Bluetooth: Concurrent advertising


Christoph Schramm
 

Hi Vinayak,

thanks a lot for your reply.

I have always been afraid of this but always assumed there will be a solution if we actually hit this worst case. Wow. I mean, with all the Corona apps rolling out, it would be really simple (for a flat earther, anti-vaxxer, etc.) to create a device which "bruteforces" all the smartphones around to render the Corona apps useless.
However, that's out of scope for Zephyr.

Thanks, again
Chris



Am 27.08.20, 09:01 schrieb "users@lists.zephyrproject.org im Auftrag von Chettimada, Vinayak Kariappa via lists.zephyrproject.org" <users@lists.zephyrproject.org im Auftrag von vinayak.kariappa.chettimada=nordicsemi.no@lists.zephyrproject.org>:

Hi Chris,

Only one connectable advertising instance is supported in the zephyr controller. Multiple simultaneous connections are supported, but that is not going to help denial of service if you do not want to authenticate a connecting central.
It is normal for centrals to support multiple simultaneous connections and your rogue master would connect to all your multiple advertisings attempts.

> one might want to advertise an eddystone beacon and a sensor peripheral at the same time
You either do this by advertising connectable and then after a connection you start a non-connectable advertising. This is supported in current zephyr BT stack.
If you want simultaneous instances of advertisers with different advertising data/mode, then you need advertising extensions support.
Zephyr host has support for advertising extensions, but you will need to check if the controller you use supports it.
Zephyr open source controller for nRF52 does not (its work in progress), but Nordic's proprietary softdevice controller in the nRF Connect SDK fully supports advertising extensions.

That said, again, without authentication, you can only use back-off to avoid denial of service if a central is always trying to connect to your device. There is no deny list for devices.

Regards,
Vinayak


-----Original Message-----
From: users@lists.zephyrproject.org <users@lists.zephyrproject.org> On Behalf Of Christoph Schramm via lists.zephyrproject.org
Sent: 26 August 2020 22:12
To: users@lists.zephyrproject.org
Subject: [Zephyr-users] Bluetooth: Concurrent advertising

Dear All,

One of our devices installed on a remote location is under some sort of „denial-of-service“ attack - well, that‘s simply meaning someone is constantly connecting to our peripheral, thus blocking other connections.
We can‘t use bonding (because of the UX impact with auth code in apps), so my only idea is to continue advertising even while a (rogue) central is connected.
I thought this would be the default for BT_LE_ADV_CONN but as it seems, it‘s not: the peripheral stops advertising and only resumes after the central disconnected.
However, I always wondered if it‘s possible to have multiple concurrent advertising „virtual“ peripherals. I can see that the ticker API is referenced a lot, so at first glance it looks like it was a common use case. But I absolutely can‘t find any documentation of how to start multiple advertisements (just to give a simple example: one might want to advertise an eddystone beacon and a sensor peripheral at the same time)

Any help is greatly appreciated

Chris


Chettimada, Vinayak Kariappa
 

Hi Chris,

Only one connectable advertising instance is supported in the zephyr controller. Multiple simultaneous connections are supported, but that is not going to help denial of service if you do not want to authenticate a connecting central.
It is normal for centrals to support multiple simultaneous connections and your rogue master would connect to all your multiple advertisings attempts.

one might want to advertise an eddystone beacon and a sensor peripheral at the same time
You either do this by advertising connectable and then after a connection you start a non-connectable advertising. This is supported in current zephyr BT stack.
If you want simultaneous instances of advertisers with different advertising data/mode, then you need advertising extensions support.
Zephyr host has support for advertising extensions, but you will need to check if the controller you use supports it.
Zephyr open source controller for nRF52 does not (its work in progress), but Nordic's proprietary softdevice controller in the nRF Connect SDK fully supports advertising extensions.

That said, again, without authentication, you can only use back-off to avoid denial of service if a central is always trying to connect to your device. There is no deny list for devices.

Regards,
Vinayak


-----Original Message-----
From: users@lists.zephyrproject.org <users@lists.zephyrproject.org> On Behalf Of Christoph Schramm via lists.zephyrproject.org
Sent: 26 August 2020 22:12
To: users@lists.zephyrproject.org
Subject: [Zephyr-users] Bluetooth: Concurrent advertising

Dear All,

One of our devices installed on a remote location is under some sort of „denial-of-service“ attack - well, that‘s simply meaning someone is constantly connecting to our peripheral, thus blocking other connections.
We can‘t use bonding (because of the UX impact with auth code in apps), so my only idea is to continue advertising even while a (rogue) central is connected.
I thought this would be the default for BT_LE_ADV_CONN but as it seems, it‘s not: the peripheral stops advertising and only resumes after the central disconnected.
However, I always wondered if it‘s possible to have multiple concurrent advertising „virtual“ peripherals. I can see that the ticker API is referenced a lot, so at first glance it looks like it was a common use case. But I absolutely can‘t find any documentation of how to start multiple advertisements (just to give a simple example: one might want to advertise an eddystone beacon and a sensor peripheral at the same time)

Any help is greatly appreciated

Chris


Christoph Schramm
 

Dear All,

One of our devices installed on a remote location is under some sort of „denial-of-service“ attack - well, that‘s simply meaning someone is constantly connecting to our peripheral, thus blocking other connections.
We can‘t use bonding (because of the UX impact with auth code in apps), so my only idea is to continue advertising even while a (rogue) central is connected.
I thought this would be the default for BT_LE_ADV_CONN but as it seems, it‘s not: the peripheral stops advertising and only resumes after the central disconnected.
However, I always wondered if it‘s possible to have multiple concurrent advertising „virtual“ peripherals. I can see that the ticker API is referenced a lot, so at first glance it looks like it was a common use case. But I absolutely can‘t find any documentation of how to start multiple advertisements (just to give a simple example: one might want to advertise an eddystone beacon and a sensor peripheral at the same time)

Any help is greatly appreciated

Chris