encryptionbeaconeddystoneproximityapi

Is it possible to work offline with Eddystone-EID?


Eddystone-EID beacons transmit Ephemeral Identifiers which will be resolved by Google's Proximity Beacon API. This means one can not detect an Eddystone-EID beacon without an active internet connection. The approach is pretty new, so there is not much info on the internet.

Generation of ephemeral identifier and resolving mechanism is described in this paper provided by Google researchers. Here is the summary of the procedure: Eddystone-EID beacons encrypt the value from their embedded time counters with AES-128 using their key, while the key is unique identifier for each beacon. The result is the ephemeral id that's goning to be transmitted. Like every 512 secs, beacons recomputes their ephemeral ids. When an ephemeral id received by the receiver side, the resolver tries to find the key which provides correct decryption among known predefined keys. The found key corresponds to identification of the beacon.

I'm wondering whether it's possible to implement an offline resolving/decryption procedure according to given paper, that works with Eddystone-EIDs on the market. Instead of using a global resolver at the cloud, can we develop a local resolver which works with much less number of beacons?

If yes, is there any previous attempts or implementations etc?

What's your opinions on this topic?


Solution

  • Yes, it is theoretically possible to implement an EID resolver in Android or iOS code that does the calculations to see if an EID transmission comes from a known beacon transmitter.

    The mobile device implementation would need to use compatible AES-128 encryption libraries and somehow store copies of the keys needed to do the resolution for each beacon.

    When building a server-side resolver implementation for testing purposes, I considered building such a library. I also learned it is very tricky to get everything exactly right. Many AES libraries only provide partial functionality so are unusable.

    It is also important to note that US export restrictions on encryption software will make putting apps that do this in the Apple AppStore and Google Play Store problematic.