
- It can be changed at bootup
However, it cannot be changed during runtime.
The format of Random Static Addresses looks like this:
| Bluetooth® Low Energy Random Static Address |
|---|
 |
- Bits 1 and 1 are fixed in the most significant bits (MSB)
- The remaining 46 bits are chosen randomly by the developer/manufacturer
There are two types of Random Private addresses:
resolvable and non-resolvable. Random Private addresses are used specifically for protecting the privacy of a Bluetooth device, to hide the identity, and to prevent tracking of the device.
3.2.2. Resolvable Random Private Address
The purpose of a Resolvable Random Private Address is to prevent malicious third-parties from tracking a Bluetooth device while still allowing one or more trusted parties from identifying the Bluetooth device of interest.
A Resolvable Random Private address is “'resolvable”' using a key shared with a trusted device.
This key is referred to as the IRK (Identity Resolving Key).
The address is originally generated using this IRK and a random number.
So, what makes a device “trusted” by another device?
In this case, a trusted device is a bonded device. Bonding is the optional step that takes place after the pairing of two Bluetooth® LE devices.
The Bonding process involves the storage of keys by each of the devices that are bonded with each other.
One of the keys exchanged by the two bonded Bluetooth® LE devices is the IRK of each device involved.
This type of address changes periodically. The recommendation per the Bluetooth specification is to have it change every 15 minutes.
The format of Resolvable Private Addresses looks like this:
| Bluetooth® Low Energy Resolvable Private Address |
|---|
 |
- 0 and 1 are fixed in the most significant bits (MSB)
- The next 22 bits are randomly generated
- The prand constitutes of these most significant 24 bits
- The lower 24 bits represent a hash value which is generated using the prand and the IRK
3.2.3. Non-Resolvable Random Private Address
The other type of Random Private Address is the Non-Resolvable Random Private Address.
This type of address also changes periodically. However, unlike resolvable addresses, it is not resolvable by any other device.
The only purpose of this type of address is to prevent tracking by any other Bluetooth® LE device.
This type is not very common but is sometimes used in beacon applications.
The format of Non-Resolvable Random Private Addresses is as follows:
| Bluetooth® Low Energy Non Resolvable Private Address |
|---|
 |
- bits 0 and 0 are fixed in the most significant bits (MSB) - The remaining 46 bits are chosen at random
4. How to configure and use Resolvable Private Address (RPA)
One address type is chosen by the customer and is defined as the identity address of the device.
It may be either a public address either a static random address.
It is defined with CFG_IDENTITY_ADDRESS in app_conf.h
Initialization sequence in app_ble.c:
If CFG_IDENTITY_ADDRESS is defined as GAP_PUBLIC_ADDRESS
Ble_Hci_Gap_Gatt_Init() {
..
aci_hal_write_config_data(CONFIG_DATA_PUBADDR_OFFSET,..) // write public address in flash at public address offset
If CFG_IDENTITY_ADDRESS is defined as GAP_STATIC_RANDOM_ADDR
Ble_Hci_Gap_Gatt_Init() {
..
aci_hal_write_config_data(CONFIG_DATA_RANDOM_ADDRESS_OFFSET,..) // write static random address in flash at random address offset
This parameter is used in aci_gap_set_authentication_requirement and corresponds to SMP identity address type, which is now used as GAP identity address type.
4.1. First case - initialize the GAP layer with privacy enabled and use of the defined device address
If privacy is enabled, and customer wants to connect and bond with a known device, and then use and resolve RPA.
aci_gap_init(CFG_PRIVACY = privacy_enabled,..)
If privacy is enabled, to start advertising, scan request or connection request, allowed values for Own_address_type are RPA (0x02) or NRPA (0x03).
aci_gap_set_authentication_req(..,Identity_address_type = CFG_IDENTITY_ADDRESS) // identity address type is used.
aci_gap_set_discoverable(.., Own_address_Type = CFG_BLE_ADDRESS_TYPE,..) // RPA or NRPA
As long as aci_gap_add_devices_to_resolving_list is not sent, the identity addess type is the used one for advertising if we take previous example code.
Peer device Initiates a connection, starts pairing (bonding enabled).
Link disconnection (not mandatory)
If following commands are sent:
aci_gap_get_bonded_devices(peer_bonded_devices_addr) aci_gap_add_devices_to_resolving_list(peer_bonded_devices_addr_type and peer_bonded_devices_addr of the previously bonded device) aci_gap_set_discoverable(.., Own_address_Type = CFG_BLE_ADDRESS_TYPE,..) // RPA or NRPA
Device advertises with an RPA which could be resolved by devices added in resolving list..
Note that both devices need to be in privacy mode. Privacy is necessary to activate the address resolution in Link Layer.
4.2. Second case - initialize the GAP layer with privacy enabled and use of a Resolvable Private Address
If privacy is enabled, and customer wants to connect and bond with a device advertising with RPA.
aci_gap_init(CFG_PRIVACY = privacy_enabled,..)
If privacy is enabled, to start advertising, scan request or connection request, allowed values for Own_address_type are RPA (0x02) or NRPA (0x03).
If following commands are sent:
aci_gap_add_devices_to_resolving_list(peer_identity_address_type equals to 0 or 1, Peer_address could be whatever except NULL address) aci_gap_set_discoverable(.., Own_address_Type = CFG_BLE_ADDRESS_TYPE,..) // RPA or NRPA
Device advertises with an RPA.
But device is not yet known.
5. First example: Connection between a smartphone and a STM32WB-WBA
5.1. first phase - initialize the GAP layer with privacy enabled, connection and bonding - use of public address
| Connection and bonding - privacy enabled, use of public address |
|---|
5.2. second phase - add device to resolving list
| Add device to resolving list |
|---|
6. Second example : Connection between two STM32WB-WBA
6.1. first phase - initialize the GAP layer with privacy enabled, connection and bonding. Use of static random address
| Connection and pairing - privacy enabled, use of static random address |
|---|
6.2. second phase - add device to resolving list
| Add device to resolving list |
|---|
7. STM32-Hotspot BLE Privacy example
- GAP Peripheral STM32WB Bluetooth® Low Energy Privacy [1] feature enabled to demonstrate advertising with a Resolvable Private Address.