Objectives of the Bluetooth Technology

Similar documents
CS4/MSc Computer Networking. Lecture 13: Personal Area Networks Bluetooth

Introduction to Wireless Networks. Objet Communicants Dino Lopez h;p://

UNIT 5 P.M.Arun Kumar, Assistant Professor, Department of IT, Sri Krishna College of Engineering and Technology, Coimbatore.

Introduction to Bluetooth Wireless Technology

Local Area Networks NETW 901

Bluetooth: Short-range Wireless Communication

Bluetooth. Bluetooth Radio

Bluetooth Demystified

BASEBAND SPECIFICATION

A Guide. Wireless Network Library Bluetooth

e-pg Pathshala Quadrant 1 e-text

ENRNG3076 : Oral presentation BEng Computer and Communications Engineering

[A SHORT REPORT ON BLUETOOTH TECHNOLOGY]

Inside Bluetooth. Host. Bluetooth. Module. Application RFCOMM SDP. Transport Interface. Transport Bus. Host Controller Interface

Simulation of Bluetooth Network

Bluetooth Baseband. Chingwei Yeh 2001/9/10

Amarjeet Singh. February 7, 2012

Communication Systems. WPAN: Bluetooth. Page 1

By FaaDoOEngineers.com

Computer Networks II Advanced Features (T )

Bluetooth. The Bluetooth Vision. Universal Wireless Connectivity. Universal Wireless Connectivity

Bluetooth. Bluetooth Basics Bluetooth and Linux Bluetooth at AG Tech. Dr.-Ing. H. Ritter, 7.1

Embedded Systems. 8. Communication

Implementing A Bluetooth Stack on UEFI

Introduction to Wireless Networking ECE 401WN Spring 2009

Solving the Interference Problem due to Wireless LAN for Bluetooth Transmission Using a Non- Collaborative Mechanism. Yun-Ming, Chiu 2005/6/09

System Level Analysis of the Bluetooth standard

CHAPTER 12 BLUETOOTH AND IEEE

Wireless Local Area Network. Internet Protocol Suite

Guide to Wireless Communications, 3 rd Edition. Objectives

12/2/09. Mobile and Ubiquitous Computing. Bluetooth Networking" George Roussos! Bluetooth Overview"

Bluetooth. Renato Lo Cigno

MOBILE COMPUTING. Jan-May,2012. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Bluetooth. Basic idea

ALL SAINTS COLLEGE OF TECHNOLOGY, BHOPAL

Redes Inalámbricas Tema 2.B Wireless PANs: Bluetooth

Bluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002

RECOGNITION OF BLUETOOTH SIGNALS BASED ON FEATURE DETECTION

Wireless LANs & PANs Case Study: Bluetooth & IEEE W.lan.4

Dominique Chomienne & Michel Eftimakis NewLogic

Structure of the Lecture

Wireless Personal Area Networks

IMPLEMENTATION AND SECURITY OF BLUETOOTH TECHNOLOGY

Image acquisition and Communication

Ad Hoc Nets - MAC layer. Part II TDMA and Polling

Wireless Sensor Networks

MOBILE COMPUTING. Bluetooth 9/20/15. CSE 40814/60814 Fall Basic idea

Wireless Networked Systems

5.7 WRAN: IEEE (1)

13 Wireless. Communications Using Bluetooth. Oge Marques and Nitish Barman CONTENTS

Feasibility of a Bluetooth Based Structural Health Monitoring Telemetry System

Bluetooth. Bluetooth. WPAN Technologies. HomeRF. Bluetooth. Claudio Casetti. Dipartimento di Elettronica Politecnico di Torino

Bluetooth WPAN. Korea Electronics Technical Institute

Personal Area Networking over Bluetooth

Efficient Multicast Schemes for Mobile Multiparty Gaming Applications

CS263: Wireless Communications and Sensor Networks

Universitetet i Oslo Institutt for informatikk. Monitoring Bluetooth network topology. Cand Scient Thesis. Fredrik Borg

Overview of Bluetooth

SE 4C03 Winter 2005 Bluetooth Wireless Network Technology

Chapter 5. Wireless PANs

MESHES AND CUBES: DISTRIBUTED SCATTERNET FORMATIONS FOR BLUETOOTH PERSONAL AREA NETWORKS

Networking 2. IP over Bluetooth

What is a personal area network?

Institutionen för systemteknik Department of Electrical Engineering

PCs Closed! Cell Phones Off! Marketing Assistant Manager - Magic Lin

Introducing Bluetooth

Bluetooth Wireless Technology meets CAN

Inside Bluetooth Low Energy

Ah-Hoc, PAN, WSN,... Introduction Bluetooth ( ) Zigbee ( ) Renato Lo Cigno

Securing A Bluetooth Device

SIMULATION BASED ANALYSIS OF BLUETOOTH NETWORKS. M. Subramani and M. Ilyas

Networked Embedded Systems: Bluetooth

Bluetooth Tutorial. Bluetooth Introduction. Bluetooth Technology

Introduction to Bluetooth

Bluetooth. Acknowledgements. Based on Jochen Schiller slides. Supporting text

Specification Volume 2. Specification of the Bluetooth System. Wireless connections made easy. Profiles

WPANs. 6.1 Introduction

Master. Slave. Master. Slaves. TCP/IP Traffic with Efficient Bluetooth Technology. Shafqat Hameed 1, Umar F.Khan 2, *Muhammad Saleem 3

Design of Bluetooth Baseband Controller Using FPGA

WPAN-like Systems. UWB Ultra Wide Band. IrDA Infrared Data Association. Bluetooth. Z-Wave. WPAN Wireless Personal Area Network

VNC Service on Bluetooth Wireless Network

DIAL-UP NETWORKING PROFILE

MI-BPS (Wireless Networks) FIT - CTU

EXTENDING THE REACH OF PERSONAL AREA NETWORKS BY TRANSPORTING BLUETOOTH COMMUNICATIONS OVER IP NETWORKS

Product Specification

CROSS-LAYER APPROACHES TO WIRELESS COMMUNICATIONS AND NETWORKING

Lecture Computer Networks

Rab Nawaz Jadoon (Assistant Professor) Department of Computer Science COMSATS University, Abbottabad, Pakistan

BT-22 Product Specification

Product Specification

Bluetooth low energy technology Bluegiga Technologies

Product Specification

ON SECURITY OF BLUETOOTH WIRELESS SYSTEM. Pavel Kucera, Petr Fiedler, Zdenek Bradac, Ondrej Hyncica

Bluetooth Technologies

Performance Evaluation of Bluetooth Links in the Presence of Specific Types of Interference

Data sheet Wireless UART firmware version 4

A new BlueRing scatternet topology for Bluetooth with its formation, routing, and maintenance protocols

Applied Wireless Electronics Grzegorz Budzyń Lecture Introduction to antenna terminology Wireless data transfer Bluetooth

Special Course in Computer Science: Local Networks. Lecture

EE579: Annavaram & Krishnamachari. Bluetooth Communication. Basics. Network Stack. Network Topology

Transcription:

Bluetooth

Origin of the name Harald I Bleutooth (in Danish, Harald Blåtand) (b. c. 910 d. c. 987), king of Denmark was credited with the first unification of Denmark and Norway Ericsson, inspired on the history of Harald I, proposed a new technology which aims at link different devices from different manufacturers, but at low-cost

Objectives of the Bluetooth Technology Cable replacement Ericsson decided to investigate the feasibility of a low-power and low cost radio interface between mobile phones and their accessories Today, the Bluetooth technology is supported by the Bluetooth SIG (Special Interest Group), founded by Ericsson, IBM, Intel, Nokia and Toshiba in 1998 Personal Area Networks Ad hoc networks

Advantages and Disadvantages Advantages Eliminate wires and cables between stationary and mobile devices Facilitates both data and voice communication It is inexpensive Possibility of automatically establish communication Automatically create ad hoc networks Disadvantages Low rate Low range? Security

The horizontal and vertical approaches of Bluetooth Bluetooth architecture is based on the OSI model (horizontal layered approach). The horizontal layered approach is used to standardize the physical and logical link related functions However, bluetooths add a vertical approach, which is based on an application viewpoint. Elimination of wires leads to the implementation of a large number of applications The vertical approach is used to tailor each Bluetooth device to its application The vertical approach gave birth to what is known as profile

Bluetooth architecture The Bluetooth protocol stack is divided in 2 parts, separated by the HCI (Host Controller Interface) The lower part is implemented in the Bluetooth device The transport layer The upper part is implemented in the host to which the Bluetooth device is attached The middleware layer The application layer

Bluetooth architecture The Bluetooth SIG has given seven different protocols that any Bluettoth device need to implement The Radio protocol The Baseband protocol The LMP protocol The HCI protocol The L2CAP protocol The RFCOMM protocol The SDP protocol

The Radio Layer Bluetooth operates in ISM band at 2.4 GHz Modulation technique is GFSK Bandwidth-bit period product, BT, = 0.5 Modulation index between 0.28 and 0.35 Other modulation techniques has been proposed pi/4-dqpsk and 8-DQPSK (Bluetooth 2.0)

The Radio Layer 3 power classes Class 1 maximum of 100mW and a minimum of 1mW Expected range of 100m This device is capable of controlling power, in steps of 2 to 8dB Class 2 Maximum of 2.5mW and a minimum of 0.25 mw Expected range 10m Power control is optional Class 3 Maximum of 1 mw Expected range 10cm Power control is optional

The Baseband Layer The baseband of Bluetooth defines the basic Bluetooth network The piconet The piconet is a collection of two or more devices sharing the same physical channel One master can control up to seven slaves One device can participate in several piconets

The Baseband Layer The baseband of Bluetooth defines the basic Bluetooth network The scatternet Interconnection of several piconets Device participating in two or more piconets can rely data, however, this relying mechanism is not supported by the official Bluetooth protocol stack

The Baseband Layer Bluetooth specification defines up to 4 physical channel A physical channel is a pseudo-random code that drives the frequency hopping sequence Time Division Duplex (TDD) scheme The hopping rate is 1,600 hops/s in the connection mode, and 3,200 hops/s in the inquiry and page modes The frequency band is divided in 79 channels of 1 MHz bandwidth

The Baseband Layer Each channel is divided in TS of 625 microsecs Packets can take 1, 3 or 5 TS and a maximum payload length of 2745 bits The master begins sending data in an odd-numbered TS, and the slave will send data in the next available even-numbered TS

The 4 physical channels The basic piconet channel Used by connected devices during normal operation The adapted piconet channel Used to avoid interference and easy coexistence with other systems working in the same band A subset of the 79 available channels is used (minimum 20) Slaves use the same frequency as the master in its preceding transmission The inquiry scan channel Used in inquiry mode in order for a device to be discovered The paging scan channel Used to page a connectable device

Physical Links There are two physical links The active physical link The parked physical link Physical links provide the following features Power control Multi-slot packet control Encryption

Logical Links There are 5 logical transports Synchronous Connection-Oriented (SCO) logical transport Extended Synchronous Connection-Oriented (esco) logical transport Asynchronous Connection-Oriented (ACL) logical transport Transmission employs an ARQ protocol Active Slave Broadcast (ASB) logical transport Control message for the whole piconet Parked Slave Broadcast (PSB) logical transport Control message for the whole piconet

Packet types TYPE NAME DESCRIPTION Control ID Carries Device Access Code (DAC) or inquiry access code (IAC). Occupies one slot. Control NULL NULL packet has no payload. Used to get link information and flow control. Occupies one slot. Not acknowledged. Control POLL No payload. Acknowledged. Used by master to poll the slaves to know whether they are up or not. Occupies one slot. Control FHS A special control packet for revealing Bluetooth device address and the clock of the sender. Occupies one slot. SCO HV1 Carries 10 information bytes. Typically used for voice transmission. 1/3 FEC encoded. Occupies one slot. SCO HV2 Carries 20 information bytes. Typically used for voice transmission. 2/3 FEC encoded. Occupies one slot. SCO HV3 Carries 30 information bytes. Typically used for voice transmission. Not FEC encoded. Occupies one slot. SCO DV Combined data-voice packet. Voice field not protected by FEC. Data field 2/3 FEC encoded. Voice field is never retransmitted but data field can be. ACL DM1 Carries 18 information bytes. 2/3 FEC encoded. Occupies one slot. ACL DH1 Carries 28 information bytes. Not FEC encoded. Occupies one slot. ACL DM3 Carries 123 information bytes. 2/3 FEC encoded. Occupies three slots. ACL DH3 Carries 185 information bytes. Not FEC encoded. Occupies three slots. ACL DM5 Carries 226 information bytes. 2/3 FEC encoded. Occupies five slots. ACL DH5 Carries 341 information bytes. Not FEC encoded. Occupies five slots.

Low-Power Modes Hold mode Physical link is only active during slots reserved for the operation of synchronous links. Either, the master or the slave can require to establish a hold mode Sniff mode Device wakes up periodically to communicate with the master or engage any activity on another physical channel SCO and esco are not affected Reserved for slaves Parked state Used to stay synchronized with the master without being an active member of the piconet All logical links are disable, except the PSB link

Host Controller Interface HCI provides an independent implementation of the hardware A standard interface to the Link Manager access over standard transport layer (e.g. USB) between the Bluetooth device and the host controller

Host Controller Interface HCI is composed by three main modules The HCI firmware, which implements the commands that will be executed by the Bluetooth hardware The host controller transport layer, which is responsible for transferring commands and data over an specific transport layer (e.g. USB) The HCI driver, which provides the interface between the HCI firmware and the Bluetooth upper layers

Host Controller Interface Bluetooth host Higher Layer Driver HCI Driver Physical bus (USB, etc.) driver Physical bus (USB, etc.) firmware Bluetooth controller HCI firmware Link Manager firmware Baseband controller hardware

Logical Link Control and Adaptation Protocol (L2CAP) L2CAP provides L2CAP (logical) channels, mapped to L2CAP logical links, mapped on ACL transport Multiplexing Up to 64 kb service data unit (payload) Segmentation and reassembly operations Per-channel flow control and retransmission The endpoint of a L2CAP link is known like the CID

Logical Link Control and Adaptation Protocol (L2CAP) L2CAP does not transport voice or synchronous data, although VoIP would be carried by L2CAP L2CAP provides asynchronous connectionoriented and connectionless channels, with some QoS support Basic L2CAP mode, which is the default mode Basic flow control Flow control mode Retransmission mode

Higher Layer Protocols The main higher layers are RFCOMM. This provides serial port emulation over L2CAP. It can emulate up to 60 connections between two Bluetooth devices The Bluetooth Network Encapsulation Protocol (BNEP). It offers support for IP-based networking protocols (including Ipv6) BNEP works over RFCOMM Telephony Control Protocol Specification-Binary. Used for telephony applications. It provides call control, group, management, etc

Higher Layer Protocols The main higher layers are Audio. Support for audio applications, offering a 64 Kbps link. Payload can be protected by FEC and packets. OBject Exchange Protocol (OBEX). Synchronization and file transfer Audio Video Distribution (Control) Transfer Protocol (AVDTP and AVCTP). It works over L2CAP

Service Discovery Protocol SDP enables a Bluetooth device to Inquire what services are available in its environment and their characteristics. Inform the list of services provided by itself Each Bluetooth device maintains a list of Service Records. Each record contains the list of attributes of a given application that characterize the provided service Interoperability between Bluetooth devices is enabled with the introduction of Profiles

Generic Access Profile GAP defines the generic procedures to Discover Bluetooth devices Connect Bluetooth devices Use different levels of security GAP describes the use of the lower layers of the Bluetooth protocol stack, as well as some higher layer protocols GAP defines the generic terms that can be presented to the customers

Generic Access Profile The Bluetooth device address (BD_ADDR) The baseband address coded on 48 bits The Bluetooth device name Coded on 248 bytes maximum The Bluetooth passkey (Bluetooth PIN) Used to authenticate two Bluetooth devices Maximum length = 16 bytes The class of device Types of services supported by the device

Generic Access Profile Bluetooth defines 3 types of discoverability modes Nondiscoverable mode It will not respond to inquiry requests Limited discoverable mode Devices that will respond during only specific periods of time or specifics Inquiry Access Codes (IAC) General discoverable mode The Bluetooth device will always respond to inquiry requests Connectability modes Connectable mode Device periodically enters the PAGE_SCAN state Non-connectable mode

Generic Access Profile Pairing modes Non-pairable mode. Devices is non-bondable. A link cannot be established between two devices Pairable mode. Device is bondable User initiate the bonding procedure and enter the passkey 5 procedures to initiate a connection General/Limited inquiry. Get the BD_ADDR, clock and class of discoverable devices Name discovery. Get the name of Bluetooth devices Device discovery. General/Limited inquiry + name discovery Bonding. Create a relation between two Bluetooth devices

Generic Access Profile After discovery, 3 different procedures can take place Link establishment. Establishes a physical link between two devices (ACL) Channel establishment. Establishes a Bluetooth logical link using L2CAP Connection establishment. Establish a connection between applications on two Bluetooth devices 3 security modes Mode 1. non security Mode 2. service level enforced security Mode 3. link level enforced security

Addresses of Bluetooth Devices LSB Company Assigned Company_Id LAP UAP NAP MSB Bluetooth Device Address (BD_ADDR) Lower Address Part (LAP) 24 bits Upper Address Part (UAP) 8 bits Non-significant Address Part (NAP) 16 bits Active Member Address (AM_ADDR) Identify active piconet members (3 bits) Broadcast address = 000 Parked Member Address (PM_ADDR) Identify parked devices (8 bits) Access Request Address (AR_ADDR) The parked device use this address to become an active member

Packet format 3 types of access code Device AC (page, page scan) Channel AC (identify the piconet) Inquiry AC General IAC (GIAC) 0x9E8B33 Dedicated IAC (DIAC) from 0x9E8B00 to 0x9E8B3F

Packet format Header AM_ADDR. Active Member ADDR TYPE. (SCO, ACL or commands) FLOW (flow control) ARQ 0 = stop; 1 = continue 1 Packet successfully received. 0 otherwise SEQN Sequence bit Header Error Control (HEC) G(X) = X^8 + X^7 + X^5 + X^2 + X + 1

ACL packets Payload header. Single slot = 8bits, multi-slots = 16bits LLID. Logical channel Flow. Flow control at the L2CAP level Length. Payload size (in bytes)

FHS packet PARITY BITS [34] LAP [24] UNDEFINED [2] SR [2] SP [2] UAP [8] NAP [16] CLASS [24] AM_ADDR [3] CLK_(27-2) [26] PAGE SCAN MODE [3] PARITY BITS LAP UNDEFINED SR The 34-bit parity bits form the first part of the sync word of the access code. The LAP of the unit that sends the FHS packet. Undefined as of now. Scan repetition. Interval between two consecutive page scan windows. SP UAP NAP CLASS OF DEVICE AM_ADDR CLK_(27-2) PAGE SCAN MODE Scan period. Period in which mandatory page scan mode is applied after transmission of inquiry response message. UAP of the unit which sends the FHS packet. NAP of the unit which sends the FHS packet. Class of device has not been defined yet. This 3-bit field contains the member address the recipient shall use This field contains the value of the native clock unit that sends the FHS packet. Scan mode used by default

Discovery and Connection Inquiring and paging Master: 3200 hops/s Slave: 1.28 hops/s

Bluetooth synchronization Every device has its own native clock (CLKN) The clock is implemented with a 28-bit counter driven by a low power oscillator when in STANDBY, Park, Hold and Sniff mode Driven by a crystal oscillator In a piconet, the master's CLKN (known like CLK) synchronizes the network A paging device estimated the CLKN of the receiver (known like CLKE) The slaves must estimate CLK to synchronize with the master

Security considerations In [Shaked05], the authors describes a passive attack to find the PIN used during the pairing process (Security Mode 3) Bluetooth initialization procedure Creation of an initialization key (Kinit) Creation of a link key (Kab) authentication # Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39-50, Seattle, WA, June 2005.

Security considerations In [Shaked05], the authors describes a passive attack to find the PIN used during the pairing process (Security Mode 3) Bluetooth initialization procedure Creation of an initialization key (Kinit) Creation of a link key (Kab) authentication # Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39-50, Seattle, WA, June 2005.

Security considerations In [Shaked05], the authors describes a passive attack to find the PIN used during the pairing process (Security Mode 3) Bluetooth initialization procedure Creation of an initialization key (Kinit) Creation of a link key (Kab) authentication # Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39-50, Seattle, WA, June 2005.

Security considerations # Src Dst Data Length Notes 1 A B IN_RAND 128b plaintext 2 A B LK_RANDa 128b XORed with Kinit 3 B A LK_RENDb 128b XORed with kinit 4 A B AU_RANDa 128b plaintext 5 B A SRES 32b plaintext 6 B A AU_RANDb 128b plaintext 7 A B SRES 32b plaintext # Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39-50, Seattle, WA, June 2005.

Bluetooth & Linux

Bluetooth stacks for Linux Implementations of the Bluetooth protocol stack for Linux OpenBT Affix BlueDrekar BlueZ BlueZ, initially developed by Qualcomm, is now an open source project under the terms of GPL (http://www.bluez.org/) Available in several Linux distributions

BlueZ tools BlueZ provides six command-line tools that allow to configure a Bluetooth device and debug the applications hciconfig Configure the basic properties of Bluetooth adapters If is invoked without arguments, it will display the status of the current adapters attached to the computer Bluetooth devices are usually identified by hcix, where X is the number of the device hcitool Search and detect nearby bluetooth devices Test and show information about low-level Bluetooth connections

BlueZ tools sdptool Browsing and searching services advertised by nearby devices Basic configuration of the SDP services offered by the local machine hcidump For low-level debugging of connection setup and data transfer l2ping The ping tool for Bluetooth devices uuidgen Generates UUIDs Useful to advertise applications with non standard UUID

References Linux Unwired. Roger Weeks, Brian Jepson, Edd Dumbill. O'REILLY. 2004 From WPANs to Personal Networks. Technologies ans Applications. Ramjee Prasad et Luc Deneire. Artech House. 2006

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback