# Bluetooth v4.2 spec ###### tags: `Bluetooth Security` [core 4.2v](https://www.bluetooth.com/specifications/specs/core-specification-4-2/) ## Address * 一個BLE device可<font color=blue>同時具備兩種addr</font>： Public Device Address與Private Device Address，關係如下： ``` --> 1. Public Device Address / BLE address --> 2.1 Static Device Address \ / --> 2. Random Device Address \ --> 2.2 Private Device Address / \ 2.2.1 Non-resolvable Private Address <-- --> 2.2.2 Resolvable Private Address ``` 1. Public Device Address * BR/EDR: 48bits的MAC address * BLE: 48bits的MAC address，24-bit company_id + 24-bit company * <font color = red>若知道device addr就會有安全問題</font> 2. Random Device Address：不是固定分配，而是device啟動後隨機生成 * 2.1 Static Device Address：上電後隨機生成 * 最高兩bit為"11"，剩餘46 bits為random * 在上電週期內保持不變 * A device may choose to initialize its static address to a new value after each power cycle. A device shall not change its static address value once initialized until the device is power cycled. * Note: If the static address of a device is changed, then the address stored in peer devices will not be valid and the ability to reconnect using the old address will be lost.  * 2.2 Private Device Address：透過定時更新和addr加密兩種方法來提高安全性，根據addr是否加密又可以分為兩類： * 2.2.1 Non-resolvable Private Address * 定時更新，更新週期為T_GAP(private_addr_int)，建議值為15分鐘 * 最高兩bit為"00"，剩餘46 bits為random * 迷惑敵人也迷惑自己，故不常使用[10]  * 2.2.2 <font color='blue'>resolvable Private Address</font> * 高位24bits: 最高兩bit為10，剩餘22bits為隨機數 * 低位24bits: 隨機數與IRK (Identity Resolving Key) 經過hash得到的值：hash=ah(IRK, prand) * The Host can resolve a resolvable private address where the Host has the peer device’s IRK or the local device's IRK[9] * 當對端BLE設備掃描到該類型的藍牙地址後，會使用保存在本機的IRK，和該地址中的prand，進行同樣的hash運算，並將運算結果和地址中的hash字段比較，相同的時候，才進行後續的操作。這個過程稱作resolve（解析），這也是resolvable命名的由來[10] * 以T_GAP(private_addr_int)為周期，定時更新。哪怕在廣播、掃描、已連接等過程中，也可能改變[10] * Resolvable private address不能單獨使用，因此需要使用該類型的地址的話，設備要同時具備Public Device Address或者Static Device Address中的一種[10]