应该与蓝牙LE设备建立联系吗 [英] Should one create a bond with a Bluetooth LE device
问题描述
对于使用Xamarin的蓝牙项目(Android API 21及更高版本),我想知道与蓝牙设备建立绑定是否常见.当前的要求是:
For a Bluetooth project with Xamarin (Android API 21 and up) I would like to know if it is common to create a bond with a Bluetooth device. The current requirements are:
- Bluetooth设备经常使用,但不能连续使用.
- 重新连接应该尽快发生
- 关闭设备电源后,蓝牙地址会随机更改
- 设备名称未知,为空或随机
- 连接已加密
- 该连接使用上层API,该API需要将Bluetooth设备作为连接参数.
应该与该设备建立绑定以更好"地识别(作为某种缓存)还是从头开始"重新连接到设备. 在这种情况下,有什么共同点?因此,这不是我可以绑定"的问题,但是有必要进行绑定甚至更好的绑定吗:什么是正确且可行的,可靠的场景.
Should one create a bond with this device for "better" recognition (as some sort of cache) or reconnect to the device "from scratch". What is common in this scenario? SO it is not a question of "Can I bond", but is it necessary to bond, or even better: what is a coorect and working, reliable scenario.
当前,我使用这样的代码(result.Device.Name用于开发目的):
Currently I use code like this (result.Device.Name is for dev purposes):
public override void OnScanResult([GeneratedEnum] ScanCallbackType callbackType, ScanResult result)
{
if (result.Device.Name == "��" &&
!_discovered &&
result.ScanRecord != null &&
result.ScanRecord.ServiceUuids != null &&
result.ScanRecord.ServiceUuids.Any(x => x.Uuid.ToString().ToUpper() == uuid))
{
lock (_locker)
{
_discovered = true;
_deviceList.Add(result.Device);
BluetoothDiscoverySucces?.Invoke(result.Device);
}
}
}
推荐答案
简短的答案:正确,常见且可靠的方案是绑定.绑定意味着连接是安全的,链接是可信任的.这意味着即使其地址发生更改,您的本地设备也通常会找到该远程设备.出于安全和隐私方面的考虑,建议在蓝牙中进行配对/绑定.
Short answer: the correct, common, and reliable scenario is to bond. Bonding means the connection is secure and the link is trusted. It means that your local device will usually find the remote device even if its address is changing. Pairing/bonding is recommended practice in Bluetooth for security and privacy reasons.
长答案:自推出以来,蓝牙规范的增量版本已添加了一些功能,以改善蓝牙设备的安全性和隐私性.除非您已配对/绑定,否则许多设备都不允许您交换数据或正确跟踪它们(绑定和配对之间的区别在于,使用绑定时,交换的密钥存储在数据库中.)
Long answer: since its introduction, incremental versions of the Bluetooth spec have added features to improve the security and privacy of Bluetooth devices. Many devices will not allow you to exchange data or properly track them unless you are paired/bonded (The difference between bonding and pairing is that with bonding, the exchanged keys are stored in the database.)
在低功耗蓝牙中,配对/绑定过程包括三个阶段:-
In Bluetooth Low Energy, the pairing/bonding process consists of three stages:-
第一阶段-配对功能交换
两个连接的设备交换其IO功能(例如,该设备是否具有键盘),身份验证要求(例如,绑定或不绑定)和受支持的密钥大小.
The two connected devices exchange their IO capabilities (e.g. does the device have a keyboard), authentication requirements (e.g. to bond or not to bond) and supported key sizes.
第二阶段-身份验证和加密
使用加密算法,会生成一个密钥并将其用于加密链接(对于传统和LESC配对,这是不同的,但这不在此问题的范围之内.)
Using encryption algorithms a key is generated and used to encrypt the link (this is different for legacy and LESC pairing, but it is beyond the scope of this question).
第3阶段-密钥分发
在设备之间交换几个密钥,包括CSRK(连接签名解析密钥),IRK(身份解析密钥)和静态地址.
Several keys are exchanged between the devices including the CSRK (Connection Signature Resolving Key), the IRK (Identity Resolving Key) and the static address.
对您的问题特别重要的是IRK和地址.从Bluetooth v4.0开始,称为"LE隐私" 的功能允许该设备不断更改其地址以降低其跟踪能力.恶意设备将无法跟踪实现此功能的设备,因为它实际上看起来像一系列不同的设备. 为了解析地址,设备需要预先配对/绑定.如果远程设备包含IRK,则可以使用该IRK和随机可解析地址来导出蓝牙设备的原始地址.
Of particular importance to your question is the IRK and the address. Since Bluetooth v4.0, a feature known as LE Privacy allowed the device to continuously change its address to reduce its track-ability. Malicious devices would not be able to track the device implementing this feature, as it actually looks like a series of different devices. In order to resolve the address, the devices need to be previously paired/bonded. If the remote device contains the IRK then it can use that and the random resolvable address to derive the Bluetooth device's original address.
因此,请仔细检查您的条件:-
So, going over your criteria:-
- Bluetooth设备经常使用,但不能连续使用.
如果您要经常断开连接/重新连接,则可以与设备配对一次并存储密钥(即绑定).此后不再需要配对,因为在断开/重新连接时,将使用相同的密钥对连接进行加密.
If you are going to disconnect/reconnect frequently, you can pair once with the device and store the keys (i.e. bond). Pairing is no longer needed afterwards as the same keys will be used to encrypt the connection upon disconnection/reconnection.
- 重新连接应该尽快发生
连接和绑定是两个不同的东西.无论是否实施绑定,重新连接都将花费相同的时间.但是,重新连接设备后,将需要一些时间来重新加密连接.
Connection and bonding are two different things. It will take the same amount of time to reconnect regardless of bonding being implemented. However, once the devices are reconnected, it will take some time for the connection to be re-encrypted.
- 关闭设备电源后,蓝牙地址会随机更改
这意味着设备正在使用LE隐私功能.因此,您的设备应与其绑定以便解析私有可解析地址.
This means that the device is utilising the LE privacy feature. Therefore your device should be bonded with it in order to resolve the private resolvable address.
- 设备名称未知,为空或随机
这通常是BLE的情况.设备通常可以通过其地址进行识别.这样,如果您的设备以前已绑定,则可以解析更改的地址并标识远程设备.
This is usually the case with BLE. The devices are usually identifiable via their address. As such if your devices have previously bonded you will be able to resolve the changing address and identify the remote device.
- 连接已加密
如果不先进行配对,就无法实现加密连接(按照上述三个阶段).通过绑定,您可以将密钥存储在数据库中,因此确保您将来可以使用它们来重新加密连接,而不必经历配对阶段.
You cannot achieve an encrypted connection without pairing first (as per the 3 phases above). With bonding you are storing the keys in your database, therefore ensuring that you can use them in the future to re-encrypt the connection without having to go over the pairing phases.
- 该连接使用需要蓝牙设备的上层API 作为连接参数.
- The connection uses an overlying API that requires a Bluetooth Device as parameter for connection.
我不确定这意味着什么,但与绑定要求无关.
I am not sure what this means, but is irrelevant to the requirement for bonding.
有关该主题的更多信息,我建议访问Bluetooth规范版本5.0,第3卷,H部分,第2节安全管理器"(第2295页)
For further reading on the subject, I recommend visiting the Bluetooth Specification Version 5.0, Vol 3, Part H, Section 2 Security Manager (page 2295)
这篇关于应该与蓝牙LE设备建立联系吗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
