Unique Id of a device needed

RE: Unique Id of a device needed

Ulrich Myhre — Mon, 04 Jan 2016 12:37:26 GMT

I'm still not understanding exactly what you want to accomplish. Are you trying to recognize a device that has a pre-shared secret, written directly into the app - or are you trying to just make sure you are still connecting to the same device again? What about using normal BLE security and exchanging a long-term key after pairing? Then the LTK can be this "secret", and you would need to sniff the connection during the initial pairing to be able to copy it. What about that solution would not fit your solution?

Sorry if I'm misunderstanding, but what you are asking for directly is not possible to accomplish. Everything can be forged by a peer, so I'm looking for alternative ways to solve your problem.

RE: Unique Id of a device needed

marko — Thu, 17 Dec 2015 14:36:53 GMT

Thanks for your answer. I checked the link layer capabilities carefully but there does not seem to be a feature I can use. Indeed I have to implement my security functionality on application layer and this was planned too. But therefore I need this unique device ID. I further think about using the BT device address. After bonding even a private address is resolvable to the original device address if I'm right. So the question is, is it possible to use a counterfeit address for let's say an Android app? On the other hand, if I only use the application layer for authentication (without a device specific token) then copying this android app will copy the unique ID in this app. Even if the ID is not stored in the android app code then it seems to be easy to decompile android app and get info about where the ID is taken from. I heard, the android java code is not really safe

RE: Unique Id of a device needed

Ulrich Myhre — Tue, 08 Dec 2015 09:29:20 GMT

Thank you for clarifying, I thought you had control of the central in this scenario. Unfortunately, there are no identifiable parameters to a connection that cannot be changed by the peer. The closest is probably reading the remote version, but this is a link-layer feature - often not visible to the app. It is also the same value for all devices using the same SoftDevice version. But even here there could be "rogue" peers that will fake this value if they need to.

It's possible that you will have to implement some application security layer yourself, using a verified cryptographic scheme. This requires you to have an application that supports it on both sides, however.

RE: Unique Id of a device needed

marko — Mon, 07 Dec 2015 10:28:55 GMT

For the central any smartphone or tablet is intended. It is beyond our control so there could be everything beside a Nordic based device.

RE: Unique Id of a device needed

ovrebekk — Mon, 07 Dec 2015 10:07:52 GMT

Will the central devices be Nordic based as well, or could any BLE central be used?

RE: Unique Id of a device needed

marko — Mon, 07 Dec 2015 07:40:46 GMT

Hi, I already had read this questions and still there are some more I read. But they did not solve my problem. If you read my question then you will see that the problem is not to get an identifier out of a nRF51422. It is about to identify the central device as seen from the perspective of the nRF51422 peripheral. So I am looking for a token related to the BLE connection, and this token should not be able to be manipulated by software. Regards, Marko

RE: Unique Id of a device needed

Ulrich Myhre — Thu, 03 Dec 2015 15:33:20 GMT

Hi,

There have been some questions about this earlier:

devzone.nordicsemi.com/.../

The take-away is that there are no identifiers that are guaranteed to be unique in the chip's factory registry. They are randomly generated however, so it is quite unlikely that they will be re-used. DEVICEID, DEVICEADDR, ER and IR are all randomly generated (except 2 bytes of DEVICEADDR for the address type) and together these could make do as a likely unique identifier.

These values are also not possible to change.