是否应该与蓝牙 LE 设备建立绑定 [英] Should one create a bond with a Bluetooth LE device
问题描述
对于使用 Xamarin(Android API 21 及更高版本)的蓝牙项目,我想知道创建与蓝牙设备的绑定是否很常见.目前的要求是:
For a Bluetooth project with Xamarin (Android API 21 and up) I would like to know if it is common to create a bond with a Bluetooth device. The current requirements are:
- 蓝牙设备使用频繁,但不是持续使用.
- 应尽快重新连接
- 蓝牙地址在设备断电时随机变化
- 设备名称未知、为空或随机
- 连接已加密
- 连接使用需要蓝牙设备作为连接参数的叠加 API.
是否应该与此设备建立绑定以更好地"识别(作为某种缓存)或从头开始"重新连接到设备.在这种情况下有什么共同点? 所以这不是我可以绑定吗"的问题,而是绑定是否有必要,或者甚至更好:什么是一致且工作可靠的场景.
Should one create a bond with this device for "better" recognition (as some sort of cache) or reconnect to the device "from scratch". What is common in this scenario? SO it is not a question of "Can I bond", but is it necessary to bond, or even better: what is a coorect and working, reliable scenario.
目前我使用这样的代码(result.Device.Name 用于开发目的):
Currently I use code like this (result.Device.Name is for dev purposes):
public override void OnScanResult([GeneratedEnum] ScanCallbackType callbackType, ScanResult result)
{
if (result.Device.Name == "��" &&
!_discovered &&
result.ScanRecord != null &&
result.ScanRecord.ServiceUuids != null &&
result.ScanRecord.ServiceUuids.Any(x => x.Uuid.ToString().ToUpper() == uuid))
{
lock (_locker)
{
_discovered = true;
_deviceList.Add(result.Device);
BluetoothDiscoverySucces?.Invoke(result.Device);
}
}
}
推荐答案
简短回答:正确、常见且可靠的方案是结合.绑定意味着连接是安全的,链接是可信的.这意味着您的本地设备通常会找到远程设备,即使其地址发生变化.出于安全和隐私原因,配对/绑定是蓝牙中的推荐做法.
Short answer: the correct, common, and reliable scenario is to bond. Bonding means the connection is secure and the link is trusted. It means that your local device will usually find the remote device even if its address is changing. Pairing/bonding is recommended practice in Bluetooth for security and privacy reasons.
长答案:自推出以来,蓝牙规范的增量版本增加了一些功能,以提高蓝牙设备的安全性和隐私性.许多设备不允许您交换数据或正确跟踪它们,除非您已配对/绑定(绑定和配对的区别在于绑定,交换的密钥存储在数据库中.)
Long answer: since its introduction, incremental versions of the Bluetooth spec have added features to improve the security and privacy of Bluetooth devices. Many devices will not allow you to exchange data or properly track them unless you are paired/bonded (The difference between bonding and pairing is that with bonding, the exchanged keys are stored in the database.)
在低功耗蓝牙中,配对/绑定过程包括三个阶段:-
In Bluetooth Low Energy, the pairing/bonding process consists of three stages:-
第一阶段 - 配对功能交换
两个连接的设备交换它们的 IO 功能(例如设备是否有键盘)、身份验证要求(例如绑定或不绑定)和支持的密钥大小.
The two connected devices exchange their IO capabilities (e.g. does the device have a keyboard), authentication requirements (e.g. to bond or not to bond) and supported key sizes.
第 2 阶段 - 身份验证和加密
使用加密算法生成一个密钥并用于加密链接(这对于传统和 LESC 配对来说是不同的,但这超出了本问题的范围).
Using encryption algorithms a key is generated and used to encrypt the link (this is different for legacy and LESC pairing, but it is beyond the scope of this question).
第 3 阶段 - 密钥分发
多个密钥在设备之间交换,包括 CSRK(连接签名解析密钥)、IRK(身份解析密钥)和静态地址.
Several keys are exchanged between the devices including the CSRK (Connection Signature Resolving Key), the IRK (Identity Resolving Key) and the static address.
对您的问题特别重要的是 IRK 和地址.自蓝牙 v4.0 起,一项名为 LE Privacy 的功能允许设备不断更改其地址以降低其跟踪能力.恶意设备将无法跟踪实现此功能的设备,因为它实际上看起来像是一系列不同的设备.为了解析地址,设备需要事先配对/绑定.如果远程设备包含 IRK,则它可以使用该 IRK 和随机可解析地址来导出蓝牙设备的原始地址.
Of particular importance to your question is the IRK and the address. Since Bluetooth v4.0, a feature known as LE Privacy allowed the device to continuously change its address to reduce its track-ability. Malicious devices would not be able to track the device implementing this feature, as it actually looks like a series of different devices. In order to resolve the address, the devices need to be previously paired/bonded. If the remote device contains the IRK then it can use that and the random resolvable address to derive the Bluetooth device's original address.
所以,回顾一下你的标准:-
So, going over your criteria:-
- 蓝牙设备使用频繁,但不是持续使用.
如果您要频繁断开/重新连接,您可以与设备配对一次并存储密钥(即绑定).之后不再需要配对,因为在断开/重新连接时将使用相同的密钥来加密连接.
If you are going to disconnect/reconnect frequently, you can pair once with the device and store the keys (i.e. bond). Pairing is no longer needed afterwards as the same keys will be used to encrypt the connection upon disconnection/reconnection.
- 应尽快重新连接
连接和绑定是两个不同的东西.无论是否实施绑定,重新连接都将花费相同的时间.但是,一旦设备重新连接,连接重新加密需要一些时间.
Connection and bonding are two different things. It will take the same amount of time to reconnect regardless of bonding being implemented. However, once the devices are reconnected, it will take some time for the connection to be re-encrypted.
- 蓝牙地址在设备断电时随机变化
这意味着设备正在使用 LE 隐私功能.因此,您的设备应与其绑定以解析私有可解析地址.
This means that the device is utilising the LE privacy feature. Therefore your device should be bonded with it in order to resolve the private resolvable address.
- 设备名称未知、为空或随机
这通常是 BLE 的情况.这些设备通常可通过其地址进行识别.因此,如果您的设备之前已绑定,您将能够解析更改地址并识别远程设备.
This is usually the case with BLE. The devices are usually identifiable via their address. As such if your devices have previously bonded you will be able to resolve the changing address and identify the remote device.
- 连接已加密
如果不先配对,您将无法实现加密连接(按照上述 3 个阶段).通过绑定,您将密钥存储在数据库中,从而确保您将来可以使用它们来重新加密连接,而无需经过配对阶段.
You cannot achieve an encrypted connection without pairing first (as per the 3 phases above). With bonding you are storing the keys in your database, therefore ensuring that you can use them in the future to re-encrypt the connection without having to go over the pairing phases.
- 连接使用需要蓝牙设备的上层 API作为连接参数.
我不确定这意味着什么,但与绑定要求无关.
I am not sure what this means, but is irrelevant to the requirement for bonding.
有关该主题的进一步阅读,我建议访问蓝牙规范版本 5.0,第 3 卷,第 H 部分,第 2 部分安全管理器(第 2295 页)
For further reading on the subject, I recommend visiting the Bluetooth Specification Version 5.0, Vol 3, Part H, Section 2 Security Manager (page 2295)
这篇关于是否应该与蓝牙 LE 设备建立绑定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
