• State Verified Answer
  • Replies 13 replies
  • Subscribers 62 subscribers
  • Views 3366 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 118329
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Peripheral MAC change

adriand

Hello,

if we want protect our (central) device against tracking and still allow it to connect with specific Peripheral we can use whitelist with IRK (and?) mac address (is mac still mandatory on the list with IRK?). My question - what if we want to protect peripheral and change its mac periodically, could we also use whitelists somehow to connect to the peripheral that has changed its mac but Central doesn't know that?

Let's assume we can store some IRK (or other keys) on both side before any previous operations (no bonding, etc.)

Thanks!

Parents
  • 0

    If you want to protect your central device against tracking, but still be recognizable by trusted devices you can use the random private resolvable address type. Keep in mind that as long as the device is not sending out scan requests and connection requests it is difficult to track it, because it will only be scanning.

    The peripheral needs the IRK to resolve the address. It can put the IRK (only) into a whitelist if it wants to filter away scan requests and/or connection requests from other centrals.

    If the peripheral uses the random private resolvable address type the central needs the IRK to resolve the address. It can put the IRK into a whitelist if it wants to filter away advertisments from other peripherals.

    Typically the IRK is distributed when you bond, but with SoftDevice S130 v3.0.0 and later you can set the IRK to use with sd_ble_gap_privacy_set().

  • 0 in reply to Petter Myhre

    Hm, ok, I printed the exact key from your code, but shouldn't I be able to manage sd_ble_opt_get() on different object of ble_opt_t? When I create for eg. ble_opt_t prv_opt2 (so I used prv_opt for set and after that prv_opt2 for get) and manage sd_ble_opt_get(BLE_GAP_OPT_PRIVACY, &prv_opt2) then I have a rubbish printed from irk.. And still there is a question - how can I provide more than one key with that method?

Reply
  • 0 in reply to Petter Myhre

    Hm, ok, I printed the exact key from your code, but shouldn't I be able to manage sd_ble_opt_get() on different object of ble_opt_t? When I create for eg. ble_opt_t prv_opt2 (so I used prv_opt for set and after that prv_opt2 for get) and manage sd_ble_opt_get(BLE_GAP_OPT_PRIVACY, &prv_opt2) then I have a rubbish printed from irk.. And still there is a question - how can I provide more than one key with that method?

Children
No Data
Related