CS4/MSc Computer Networking Lecture 13: Personal Area Networks Bluetooth Computer Networking, Copyright University of Edinburgh 2005
BlueTooth Low cost wireless connectivity for Personal Area Networks PDAs, mobile phones, laptops, audio headsets, printers, scanners, GPS navigators, modems, USB adapters etc. 10 metre range for typical power class 2 transmitter Low data rate; nominally 1Mbps (3Mbps with v.2 + EDR) 2.4GHz ISM radio band; same as 802.11b/g Bluetooth Special Interest Group (SIG) Originated by Ericsson in late 90s Promoted by Ericsson, Nokia, IBM, Toshiba, Intel, 500million Bluetooth-enabled devices estimated to be sold in 2005 IEEE also involved, 802.15.1 Harald Bluetooth Danish ruler of Denmark and Norway in late 900AD Converted Vikings to Christianity 2
Architecture Piconet The basic unit of a Bluetooth system One master node, up to 7 active slaves and up to 255 inactive, parked nodes Independent piconets can co-exist in same area Scatternet Interconnected collection of piconets A node can participate in more than 1 piconet»but not as master in both Master/slave architecture Simplified medium access control: the master polls the slaves Most characteristics of the communication controlled by master» E.g. freq. hoping sequence, synchronisation clock Slaves can only talk with master, respond to be precise 3
Bluetooth protocol stack Core protocols: radio, baseband, LMP, L2CAP, SDP Cable replacement and Telephony: RFCOMM, TCS BIN Adopted protocols: PPP, IP, OBEX, AT-commands, Profile specification: application support 4
Bluetooth Radio Frequency hopping spread spectrum 79 1MHz physical channels from 2.402GHz to 2.480GHz Transmit rate 1M symbols per sec (720kbps max real rate)» 1µs per symbol Dwell time 625µs, (called slot time) or 1600 hops/sec Hop sequence determined by master, based on its unique 48b ID Collocated piconets have different masters, hence diff. sequences Modulation: Gaussian Frequency Shift Keying (GFSK) 1 symbol represents 1 bit Power classes and power control Class 1 100mW, 100m Class 2 2.4mW, 10m Class 3 1mW, few cm Power control ensures RF power is not more than required 5
Bluetooth baseband Equivalent to the MAC layer Converts bit stream to frames, defines packet formats, data-link protocols Time-Division Duplex (TDD) Data transmitted in one direction at a time, alternating between directions Prevents crosstalk between transmit-receive operations» Simplifies radios, keeps cost low Polled slave responds at the slot following master s transmission f(k) f(k+1) f(k+2) f(k+3) Master Slave 625µs 6
Multi-slot packets At end of transmission time is allowed for radios to stabilize after hopping to the next frequency: ~260 µs Leaving only 366bits for transmission including headers Multislot packets used for higher efficiency 1, 3, 5 slot packets defined Frequency hopping is suspended while a multihop packet is transmitted All of the available slot time is used for transmission (except last one) At the end of transmission, radios move to the frequency they should be as if they were hopping every 625µs Slave does not have to respond with same size packet Asymmetric transmission Note that all packet sizes are odd number of slots Master always transmits at even slots Slave at odd slots 7
Master-slave link types: Synchronous Connection-Oriented Point to point synchronous communication link Used for time-critical information, e.g. telephone connections Guaranteed, fixed-rate transmission using slot reservations Master sends SCO packets at regular intervals of T SCO slots Slave always allowed to respond with SCO packet in the following slot SCO packets are never retransmitted Forward error correction can be used 1/3 rate FEC: 3 copies of each bit sent. Receiver does a majority operation 2/3 rate FEC: Hamming code. 1 bit corrected, 2 bit detected per codeword A master can support up to 3 SCO links A slave can only support two links if links originate from different masters 8
Master-slave link types: Asynchronous Connectionless (ACL) Master exchanges packets with a slave on a per-slot basis Using SCO s leftover slots Provides a packet-switched connection between master and slave Only one ACL link between a particular master/slave pair allowed in addition to any SCO links between the same pair Multiplexing for different flows/applications happens at higher layer Broadcasting packets to all active slaves is possible A slave is permitted to respond to an ACL packet from a master in the following slot only if it has been specifically addressed in the previous slot Packet retransmission applied for most packets to assure data integrity stop-and-wait ARQ» Slave gives ACK, NAK for received packet in its reply slot 2/3 FEC also available, combined with ARQ 9
Bluetooth packet format Access Code Header Payload 72 54 0-2745 am_addr type flow arqn seqn HEC Access Code timing synchronisation, paging, inquiry Channel Access Code: identifies piconet (derived from master s ID) Device Access Code: For paging (derived from paged unit s ID) Inquiry Access Code: For inquiries (discovery of nearby units) Header, 18 bits repeated 3 times for error correction am_addr : active member address type : packet type including # of slots used flow : Xon/Xoff type flow control arqn : ACK, NAK seqn : 1b sequence number for ARQ HEC: header checksum 10
Controller States Standby Page Page Scan Inquiry Scan Inquiry master response slave response inquiry response Inquiry procedure: potential master scans for units (inquiry state) Broadcast ID packet with Inquiry Access Code in 32 wake-up carriers Nodes periodically enter the inquiry scan state and scan at least 18 of the 32 wake-up channels Interested nodes reply with packets containing their ID and other parameters (FHS packet) Connection Paging procedure: Master uses Device Access Code ID packets at freq. hop sequence determined by slave s ID Slave replies with copy packet Master sends FHS packet Slave acks Units move to connection state 11
Security Inherently quite secure: Low power transmission, means short range Fast frequency hopping with a pseudo-random hop sequence» much lower likelihood of casual eavesdropping Standard defines features operating at the link level Supports authentication and encryption Security Modes: Mode 1: no security procedures Mode 2: enforces security after link establishment at L2CAP level Mode 3: enforces controls such as authentication and encryption at the Baseband level before the connection is set up Security Levels Device level: trusted, untrusted devices Service level: authentication, authorisation, open to all 12
Link Keys Used for authentication and to generate the encryption key All are 128 bits long Initialisation key used just to get started Verifier sends plaintext random number Both units use shared secret PIN to generate K init Unit key semi permanent link key for basic units Function of random number and device 48b ID Send to other unit encrypted (XORed) with K init Combination key semi permanent key for each pair of units Each unit generates a unit key based on a local random number The random numbers are exchanged encrypted with K init Each unit generates locally the other unit s key based on random number The two keys are XORed to generate the combination key 13
Authentication and Encryption Authentication uses a challenge-response scheme Only 32 bits of the response are transmitted au_rand au_rand au_rand Verifier bd_addr link key E1 sres bd_addr link key E1 Claimant sres sres Encryption uses a different payload key for each transmission based on Encryption key derived from link key Random number send to receiver in advance Current clock clock plaintext en_rand bd_addr encr key E0 key stream cipher text 14
L2CAP : Logical Link Control and Adaptation Protocol Provides connection-oriented and connectionless services Support only for ACL links, not SCO links Upper layer protocol multiplexing needs to be able to distinguish between upper layer protocols such as the Service Discovery Protocol (SDP), RFCOMM, Telephony Control etc. Segmentation and reassembly of packets up to 64Kb in length Quality of Service Connection establishment allows the exchange of information about QoS Three types of logical channels: Connectionless» Unidirectional, only one allowed per master-slave pair Connection-oriented» Bidirectional, QoS specification for each direction Signalling» Handles connection establishment, configuration, etc. 15
Bluetooth profile specification Describe the use of Bluetooth to support various applications Address the problem of the multiplicity of options and parameter values Vertical slice through the protocol stack, defining compulsory options, parameters etc for each protocol» a minimum recipe for building a particular type of device» which manufacturers can augment in order to distinguish their product Facilitates the interoperability of devices» implementation options are reduced so applications share the same features» parameters are defined so applications operate in similar ways» user interface guidelines are defined giving uniformity across devices If a device implements an end-user function covered by a profile, it must implement that profile, for interoperability 16
Profiles Built up in layers, each profile relying upon layers beneath Headset profile 17
Bluetooth extensions: Enhanced Data Rate Addendum to v2 of Bluetooth spec, ratified in Nov 04 Backwards compatible Provides for up to 3Mbps transfer rate No single bluetooth application can currently saturate the 721Kbps available But, taking collisions into consideration the available bandwidth of a piconet will not be enough for simultaneous use of high-quality audio, a few computer peripherals and telephony Two new modulation schemes defined They are applied only to the payload for backward compatibility Ten new packet types Error correction not enabled 18
Reading list Tanenbaum 4.6 Spec 19