• State Verified Answer
  • Replies 4 replies
  • Subscribers 71 subscribers
  • Views 1588 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 113658
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

can private address be used to stop connection

andrewjfox

Hi,

I've read the BT specs covering addressing several times and still don't really understand how private addresses work in real life.

Lets say my peripheral starts out with no IRKs stored and has never been bonded. During user setup, a known central (iPhone) bonds with my peripheral and we share IRKs. At some point a malicious central (sniffer, hacker etc) comes along, and tries to spoof the known centrals address, however they won't have the IRKs. Will my peripheral deny a connection?

For non-resolvable address, what does peripheral advertise with, a random number, and when central conencts to peripheral with non-resolvable address which actual address does it use in connection request?

Thanks in advance Andrew

Parents
  • 0

    If you don't have the IRK you can't try to spoof the address, the private resolvable address is made up of a random part plus the same random part encrypted with the IRK.

    If the peripheral is set up only to accept connections from whitelisted peers then it will deny connection from anything not on the list. If that list contains some resolvable private addresses, ie basically IRKs as that's the important part, it will deny connection to any resolvable private address it sees which was not constructed using an IRK in that list.

  • 0 in reply to RK

    If you have the additional step that someone has sniffed a whitelisted device getting connected then yes you can replay the address and get as far as connection. That's true of any address type, resolvable private addresses aren't about security, they are about privacy.

    Your second question doesn't make so much sense. You wouldn't usually share an IRK, an IRK is an identity and is coupled with all the encryption keys for that identity, you don't want two things to look like the same thing. You could if you wanted, but it wouldn't be usual. If you're asking how, after you bond with one device and move into a whitelist-only connection mode you can bond with a second one; either you drop the whitelisting, bond, then restart it with them both whitelisted, or you write something complicated to pass keys through the bonded device to add a second one.

Reply
  • 0 in reply to RK

    If you have the additional step that someone has sniffed a whitelisted device getting connected then yes you can replay the address and get as far as connection. That's true of any address type, resolvable private addresses aren't about security, they are about privacy.

    Your second question doesn't make so much sense. You wouldn't usually share an IRK, an IRK is an identity and is coupled with all the encryption keys for that identity, you don't want two things to look like the same thing. You could if you wanted, but it wouldn't be usual. If you're asking how, after you bond with one device and move into a whitelist-only connection mode you can bond with a second one; either you drop the whitelisting, bond, then restart it with them both whitelisted, or you write something complicated to pass keys through the bonded device to add a second one.

Children
No Data
Related
Terms of service