Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGBH] Identity Resolver Key Bluetooth LE


  Hi Graham,


  What are the requirements for such a thing? What are you trying to accomplish with something like this?


  - Is a private address dynamic or is it just a different static address? How often does/should it change?

  - Is it invertible such that a 3rd party could determine the "real" address?

  - Can a 3rd party determine whether an address is private or not?

  - Is it assumed that only certain entities can figure out the "real" address? If so, who is in the "in crowd" and how is that enforced?

  - Is it bound to a secure connection or do you require unencrypted (poss. unassociated) use of this functionality?

  - What are the assumptions on forgery of such an address? How hard does it need to be for someone to fake an address? Do you even care about forgery?

  - Are there any requirements to force STAs to do a scheme like this? Is co-existence (with other schemes, or no scheme) necessary?

 - Are there any collision resistance requirements? What's the probability of collision with 10,000 associated STAs? 20,000 STAs? What is acceptable?


While the approach other organizations have made might be interesting and illuminating, we need to have our own set of requirements on what we need before we start looking at solutions.







"the object of life is not to be on the side of the majority, but to

escape finding oneself in the ranks of the insane." – Marcus Aurelius


On 8/19/21, 11:30 AM, "G Smith" <gsmith@xxxxxxxxxxxxxxxxxxx> wrote:


I have been looking at Bluetooth Low Energy BLE and noticed that it also uses random (private) addresses.  It does, however, have a “resolvable Private Address” using an IRK (Identity Resolving Key).  “If a resolvable private address is resolved, the device can associate this address with the peer device.”


I attach excerpts out of the BT Spec on this in the hope it may trigger some ideas or provide an explanation. 


Now I am not a security expert and I do not yet fully understand this, but my thought is that maybe someone in the “bh” community has some knowledge of this, or can comment on whether we could do something similar? 


Just a thought. 





To unsubscribe from the STDS-802-11-TGBH list, click the following link:

To unsubscribe from the STDS-802-11-TGBH list, click the following link: