问题
I'm trying to build an access control system using BLE beacons and a web server.
A mobile phone will transmit a beacon signal near the gate and the beacon will be forwarded to the server to decide whether this person should pass.
The problem is transmitting a beacon without encryption is not safe, i need to encrypt the beacons.
The question is: is there an API for web applications to resolve the Eddystone EID encrypted beacon without using google web service?
Another question: is the Eddystone EID a good idea for encrypting the beacon for access control (regarding security, time, etc..)?
回答1:
Eddystone-EID uses a strong hash to secure your beacon transmissions from spoofing or hijacking. However. It comes with a real cost of significant complexity, and very few hardware beacons that support the crypto functions and real time clock components needed to generate the symmetric keys needed to register them as Eddystone-EID. Since you are using a mobile phone, and not a hardware beacon, you'll need to write your own registration crypto functions based on the Google spec, which is not trivial.
To my knowledge, there are no publicly available alternatives to Google's EID resolvers, so if you choose to use this technology, you must register your beacons with Google and trust their services to make your solution work.
I developed an independent resolver server to work with Edsystone-EID early in the development process, even before Google released its own resolver. My intention was to release this to the public, but adoption of the technology was simply not sufficient to warrant the effort. Most companies have decided the downside of encrypted beacons (deployment complexity, network access required for resolution, limited hardware support, proprietary lock-in) outweigh the benefits for almost all use cases.
Be aware that Eddystone-EID is no panacea. The beacon signals can still be spoofed in short time intervals less than the identifier rotation period (configurable between a few minutes and several hours.)
One possible alternative is the proprietary Gimbal system, which is easier to use, and supplies its own proprietary hardware beacons, but otherwise has the same disadvantages as EID. However, they only work with their own hardware beacons, and don't supply a client library to transmit a Gimbal encrypted packet from a phone.
Whichever you choose, make sure this is really required for your use case, and don't commit to a solution until you experiment with one first hand.
来源:https://stackoverflow.com/questions/53409308/turning-a-mobile-phone-into-a-beacon