This document presents protocol level mechanisms for privacy and security in Bluetooth Smart (BLE) or other relatively low bandwidth broadcast-only devices or other wireless devices and networking technologies of similar nature.
Most networking technologies support the concept of a “MAC address”, which is the address assigned to a device at the lowest layer of logical processing. These addresses serve as device unique identifiers for the networking layer. When privacy is needed, some systems provide mechanisms for randomizing the devices' MAC addresses periodically. However, in these cases, when these mechanisms are used, the device cannot be uniquely identified at the network layer. The goal of the MAC address as an identifier is effectively lost.
Bluetooth Smart (formerly known as Bluetooth Low Energy, or BLE) is gaining adoption as a wireless communication protocol for peripheral devices. In particular, its broadcast only mode (where the device only sends “advertisement” packets) enables many interesting applications, as this mode's extremely low processing and power requirements enable small devices with very long lifetimes. Industry standard BLE profiles, such as Apple's iBeacon, Radius Networks' AltBeacon, and version 1 of Google's ZipBeacon, make little effort to safeguard users' privacy or provide solution security that may be advantageous in proximity beacons, object tracking tags, and device unlocking tokens.
The Bluetooth Specification itself contains some security mechanisms, but these are mostly aimed at protecting the data flow after devices are paired. When a device is operating in the broadcaster mode, the only security mechanism provided by the standard specification is use of random MAC addresses. In many cases, broadcast only applications will require additional application level security. The standard random address mechanism also does not protect against replay, which may be desirable for most security sensitive applications.
Furthermore, some networking technologies (including BLE) provide mechanisms for periodic MAC address rotation. The difference between address rotation and randomization is whether some other devices can reconstruct the true identity from the scrambled address, using some pre-shared knowledge. In the case of Bluetooth Smart, the data required for decoding the rotating MAC addresses is shared as part of the pairing process. Thus, such MAC rotation may not be used if the devices do not pair via BLE. Furthermore, the BLE MAC address rotation scheme is susceptible to replay attacks, so is not safe for use as the sole means of device identification.