A Bluetooth Overview by N.G.Alexiou School of Computing & Mathematics Sciences Liverpool John Moores University
A Bluetooth Overview What is Bluetooth? Bluetooth Development Bluetooth Administrative Structure Bluetooth Technology Baseband Layer Single & Multi-Slot Frame Power Class Table The Protocol Stack Network Topology Connection States Forming a Piconet Security in Bluetooth Bluetooth Profile Structure Bluetooth Vs Wireless Technologies Bluetooth Competitors Planned Future Work References A Bluetooth Overview
What is Bluetooth? (i) Bluetooth is a Radio System (Radio Frequency Standard) which defines the concept of PANs (Personal Area Network) Nominal Link Range up to 10m/ 0dBm (~100m with 20dBm) Transmitting between 2.402Ghz – 2.480Ghz (79 channels / on a frequency hopping scheme) Reaching Speeds up to 720Kbps No line-of-sight Restrictions High Security A Bluetooth Overview
What is Bluetooth? (ii) A Bluetooth Network can consist of 7 slave devices and 1 master device Until Bluetooth no other global cellular technology for mobile users existed Solve a simple problem, Replace cables used on mobile devices and their peripherals with radio frequency waves Thus Bluetooth tries to emulate cost, security and capabilities of cable for mobile users A Bluetooth Overview
Bluetooth Development Bluetooth as a word derived from the 10th century king of Denmark (Harald Blatand) As a research started in 1994 by Ericsson Mobile Communications with one goal to relief cables carried by mobile phone users In February 1998 Bluetooth SIG (Special Interest Group) founded, under the core promoters of Ericsson, Intel, IBM, Toshiba and Nokia In 1999 more core promoters added Microsoft, Agere, 3Com and Motorola Now exceeding 2500 members A Bluetooth Overview
Bluetooth SIG Administrative Structure Program Management Board Regulatory Legal Committee Japan Regulations Marketing Bluetooth Qualification Review Board Test & Interoperability Architecture Review Board Sub groups RF Regulations Aviation Regulations Security Regulations Management Services (ADMIN) Bluetooth Technical Advisory Board Bluetooth Qualification Admin Bluetooth Qualification Body Technical Working Groups Expert Groups Errata owners and review pool Bluetooth SIG Administrative Structure A Bluetooth Overview
Bluetooth Baseband Layer (i) Bluetooth operates in ISM (Industrial Scientific Medical) band of 2.4GHz Between 2.402GHz and 2.480GHz with the spacing of 1Mhz Using a Frequency Hopping Spread Spectrum (FHSS) instead of Direct Sequence Spread Spectrum (DSSS) The FHSS scheme provides 1600 hops / second and every hop is 625μs Bluetooth packets can be multible slots, each packet can be composed of 1, 3 or 5 slots of 625μs each. A Bluetooth Overview
Bluetooth Baseband Layer (ii) Voice and Data links in Bluetooth RF can be divided into two types ACL & SCO (Also a third type which combines both – DV): ACL (Asynchronous Connection-Less) Made for non-critical data Provides largest data rate of 723.3 Kb/s in one direction Asynchronous Packet-switched Constructed of 72 bit access code 54 bit packet header and 16 bit CRC SCO (Synchronous Connection Oriented) SCO functionality is for critical data and voice SCO occurs after the ACL if needed Circuit Switched A master can support up to 3 SCO Links Constructed of 72 bit access code 54 bit packet header Uses slot reservation at fixed intervals Data rate of 30b/s Doesn’t have CRC (Cyclic Redundancy Code) DV (Data Voice) Has no flow Control or CRC (similar to SCO) The Data part supports flow control and retransmission A Bluetooth Overview
Bluetooth Single & Multi-Slot Frame Master Slave 625μs F(1) F(5) t One Slot F(2)+F(3)+F(4) Multi slot Bluetooth frame packets slots A Bluetooth Overview
Bluetooth Power Class Table Max Output Power Expected Range Range in Free Space Class 1 100mW 20dBm 42m 300m Class 2 2.5mW 4dBm 16m 50m Class 3 1mW 0dBm 10m 30m Bluetooth Power Class Table A Bluetooth Overview
Bluetooth SIG Complete Protocol Stack (i) vCard/vCal OBEX WAE WAP UDP TCP IP PPP AT-Commands RFCOMM TCS BIN SDP L2CAP Host Controller Interface LMP BaseBand Bluetooth Radio/RF Audio Complete Protocol Stack A Bluetooth Overview
Bluetooth Protocol Stack (ii) The Bluetooth protocol stack may differs from application to application, depending on the needs of the implementing Bluetooth Chip. Bluetooth Radio/RF: Broadcasting in between 79 channels (2.402GHz-2.480GHz) on a FHSS (Frequency Hopping Spread Spectrum) scheme at 1600 hops/sec Baseband Layer: Prepares the packets and arranges the communication channels (ACL-SCO) LMP (Link Manager Protocol): Responsible for setting up the link between two Bluetooth radios (Security aspects and control issues on Baseband packet sizes) – Also LMP in charge of Bluetooth power modes and connection states. L2CAP (Logical Link Control & Adaptation Protocol): L2CAP acts as a bridge between the upper layer protocols and the baseband layer. Adapts data and converts them into different packet sizes. Sometimes works in parallel with LMP, only for ACL links. SDP (Service Discovery Protocol): Provides service discovery and is required in all usages models, by SDP we can interact-query other Bluetooth devices in the area about their status and their services. A Bluetooth Overview
Bluetooth Protocol Stack (iii) RFCOMM Protocol: Cable replacement protocol, emulates RS-232 control and signals, thus provides transport to data for upper layer services such as OBEX or PPP. TCP (Telephony Control Protocol): Telephony Control Binary: Defines the call control signalling for establishments of speech and data cells Telephony Control AT Commands: Controls the modem and the mobile phone commands (Adopted Protocols) PPP (Peer-to-Peer Protocol): Mainly for peer-to-peer networking usage TCP/UDP/IP (Transfer Control Protocol/User Datagram Protocol/Internet Protocol): Mainly for usage on internet OBEX (IrOBEX): Emulates the HTTP (HyperText Transfer Protocol), in common word is the web browser of the Bluetooth. WAP (Wireless Application Protocol): Supports the usage of wireless Computer applications developed for WAE (WAP Application Environment) VCARD & VCalendar: Type of format which data supported, not a protocol or mechanism A Bluetooth Overview
Bluetooth Network Topology Bluetooth devices have the ability to work as a slave or a master in an ad hoc network. The types of network configurations for Bluetooth devices can be three. Single point-to-point (Piconet): In this topology the network consists of one master and one slave device. Multipoint (Piconet): Such a topology combines one master device and up to seven slave devices in an ad hoc network. Scatternet: A Scatternet is a group of Piconets linked via a slave device in one Piconet which plays master role in other Piconet. M S i) Piconet (Point-to-Point) ii) Piconet (Multipoint) Master/Slave iii) Scatternet A Bluetooth Overview
Bluetooth Connection States There are four Connection states on Bluetooth Radio: Active: Both master and slave participate actively on the channel by transmitting or receiving the packets (A,B,E,F,H) Sniff: In this mode slave rather than listening on every slot for master's message for that slave, sniffs on specified time slots for its messages. Hence the slave can go to sleep in the free slots thus saving power (C) Hold: In this mode, a device can temporarily not support ACL packets and go to low power sleep mode to make the channel available for things like paging, scanning etc (G) Park: Slave stays synchronized but not participating in the Piconet, then the device is given a Parking Member Address (PMA) and it loses its Active Member Address (AMA) (D,I) E A G H C D I B F Master Bluetooth Connection States A Bluetooth Overview
Bluetooth Forming a Piconet Master Inquiry Inquiry Scan Inquiry Response Page Page Scan Slave Response Master Response Connection Slave Inquiry: Inquiry is used to find the identity of the Bluetooth devices in the close range. Inquiry Scan: In this state, devices are listening for inquiries from other devices. Inquiry Response: The slave responds with a packet that contains the slave's device access code, native clock and some other slave information. Page: Master sends page messages by transmitting slave's device access code (DAC) in different hop channels. Page Scan: The slave listens at a single hop frequency (derived from its page hopping sequence) in this scan window. Slave Response: Slave responds to master's page message Master Response: Master reaches this substate after it receives slave's response to its page message for it. 3 2 4 1 5 7 6 Forming a Piconet Procedures A Bluetooth Overview
Bluetooth Security Three Security Modes Available in Bluetooth: Security Mode 1- This is the most insecure security mode in which the Bluetooth device does not initiate any security procedure. Security Mode 2- This mode enforces security after establishment of the link between the devices at the L2CAP level. Security Mode 3- This mode enforces security controls such as authentication and encryption at the Baseband level itself, before the connection is set up. And three Security Controls for restricting access to services: Access to Services would need Authorization (Authorization always includes authentication). Only trusted devices would get automatic access. Access to Services would need only Authentication. I.e. the remote device will need to get authenticated before being able to connect to the application Access to Services would need Encryption. The link between the two devices must be encrypted before the application can be accessed. A Bluetooth Overview
Bluetooth Profile Structure Generic Access Profile TCS-BIN-based Profiles Cordless Telephony Profile Intercom Profile Service Discovery Profile Serial Port Profile Dial-up Networking Profile Fax Profile Headset Profile LAN Access Profile Generic Object Exchange Profile File Transfer Profile Object Push Profile Synchronization Profile Bluetooth Profile Structure A Bluetooth Overview
Bluetooth Vs Wireless Technologies HyperLAN2 DECT – DMAP (Depended On the Antenna) IEEE802.11 (Depended on the Antenna) Gross Data Rate Distance to Access Point 1 Mbps 100 Kbps 10 Mbps 100 Mbps 10 m 100 m 1000 m 10000 m IrDA V1.0 (SIR) IrDA V1.1 (FIR) IrDA (VFIR) Bluetooth HomeRF1.2 HomeRF2.0 HomeRF2.1 IEEE802.11b HyperLan GSM / WAP GPRS UMTS (FDD) UMTS (TDD) IEEE802.11a Wireless Technologies Graph – Distance Vs Data Rate A Bluetooth Overview
Bluetooth WLANs Competitors HomeRF 802.11b HyperLAN 802.11a HyperLAN2 Frequency Band 2.4GHz 2.4GHZ 5GHz Technology Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum Guassian Minimum Shift Keying Orthogonal Frequency Division Multiplexing Performance 720Kbps 1.6Mbps 11Mbps 23Mbps ~50Mbps Range 10-100 m 50 m ~100-1000 m ~100-500m ~100-1000m Power Very Low Medium Medium/High Relative Cost Low/Very Low Medium/Low High Target Applications Cable Replacement, Wireless Data, Wireless Voice, PANs Wireless Data, Wireless Voice Wireless Data Key Features Very Low Power, Low Cost, Voice & Data Voice & Data, Moderate Cost Good Performance High Performance Promoters 2500+ <50 ~100 Regional Support Global US US/Asia Europe Comparison Table of the most popular WLANs Technologies A Bluetooth Overview
Planned Future Work Planned Future work will concentrate on: Analyzing and studying deeper the capabilities on Bluetooth Technology Vs the Rest Wireless Family Verifying that currently developed Bluetooth technology covers all the needs & necessities required for such a technology (If any further development could be done in major areas such as security or protocols) Visualizing the procedures followed by a Bluetooth Master device to create a Piconet, in order to specify how Bluetooth interacts in Real-Time Environments Creating a middleware platform able to interact “openly” in a Master Bluetooth device for monitoring communication issues between the Master Device and Slave Devices in a Bluetooth Piconet A Bluetooth Overview
References Specification of Bluetooth System, Profiles Version 1.1, February 22 2001, Specification Volume 2, Bluetooth SIG (www.bluetooth.org) Bluetooth Architecture Overview, James Kardach, Mobile Computing Group, Intel Corporation Direct Sequence vs. Frequency Hopping, Wave Wireless Networking, 2000, www.wavewireless.com Bluetooth Security Architecture, Version 1.0, 15 July 1999, Thomas Muller, (www.bluetooth.org) How Bluetooth’s unusual operating characteristics impact test decisions, Teit Poulsen, September 1 2002, PRIMEDIA Business Magazines & Media Bluetooth Protocol Architecture, Version 1.0, August 25th 1999, Riku Mettala, (www.bluetooth.org) Bluetooth Security, 2000-05-25, Juha T. Vainio, Department of Computer Science and Engineering Helsinki University of Technology A Bluetooth Overview