Back to articles
Privacy and Bluetooth Mesh
The difference between security and privacy is one of the most misunderstood aspects of the IoT revolution. Bluetooth mesh blows privacy problems out of the water.
When we look at the benefits of choosing Bluetooth mesh for low-power wireless communication, privacy is placed someway down the list or even overlooked entirely.
Yet it was designed from the very start to protect data about the network and users. As of now, no competing protocol has the built-in privacy by design capabilities of Bluetooth mesh.
The privacy problem
With social media encouraging us to share every little detail about our personal lives, you could be forgiven for thinking privacy is no longer an issue. But the reality is that with everything becoming connected, privacy has never been so important for system designers to address from the very beginning.
One privacy aspect falling into the spotlight recently is the risk that exposed metadata from smart home systems can pose to owners. Even when the data within the system is fully protected, metadata can reveal critical information, for example, whether a light was turned off manually or with a home automation system. If the latter, chances are the house is empty.
Security by design
In the world of IoT development we often talk about the importance of security by design, which means making security a fundamental design principle from the conception stage.
Read more: IoT Security: It’s time to talk
While secure key exchanges, encryption, authentication and so on are important, privacy is often addressed indirectly. Static IPv6 addresses and 48-bit public MAC addresses are both globally unique, and anything that is globally unique can be identified and tracked.
Many wireless communication protocols rely on these addresses to function. Capture the data transmission and it’s straightforward to deduce the number, types, and manufacturing origin of the devices in a network.
Bluetooth Low Energy deals with privacy by changing the MAC address. However, since these devices are usually portable whereas mesh networked devices will have fixed installations, the privacy concerns are different.
Privacy by design
By encrypting destination addresses and obfuscating source addresses, Bluetooth mesh is different. By capturing the data transmission of a Bluetooth mesh network, all you learn is that there is a network.
Each time a message is relayed, this masked information is changed, removing the ability for anyone to track the flow of messages. Without the security keys, it’s just noise.
Read more: Bluetooth Mesh for Industrial IoT
Of course, Bluetooth mesh on its own isn’t a silver bullet. Privacy by design also means considering whether the data you collect is necessary, how it will be used and what for, and whether the data is classified as ‘personal’ and therefore regulated by law in many jurisdictions.
With those fundamentals in place, Bluetooth mesh will help you build a low-power wireless network with privacy at its heart.