Enhancing device privacy and energy efficiency with Bluetooth® Randomized RPA Updates
|
The Bluetooth® Randomized RPA Updates feature enhances the management of resolvable private addresses and improves the privacy and energy efficiency of Bluetooth LE devices. This article highlights why Bluetooth® Randomized RPA Updates are relevant, explains how they work, and provides useful context for anyone new to this Bluetooth enhancement.
Background
All Bluetooth devices have a 48-bit long unique address used for their identification. The address is categorized as either public or random. The key differences between both address types are given below.
|
Public address |
Random address |
|
– Fixed for the lifetime of the device |
– Static or private (two subtypes) |
Random addresses are far more popular than public because they avoid the cost of address registration. But now, how are the two subtypes of random addresses different, you may wonder? Well, in the static case, the address can be fixed for the lifetime of a device, or it can be modified at device bootup, but if so, it can never change during runtime. In the private case, however, the address can be changed during runtime, periodically.
The ability to change during runtime makes random private addresses quite advantageous for device privacy protection. They are useful for making tracking difficult or to hide the real identity of a device (e.g., its public or random static address), for example.
Resolvable Private Address (RPA)
Bluetooth LE supports what is called resolvable private addresses. An RPA is a random private address that becomes resolvable only to devices sharing a common Identity Resolving Key (IRK) required to verify the address cryptographically. IRKs are securely exchanged by Bluetooth devices during pairing.
RPAs can help protect device privacy in two ways: By making it challenging for external observers to correlate device behavior through address patterns, which prevents long-term tracking, and by allowing only trusted devices to identify each other.
Using RPAs
The HCI_LE_Set_Resolvable_Private_Address_Timeout command (OCF 0x002E) is available to configure RPA updates. It controls the update frequency of a resolvable private address using a fixed timeout value. Its parameter structure is as follows:
|
Command parameter |
Length |
Value range |
Default value |
Description |
|
RPA_Timeout |
2 Bytes |
0x0001-0x0E10 (1s – 3600s) |
0x0384 (900s) |
Update interval |
Again, RPA is an important mechanism that enhances Bluetooth device privacy, but the fixed timeout approach presents two limitations that are non-negligible:
- Predictability risk: Attackers may be able to model device behavior by observing RPA update patterns. Even with the maximum 15-minute update interval, RPA addresses can become predictable and, potentially, still be exploited to track device locations and activities in user-tracking scenarios.
- Energy efficiency risk: For applications where the predictability risk is unacceptable (e.g., smartphones and laptops), RPA randomization must be implemented and managed by the system host directly. As a result, RPA updates force frequent host interruptions or waking leading to higher system energy consumption and impacting battery life.
Bluetooth® Randomized RPA Updates
Both limitations described above are addressed with the new Bluetooth® Randomized RPA Updates. In a nutshell, Bluetooth® Randomized RPA Updates allows making the RPA timeout parameter a random value within a specified time range, rather than the previously fixed value. Also, it enables the controller to autonomously generate a new RPA at a random time within the specified time range, relieving the host from managing and reconfiguring RPA timeouts to prevent unnecessary waking and, thus, save energy.
Using Bluetooth® Randomized RPA Updates
A new version, [v2], of the HCI_LE_Set_Resolvable_Private_Address_Timeout command (OCF 0x009E) introduces max and min timeout limits to set the timing range the controller will use to autonomously generate the new RPA and to randomly change an RPA. Its parameter structure is as follows:
|
Command parameter |
Length |
Value range |
Default value |
Description |
|
RPA_Timeout_Min |
2 Bytes |
0x0001-0x0E10 (1s – 3600s) |
0x01E0 (480s) |
Minimum update interval |
|
RPA_Timeout_Max |
2 Bytes |
0x0001-0x0E10 (1s – 3600s) |
0x0384 (900s) |
Maximum update interval |
Key enhancements making this new HCI command possible include:
- Random time generation algorithm: The controller will generate uniformly distributed random values within the specified range, complying with random number generation specifications in Bluetooth Core Specification Vol 2, Part H, Section 2.
- Error handling: If RPA_Timeout_Min exceeds RPA_Timeout_Max, or either parameter is out of range (>0x0E10), the command will return error code 0x12 (invalid HCI command parameters).
- Backward compatibility: The new [v2] command version will coexist with the legacy [v1] version with fixed RPA timeout. Support for specific commands can be queried using HCI command HCI_Read_Local_Supported_Commands (OCF 0x0002).
|
Octet |
Bit |
HCI command support |
|
35 |
2 |
HCI_LE_Set_Resolvable_Private_Address_Timeout [v1] |
|
48 |
2 |
HCI_LE_Set_Resolvable_Private_Address_Timeout [v2] |
Going forward, devices that support Bluetooth® Randomized RPA Updates will show new out-of-the-box behavior. They will randomize RPA updates automatically without explicitly calling the new HCI command.
Takeaways
- Bluetooth® Randomized RPA Updates is an HCI-only enhancement introduced with the release of Bluetooth® Core 6.1 that improves the privacy and energy efficiency of Bluetooth devices
- Bluetooth® Randomized RPA Updates sets the update frequency of a resolvable private address to a random timing value within a specified range; it also enables the controller to autonomously generate a new RPA, offloading RPA timeout management and reconfiguration duties from the host
To learn more, check out
