Hardware Reference
In-Depth Information
such as generating random numbers, encrypting data using the Advanced Encryp‐
tion Standard (AES), and generating and exchanging security keys with the peer.
GAP security aspects
GAP defines a set of modes and procedures related to security that allow the im‐
plementation to trust the connection to carry sensitive data and to confidently ac‐
cept the identity of a peer device. Security procedures are mostly asymmetrical,
with the central and the peripheral assuming different roles during the generation
and exchange of keys and the subsequent use of them to establish a secure connec‐
tion. Additionally, GAP further expands and specifies the usage of the tools defined
in “Security Manager (SM)” on page 28 in a standard and interoperable manner.
The following sections further detail the GAP security aspects that, although at times
complex and even convoluted, are fundamental to the operation of a majority of BLE
devices.
Address Types
As discussed in “Bluetooth Device Address” on page 19 , at its lowest level, the BLE
protocol stack differentiates between public and random device addresses. GAP extends
the concept of random device addresses by classifying them into three different cate‐
gories:
Static address
Static addresses are typically used as a replacement for public ones whenever the
manufacturer does not want or need the overhead of IEEE registration. A static
address is simply a random number that can either be generated every time the
device boots up or can stay the same for the lifetime of the device. However, it cannot
be changed during a power cycle of the device.
Non-resolvable private address
This type of address is not commonly used. Also a randomly generated number, it
represents a temporary address used for a certain amount of time.
Resolvable private address
Resolvable private addresses form the basis of the privacy feature. They are gener‐
ated from an identity resolving key (IRK) and a random number, and they can be
changed often (even during the lifetime of a connection) to avoid the device being
identified and tracked by an unknown scanning device. Only devices that possess
the IRK distributed by the device using a private resolvable address can actually
resolve that address, allowing them to identify the device.
GAP also defines an encoding scheme to obtain the category from the two highest bits
of the BD_ADDR 48-bit value, which can be useful in certain situations. But to ascertain
the nature of a BLE address, you need one extra bit on top of the 48-bit, because other‐
wise it would be impossible to know whether the BD_ADDR corresponds to a public or a
Search WWH ::




Custom Search