1 ccm 4300 lecture 5 computer networks: wireless and mobile communication systems dr e. ever school...
TRANSCRIPT
1
CCM 4300 Lecture 5
Computer Networks: Wireless and Mobile Communication Systems
Dr E. Ever
School of Computing Science
2
Lesson objectives To acquire a basic understanding of GSM, GPRS, EDGE, Satellite systems, UMTS and Bluetooth and you will be able:
- to make informative decision regarding which technology to use and why
- explore the history and architecture of such technologies
- identify some of the advantages and disadvantages of using these technologies.
3
Session Content
Introduction – what is GSM?
GSM and GPRS Components
Why the interest in 2G, 3G and 4G technologies?
UMTS
Bluetooth
Satellites: HEO, MEO, LEO
4
Wide Area mobile connectivity-GSM• Circuit-switched• Second generation (2G):
• digital• GSM (2G):
• digital• secure (?)• international roaming
• 13Kb/s voice• 2.4kb/s - 9.6Kb/s data (uses FEC)
• SMS:• up to 160 chars of text
• GSM flavours:• GSM900 – vanilla GSM• GSM1800, PCN,
(Europe)• GSM1900, PCS (US)
• GPRS (2.5G)• UMTS (3G)• 4G systems:
• 20Mb/s – 100Mb/s
5
GSM: An overview IGSM
formerly: Groupe Spéciale Mobile (founded 1982)
now: Global System for Mobile Communication
Pan-European standard (ETSI, European Telecommunications Standardisation Institute)simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European telecommunication administrations (Germany: D1 and D2) seamless roaming within Europe possible
today many providers all over the world use GSM (more than 214 countries in Asia, Africa, Europe, Australia, America)
more than 2 billion subscribers
more than 70% of all digital mobile phones use GSM
Countries which are using GSM networks on larger scales are Russia, china Pakistan, United States, India.
over 360 billion SMS per year worldwide
6
What happens within the network?
Fixed network subscribers
?
GSM Network
GSM SubscriberOther mobile subscribers
fixed network
7
GSM Physical layer• Phy:• 900MHz (1.8GHz, 1.9GHz)• 2x25Mhz bands890-915MHz uplink935-960MHz downlink• 124 carriers per band• 200KHz bandwidth percarrier• Channel allocation:
• TDMA/FDMA• multiple frequency channels
• TDMA in each channel• (slow FH possible)
25multi-frame (26 frames)(120ms)frame 12 for signallingframe 25 unused
0
0
7frame(8 bursts)(~4.615ms)
tail: 3 bitsstealing: 1 bitdata: 57 bitstraining: 26 bitsguard: 8.25 bits
tail bits
data bits
stealing bit (S)
training sequence
Stealing bits
data bits
guard bitsTail bits
S indicates user or network control data
8
GSM Physical layer
9
GSM coding overhead• 114 bits every 4.615ms ~31Kb/s• So why do we only get13Kb/s speech and9.6Kb/s data?• Error coding!
• plus other overhead• Large amount of errorcorrection coding:
• speech uses CRC + 1/2 rate convolutional
coding for Forward Error Correction
• need better FEC for data
• 260 bits of speech
produces 456 bits for
transmission!
• 13Kbs ~23Kb/s
• “high-speed” data
available now - HSCSD:
• 14.4Kb/s or 28.8Kb/s on 2 channels
• May be able to improve
on this with 3G CDMA:
• less overhead required?
10
FEC (simple example)
A simple example would be an analog to digital converter that samples three
bits of signal strength data for every bit of transmitted data. The simplest example of error correction is for the receiver to assume the correct output is given by the most frequently occurring value in
each group of three. Triplet received Interpreted as
000 0
001 0
010 0
100 0
111 1
110 1
101 1
011 1
11
GSM Network Structure I
• Digital mobile service:• data/voice• extendable network• allows internationalroaming• Network topology:• cells• base-transceiver station(BTS)• GSM cell clusters:• 4, 7, 12, 21 cells• pattern repeats to cover area
• BTS network:• interconnected by a
terrestrial network
base-transceiver station (BTS)
12
GSM network structure II
• d/r > 2.5• Network scaling:
• reduce cell-size• increase number of cells
f4
f5
f1
f3
f2
f6
f7
f3
f2
f4
f5
f1
Handoff region
d
r
Handoff for Wireless Systems (cont`d)
• Handoff!!• The process of transferring a mobile user from one
channel or base station to another.
Performability Modelling for Wireless and Mobile Communication Systems
13
Equations
• The average number of calls in the systems, NS
• However, since only i channels operative at any time, the MQL can now be represented by Ni where i is the number of operative channel. So overall MQL is as follows: i
S
ii NqN
0
01
1
0 ])([
!!
p
SjS
Si
i
iN
MS
Sii
Sjcd
SiS
S
i
i
S
Performability Modelling for Wireless and Mobile Communication Systems
Performability Modelling of Handoff (cont`d)
Performability Modelling for Wireless and Mobile Communication Systems
Why does no hand-off has the worst performance?
16
GSM Network Structure III
AuC authentication centreBSC base-station controllerBTS base-transceiver stationEIR equipment identity registerHLR home location registerMSC mobile switching centreVLR visitor location registerOMC Operation and maintenance systems
fixed network
BSC
BSC
MSC MSC
GMSC
OMC, EIR, AUC
VLR
HLR
NSSwith OSS
RSS
VLR
17
GSM network structure IV•MS:
• sends beacon to BTS• BSC:
• talks to all BTS in an area• assigns channels• performs authentication• sends updates for VLR• communicates with otherBSCs and a single MSC
• Roaming:• updates to VLR via MSC
• Hand-off:
• BTS BTS (same BSC)
• BSC BSC (same MSC)
• MSC MSC
• Location information:
• mobile is tracked
• location registers kept
updated
MS Mobile station
BSC base-station controllerBTS base-transceiver stationHLR home location registerMSC mobile switching centreVLR visitor location registerOMC Operation and maintenance systems
18
GSM cell typesHot spots:
• cell-within-a-cell• Macro-cells:
• large, sparsely populated areas• Micro-cells:
• densely populated areas. By splitting the existing areas into smaller cells, the number of channels available is increased as well as the capacity of the cells. The power level of the transmitters used in these cells is then decreased, reducing the possibility of interference between neighbouring cells.
• Selective cells:• not-360° coverage• special antenna give “shape” . e.g.Cells that may be located at the entrances of tunnels where a selective cell with a coverage of 120 degrees is used.• Umbrella cells:
•covers several micro-cells• used for “high-speed” MS
Umbrella cell
fast-moving MS,many-hand-offse.g. car, train, etc
Umbrella cell
19
Power ManagementHand-off• Quality vs. power• Maintain quality:
• mobile increases transmitpower
• maintains quality• hand-off when quality is low
• Conserve power:• set transmit power threshold• hand-off when threshold
reached
Silence suppression• DTX (Discontinuous transmission a method of momentarily powering-down)
• No “speech” for ~40% ofcall duration:
• perhaps more for data• Background noise at MS:
• not easy to detect …• detect “no speech”
• Switch off transmission:• when “no speech”detected• saves power
• Receiver:• comfort noise
20
Security
Terminal• SIM:
• subscriber identity module• IMSI:
• subscriber identity (on SIM)
• IMEI:• MS identity (in MS)
• Stream cipher used:• key+algorithm from SIM• random number XOR’dwith data/voice bits
Network
• EIR:
• stores known IMEI numbers
• AuC:
• uses IMSI and IMEI (plus
interaction with EIR)
• authenticates user
• checks service subscription
• (updates VLR and other
location information)
Security in GSM• Security services
– access control/authentication
• user SIM (Subscriber Identity Module): secret PIN (personal identification number)
• Security services
– access control/authentication
• user SIM (Subscriber Identity Module): secret PIN (personal identification number)
• SIM network: challenge response methodone party presents a question ("challenge") and another party
must provide a valid answer ("response") to be authenticated.• SIM network: challenge response method
– confidentiality
• voice and signaling encrypted on the wireless
link (after successful authentication)
– anonymity
• temporary identity TMSI (Temporary Mobile Subscriber Identity)
• newly assigned at each new location update (LUP)
• encrypted transmission
• 3 algorithms specified in GSM
– A3 for authentication (“secret”, open interface)
– A5 for encryption (standardised)
– A8 for key generation (“secret”, open interface)
“between you and I”:• A3 and A8 available via the Internet• network providers can use stronger mechanisms
22
A3
RANDKi
128 bit 128 bit
SRES* 32 bit
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES32 bit
mobile network SIM
AC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
GSM - authentication
23
A8
RANDKi
128 bit 128 bit
Kc
64 bit
A8
RAND Ki
128 bit 128 bit
SRES
RAND
encrypteddata
mobile network (BTS) MS with SIM
AC
BSS
SIM
A5
Kc
64 bit
A5
MSdata data
cipherkey
GSM - key generation and encryption
24
Beyond 2G systems: GPRS I
General Packet Radio Service (GPRS)• Packet radio service:
• “always on”• shared media access
Point-to-point (PTP) service: internetworking with the Internet (IP protocols) and X.25 networks.
Point-to-multipoint (PT2MP) service: point-to-multipoint multicast and point-to-multipoint group calls
•Uses existing GSM infrastructure:• requires some changes tosupport new signalling
• Same RF spectrum as GSM• multiple bursts per user• one frame could carry voiceand data
• On demand allocation:• user signals network forchannel/burst(s) allocation
• Requires new terminal:• mobile phones may need to be
upgraded or replaced (done)
25
GPRS II• Better network utilisation• Good for general data:
• suits bursty applications• GPRS + IP integration:• How to charge?
• volume – per packet?• flat rate?
• QoS:• may not be suitable for real-timeapplications• “real-time extensions” in 3G
26
EDGEEnhanced Data-rates for Global Evolution:
• builds on GPRS mechanism• packet interface
• Available now in NorthAmerica and some parts ofEurope• “Peak rates” of 384Kb/s:
• “pedestrian” rate• “Normal rate” of 144Kb/s:
• “high mobility” rate
Requires new RF spectrum:
• 2x50MHz
• 1.9GHz and 2.1GHz bands
being used in some parts of the world
High-Speed Packet Access (HSPA). Peak bit-rates of up to 1Mbit/s and typical bit-rates of 400kbit/s can be expected.
27
UMTS: universal mobile telecommunications services3G –• Voice:
• 2G GSM-like services• Data:
• 64Kb/s – ~2Mb/s• ISDN-like services• WCDMA(Wideband Code Division Multiple Access) 10Mb/s
• Packet and circuit services• International roaming
Needs new RF spectrum!
W-CDMA a pair of 5MHz frequency band,
for the uplink, 19000 MHz range, for the downlink, 2100 MHz range.
• Requires new or upgraded
infrastructure
• Potential for broadband wireless services
Since 2006, UMTS networks in many countries have been or are in the process of being upgraded with High Speed Downlink Packet Access (HSDPA), sometimes known as 3.5G. Up to 21 Mbit/s.
28
IMT-2000
• ITU’s approach to 3G wireless• “Umbrella” activity from ITU:
• mainly European interest, though international in theory• Intended to provide:
• coordination between different 2.5/3G systems• harmonisation of services to allow use efficient ofSpectrum
• http://www.umts-forum.org/imt2000.html
IMT: international Mobile Communications
29
Simplified Roadmap – one to another
GSM
GSM only (+SMS)
GSM + GPRS
GSM only (+SMS)
EDGE
UMTS
2G2.5G 3G (IMT-2000)
30
1G 2G 3G2.5G
IS-95cdmaOne
IS-136TDMAD-AMPS
GSM
PDC
GPRS
IMT-DSUTRA FDD / W-CDMA
EDGE
IMT-TCUTRA TDD / TD-CDMA
cdma2000 1X
1X EV-DV(3X)
AMPSNMT
IMT-SCIS-136HSUWC-136
IMT-TCTD-SCDMA
CT0/1
CT2IMT-FTDECT
CD
MA
TD
MA
FD
MA
IMT-MCcdma2000 1X EV-DO
Development of mobile telecommunication systems
GLOBAL EVOLUTION TO 3G MULTIRADIO NETWORKS
cdma2000 1xEV-DV
cdma2000 1xEV-DO
cdmaOne cdma2000 1x
3G Phase 1 Evolved 3G Networks
2G
First Steps to 3G
UMTS Multiradio Network
WCDMA(Wideband Code Division Multiple Access)Internet, multimedia, video and other capacity-demanding applications.
GSM/GPRS/EDGE
?
32
Performance characteristics of GSM (wrt. analog sys.)
Communication mobile, wireless communication; support for voice and data services
Total mobility international access, chip-card enables use of access points of different providers
Worldwide connectivityone number, the network handles localization
High capacity better frequency efficiency, smaller cells, more customers per cell
High transmission qualityhigh audio quality and reliability for wireless, uninterrupted phone calls at higher speeds (e.g., from cars, trains)
Security functions access control, authentication via chip-card and PIN
33
Disadvantages of GSMThere is no perfect system!!
no end-to-end encryption of user datano full ISDN bandwidth of 64 kbit/s to the user, no transparent B-channelreduced concentration while drivingelectromagnetic radiationabuse of private data possibleroaming profiles accessiblehigh complexity of the systemseveral incompatibilities within the GSM standards
34
•http://www.gsmworld.com/• http://www.umts-forum.org/• http://www.uwcc.org/Universal Wireless Communications Consortium• http://www.3gpp.org/Third Generation Partnership Project• Not covered in these notes, however, …http://www.wapforum.org/Wireless Application Protocol Forum
GSM and 3G – more information can be found at ...
35
Satellite systems•LEO and MEO:
• satellite constellations• no terrestrial networksupport• “total” area coverage
• Very expensive:• to construct and maintainto use
• Complex:• hand-off between satellites• routing
•Service providers finding
it hard to break into the market
• Safety concerns:
• MS power output
• Voice only systems
• Voice and data systems
• Broadband systems
• Will they succeed?
36
4G Systems
Totally packet-based:• IPv6
• Higher data rates:• up to 100Mb/s
• Better security• Totally digital
37
base stationor gateway
Inter Satellite Link (ISL)
Mobile User Link (MUL) Gateway Link
(GWL)
footprint
small cells (spotbeams)
User data
PSTNISDN GSM
GWL
MUL
PSTN: Public Switched Telephone Network
Classical satellite systems
38
Four different types of satellite orbits can be identified depending on the shape and diameter of the orbit:
GEO: geostationary orbit, ca. 36000 km above earth surface
LEO (Low Earth Orbit): ca. 500 - 1500 km
MEO (Medium Earth Orbit) or ICO (Intermediate Circular Orbit): ca. 6000 - 20000 km
HEO (Highly Elliptical Orbit) elliptical orbits
Orbits I
39
Orbit 35,786 km distance to earth surface, orbit in equatorial plane (inclination 0°)
complete rotation exactly one day, satellite is synchronous to earth rotation
fix antenna positions, no adjusting necessary
satellites typically have a large footprint (up to 34% of earth surface!), therefore difficult to reuse frequencies
bad elevations in areas with latitude above 60° due to fixed position above the equator
high transmit power needed
high latency due to long distance (ca. 275 ms)
not useful for global coverage for small mobile phones and data transmission, typically used for radio and TV transmission
Geostationary satellites
40
Orbit ca. 500 - 1500 km above earth surfacevisibility of a satellite ca. 10 - 40 minutesglobal radio coverage possible latency comparable with terrestrial long distance connections, ca. 5 - 10 mssmaller footprints, better frequency reusebut now handover necessary from one satellite to another many satellites necessary for global coverage more complex systems due to moving satellitesExamples: Iridium (start 1998, 66 satellites)
Bankruptcy in 2000, deal with US DoD (free use, saving from “deorbiting”)
Globalstar (start 1999, 48 satellites)Not many customers (2001: 44000), low stand-by times for mobiles
LEO systems
41
Orbit ca. 5000 - 12000 km above earth surface comparison with LEO systems:slower moving satellites less satellites neededsimpler system designfor many connections no hand-over neededhigher latency, ca. 70 - 80 mshigher sending power neededspecial antennas for small footprints needed
Example:
ICO (Intermediate Circular Orbit, Inmarsat) start ca. 2000Bankruptcy, planned joint ventures with Teledesic, Ellipso – cancelled again
MEO systems
42
• One solution: inter satellite links (ISL)
• reduced number of gateways needed
• forward connections or data packets within the satellite network as long as possible
• only one uplink and one downlink per direction needed for the connection of two mobile phones
• Problems:• more complex focusing of antennas between satellites
• high system complexity due to moving routers
• higher fuel consumption thus shorter lifetime
• Iridium and Teledesic planned with ISL
• Other systems use gateways and additionally terrestrial networks
Routing (Passing Information Between satellites)
43
• Mechanisms similar to GSM• Gateways maintain registers with user data
– HLR (Home Location Register): static user data
– VLR (Visitor Location Register): (last known) location of the mobile station
– SUMR (Satellite User Mapping Register): • satellite assigned to a mobile station• positions of all satellites
• Registration of mobile stations– Localisation of the mobile station via the satellite’s position– requesting user data from HLR– updating VLR and SUMR
• Calling a mobile station– localization using HLR/VLR similar to GSM– connection setup using the appropriate satellite
Localisation of Mobile Stations
44
• Several additional situations for handover in satellite systems compared to cellular terrestrial mobile phone networks caused by the movement of the satellites– Intra satellite handover
• handover from one spot beam to another Spot beams are used so that only earth stations in a particular intended
reception area can properly receive the satellite signal.• mobile station still in the footprint of the satellite, but in another cell
– Inter satellite handover• handover from one satellite to another satellite• mobile station leaves the footprint of one satellite
– Gateway handover• Handover from one gateway to another• mobile station still in the footprint of a satellite, but gateway leaves the
footprint– Inter system handover (VERTICAL?)
• Handover from the satellite network to a terrestrial cellular network• mobile station can reach a terrestrial network again which might be
cheaper, has a lower latency etc.
Handover in Satellite Systems
45
Bluetooth: “Personal Area” wireless connectivity
•Universal radio interface for ad-hoc wireless connectivity•Interconnecting computer and peripherals, handheld devices, PDAs, cell phones – replacement of IrDA•Embedded in other devices, goal: £5/device (2002: £50/USB bluetooth), (Mini Bluetooth Network adapter USB £6)•Short range (10m), low power consumption, license-free 2.45 GHz ISM•Voice and data transmission, approx. 1 Mbit/s gross data rate•Bluetooth 2.0 Enhanced Data Rate (EDR) 2.1 Mbit/s
46
Inter-device connections
Scenario 1:• PDA, mobile phone, laptop• PDA mobile phone: 1 cable• PDA laptop: another (different) cable• mobile phone laptop: yet another (different) cable
Scenario 2:• desktop computer, PDA, laptop all need to use printer• again, more cables, hard to configure• standard wireless inter-device communication?
47
Bluetooth: The Rational• Standard, convenient device inter-connectivity• Mobile phones, headsets, PDAs, laptops:
• coffee machines, utility meters, hi-fi equipment, etc.• Simple, low-cost, radio-based system:
• simple, “wire-replacement” system, re-use existingstandards
• aiming for cost of ~£5 to build into a device• uses ISM radio band (2.4000-2.4835GHz)
• http://www.bluetooth.com/• Named after a Viking called Harald Bluetooth
48
Bluetooth: Characteristics• 2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier spacing
– Channel 0: 2402 MHz … channel 78: 2480 MHz– G-FSK modulation, 1-100 mW transmit power
• FHSS and TDD– Frequency hopping with 1600 hops/s– Hopping sequence in a pseudo random fashion, determined by a
master– Time division duplex for send/receive separation
• Voice link – SCO (Synchronous Connection Oriented)– FEC (forward error correction), no retransmission, 64 kbit/s
duplex, point-to-point, circuit switched• Data link – ACL (Asynchronous Connectionless)
– Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9 kbit/s symmetric or 723.2/57.6 kbit/s asymmetric, packet switched
• Topology -Overlapping piconets (stars) forming a scatternet
49
Bluetooth Architecture: An overview•Two link types:
• synchronous, connection oriented (SCO)
• asynchronous, connection-less (ACL)
• Bi-directional link (symmetric and asymmetric data rates)
• Can use existing protocols, e.g. IP
• Several profiles defined:
• e.g. dial-up networking, headset, fax, LAN access
• Products now becoming available in all almost all new
mobile phones and some laptops
50
Bluetooth: Basic ComponentsFour basic components to architecture:
1. RF component: for receiving and transmitting
2. Link control: for processing information
to/from RF component
3. Link management: manages transmission
process
(media access)
4. Supporting applications: uses other three
components through a well-defined interface
51
Bluetooth: Link Types
SCO• Packet-based• Mainly for voice• Up to 3 simultaneous
channels supported(64Kb/s each)
• Can be used in parallelwith an ACL channel
ACL• For data• Asymmetric:
• 721Kb/s (either direction) + 57.6Kb/s reverse direction
• Symmetric:• 432.6Kb/s
52
Basic Communication
Characteristics• Antenna power of 0dBm(1mW):
• ~10m range• Optionally, 20dBm(100mW):100m range
1Mb/s max:• 721Kb/s availableto user after protocol
overhead
Radio• 2.402-2.480GHz:
• minor change in ES, FR, JP• FH-SS:
• 79 channels• (23 channels, ES, FR, JP)• 1MHz spacing
• Hop rate – 1600 hops/s:• 625ms timeslot• TDM slots
• Possible interference:• 2.4GHz band used byIEEE802.11 wireless LANs
53
Basic Communication•Master-slave relationship
• master initiatescommunication usingPAGE or INQUIRYmessage• odd timeslots for
master• even timeslots for
slave(s)• Master-slave set-up:
• 255 slaves, 8-bit address
• 7 active slaves, 3-bit addresses
•TDM timeslots are numbered:• use clock from master• 227 slots• Transmission in packets
• Packet normally uses one timeslot:
• one packet per freq. hop• can use up to 5 timeslots
• Master-slave sync:• use of clocks, slaves sync with master
54
Basic Communication
•Piconet (single pico-cell):• single master• up to 255 slaves• only 7 active slaves at any
time• At power on:
• in standby (sniff mode)• listen every 1.28s• check one of 32 hopfrequencies for otherdevices
•Every device has a unique 48-bit address. •Instead, friendly Bluetooth names are used, which can be set by the user.•If address of another device known:
• send PAGE message• If address not known:
• send INQUIRY message• SDP is used to discoverdevice capabilities
M
S
P
SB
S
S
P
P
SB
SDP- service discovery protocol
55
Basic Communication … continues…General packet format
• Header:• AM_ADDR (3)• type (4)• flow control (1)• ARQN (1)• SEQN (1)• HEC (8)
Access code:• provides receiver sync
• Payload:• indicates length and numberof timeslots that will beused• contains CRC• if FEC used used, 5 paritybits added after each 10bits, including CRC bits• padding may be requiredfor FEC usageaccess code header payload72bits 54bits 0-2745 bits
access code packet header payload
68(72) 54 0-2745
AM_ADDR active member address
ARQN automatic repeat request number
HEC head error correction
SEQN sequence number
56
Forming a piconet
SB
SB
SB
SB
SB
SB
SB
SB
SB
M
S
P
SB
S
S
P
P
SB
• All devices in a piconet hop together– Master gives slaves its clock and device ID
• Hopping pattern: determined by device ID (48 bit, unique worldwide)
• Phase in hopping pattern determined by clock• Addressing
– Active Member Address (AMA, 3 bit)– Parked Member Address (PMA, 8 bit)
SB StandBy
57
Error Correction
3 options:• 1/3 rate FEC• 2/3 rate FEC• CRC + ARQ
• Packet header:• always uses 1/3 rate FEC
• Data:• 2/3 rate FEC• (15,10) shortened Hamming code
•Corrects all 1-bit errors in10 bits and detects all 2-biterrors•may need 0-9 bits ofpadding
• CRC + ARQ:• (not always used)• ACK or NAK for each pkt• Un-numbered scheme, i.e.stop-wait scheme
ARQ: automatic repeat request
58
Power Saving Modes
•Different power modes:• conserve battery life
• Active mode:• normal operation
• Sniff mode:• less power than active mode• listen to network
• e.g. standby
Hold mode:• less power than sniff mode• clock remains sync’d
• e.g. inactive slave, retains8-bit piconet address
• Park mode:• less power than hold mode• no contact with master• does not retain piconet addr
59
Interface Support
• Can emulate different interface protocols, e.g.:• USB (universal serial bus)• RS232• PC card (for laptops)
• Uses a serial cable emulation protocol:• allows use of PPP etc. (point-to-point protocol)
• Allows use of telephony protocols:• TCS binary (telephony control protocol)• Hayes AT commands
60
Bluetooth Protocol Stack
AT: attention sequenceTCS BIN: telephony control protocol specification – binaryBNEP: Bluetooth network encapsulation protocol
Bluetooth Radio
Baseband
Link Manager Protocol
Logical Link Control and Adaptation Protocol (L2CAP)
TCS BIN SDPIP
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
SDP: service discovery protocolRFCOMM: radio frequency comm.
PPPAudio
61
Protocol Architecture
•Bluetooth radio:• transmit and receive
• Baseband:• physical RF control
• LMP(Link Manager Protocol):• link setup• authentication• power mode control• connection states in piconet(master or slave)
L2CAP(logical link control and adaptation):
• SCO and ACL link types• segmentation andreassembly (max SDU sizeis 64Kbytes)
• SDP(Service Discovery):• selects usage model orprofile• exchange of devicecapability information
• RFCOMM(Radio Freq. Communications:
• serial line “emulation”
62
Protocol ArchitectureAddressing
• 48-bit IEEE address (similar to Ethernetaddress) BD_ADDR• Within a piconet:
• one master• many slaves• members of piconet• 8-bit piconet PM_ADDR • 3-bit AM_ADDR
Transmission control
• Freq. hopping sequence:• derived from BD_ADDR ofmaster
• Access codes used forsignalling:
• derived from BD_ADDR• access codes used as part of the every packet• allows sync of receiverclock
BD-ADDR - Bluetooth device address
63
Example usage methods
• LAN access:• dial-up server emulation• e.g. wireless access pointfor multiple users
•Dial-up networking:• serial line emulation• e.g. wireless modem foraccess
(L2CAP)
SDP
Modern emulator or driver
RFCOMM
AT modemcommands
PPP
(L2CAP)
SDP
Modern emulator or driver
RFCOMM
PPP
IP
64
Security
•Easy wireless connectivityfor roaming devices• Bluetooth security modes1, 2, 3
• Mode 1: insecure• Mode 2: service-
level security (not required at link set- up)
• Mode 3: link-levelsecurity (required at
link set-up)
•Authentication:• challenge-response• device authentication
• Link-level encryption:• Bluetooth specific algorithms
• Key generation mechanism:• private user key (128bits)used to generate sessionencryption key (8-128bits)
• Random number generation
65
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
Data DataCipher data
Authentication key generation(possibly permanent storage)
Encryption key generation(temporary storage)
PIN (1-16 byte)User input (initialization)
Pairing
Authentication
Encryption
Ciphering
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
PIN (1-16 byte)
Security … continues
66
NetworkingPiconet:
• a single Bluetooth cell• multiple cells could overlap• devices in overlap of cellscan form an ad hoc
scatternet• Scatternet – a single
device:• is in multiple piconets• has more than one
master• still maturing – may be used in IEEE802.15
WPANs
M=MasterS=SlaveP=ParkedSB=Standby
M
S
P
SB
S
S
P
P
SB
M
S
S
P
SB
Piconets(each with a capacity of < 1 Mbit/s)
ScatternetM
S
P
SB
S
S
P
P
SB
piconet
Piconet 1 Piconet 2
67
Summary•Inter-device communication:
• many standards
• many different cables
• Bluetooth provides:
• common wireless connectivity (not really mobility)
• cheap
• potentially, standard connectivity for any device,
including consumer electronics
• primitive networking - scatternet