bluetooth - comprehensive presentation

BLUETOOTH

1

2

Concept

Who is Bluetooth ? ? ?

• HARALD BLUETOOTH• King of Denmark (940 – 981)• Unified Danish tribes into a single kingdom

3

By Ericsson in Sweden (1999)

4

History

~Invented in 1994 by Ericsson.

~The company later started working with a larger group of companies called the Bluetooth Special Interest Group or “SIG”, to develop the technology into what it is today.

~Bluetooth is not owned by any one company and is developed and maintained by SIG. 5

History

The Bluetooth Special Interest Group (SIG) was founded by

• Ericsson,

• IBM,

• Intel,

• Nokia and

• Toshiba

in February 1998 to develop as open specification for

short-range wireless connectivity.6

Features

• Cable-replacement technology

• Wireless technology for short-range voice and data

communication

• Low-cost and low-power

• Provides a communication platform between a wide

range of “smart” devices

• Not limited to “line of sight” communication 7

. . .

• Universal radio interface for ad-hoc wireless connectivity

• Interconnecting computer and peripherals, handheld

devices, PDAs, cell phones – replacement of IrDA

• Embedded in other devices, goal: 5€/device (2002:

50€/USB bluetooth)

• Short range (10 m), low power consumption, license-free

2.45 GHz ISM

• Voice and data transmission, approx. 1 Mbit/s gross data

rate

8

Technically,

it is a chip to be plugged into computers, printers, mobile

phones, etc.

Designed by taking the information normally carried by the

cable,

transmitting it at a special frequency to a receiver

Bluetooth chip

which will then give information received to these mobile

devices. 9

It comprises of a

base band processor, a radio and an antenna.

The base-band processor converts the data into signals,

the antenna of another blue tooth device, within at least 30

feet distance, receives a transmitted signal in the air.

. . .

10

Bluetooth in Action

Source: http//:www.motorola.com

In the Office In the house

11

Home Security On the Road


12

On your Car


13

Types of Bluetooth Devices

1. Head Set

2. In-Car Bluetooth System

3. Bluetooth Equipped Printer

4. Bluetooth Equipped Web Cam

5. Bluetooth GPS System

6. Bluetooth Key Board 14

Pros

• These have Replaced cables for transferring Information

from one Electronic Device to another one.

• These have decreased Strain like carrying phones while

talking, making hands free to do another work.

• This is cheaply Available.

• It’s Mobility is also very Important as it doesn’t need any

power outlet or Internet connection or any other items.15

Cons

Data sent between two Bluetooth devices is very slow

compared with Wi-Fi transfer Rate.

Range Of a Bluetooth Device is 15-30 feet depending

upon the Device.

Security is Biggest Disadvantage as transfer takes place

through radio waves and a hacker can easily hack it.

16

Characteristics

1. 2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier

spacing

• Channel 0: 2402 MHz … channel 78: 2480 MHz

• G-FSK modulation, 1-100 mW transmit power

2. FHSS and TDD

• Frequency hopping with 1600 hops/s

• Hopping sequence in a pseudo random fashion, determined by a

master

• Time division duplex for send/receive separation17

FHSS

• Bluetooth devices use a protocol called (FHHS) Frequency-

Hopping Spread Spectrum .

• Uses packet-switching to send data.

• Bluetooth sends packets of data on a range of frequencies.

• In each session one device is a master and the others are

slaves.

• The master device decides at which frequency data will

travel.18

. . .

• Transceivers “hop” among 79 different frequencies in the 2.4 GHz baud at a rate of 1600 frequency hops per second.

• The master device tells the slaves at what frequency data will be sent.

• This technique allows devices to communicate with each other more securely.

19

Characteristics (Contd.)

3. Voice link – SCO (Synchronous Connection Oriented)

• FEC (forward error correction), no retransmission, 64 kbit/s

duplex, point-to-point, circuit switched

4. Data link – ACL (Asynchronous ConnectionLess)

• Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9

kbit/s symmetric or 723.2/57.6 kbit/s asymmetric, packet

switched

5. Topology

• Overlapping piconets (stars) forming a scatternet20

BLUETOOTH

ARCHITECTURE

21

Piconet

M=Master

S=Slave

P=Parked

SB=Standby

M

PS

22

SB SB

SB

SBP

P S

S

P

. . .• A Piconet session is a communication link that must be created

between devices for devices to communicate with each other.

• If two devices come onto contact with each other( 32 feet) the

user will be prompted to initiate a communication session

• Users then can either deny or accept the request to initiate a

session

• Only devices approved by the user can take part in the session

• Data will appear as noise to unauthorized devices (A great

security feature). 23

. . .• Collection of devices connected in an ad hoc fashion

• One unit acts as master and the others as slaves for the lifetime of the

piconet

• Master determines hopping pattern, slaves have to synchronize

• Each piconet has a unique hopping pattern

• Participation in a piconet = synchronization to hopping sequence

• P device-cannot actively participate , are known and can be reactivated

within some milliseconds

• SB device-do not participate in piconent

• Each piconet has one master and up to 7 simultaneous slaves

• > 200 devices could be parked

24

. . .• All devices in a piconet hop together

• Master sends its clock and device ID to slaves• Hopping pattern is determined by device ID (48 bit, unique id)• Phase in hopping pattern is determined by master’s clock

• Addressing• Active Member Address (AMA, 3 bit) for active devices• Parked Member Address (PMA, 8 bit) for parked devices• SB devices do not need an address

SBSB

SB

SB

SB

SB

SB

SB

SB

MS

P

SB

S

S

P

P

SB

25

Scatternet• Linking of multiple co-located piconets through the sharing of common

master or slave devices

• Devices can be slave in one piconet and master of another

• Communication between piconets

• Devices jumping back and forth between the piconets

M

S

P

SB

S

S

P

P

SB

M

S

S

P

SB 26

BLUETOOTH PROTOCOL

STACK

27

Radio

Baseband

Link Manager

Control

HostControllerInterface

Logical Link Control and Adaptation Protocol (L2CAP)Audio

TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP

RFCOMM (serial line interface)

AT modemcommands

telephony apps.audio apps. mgmnt. apps.

AT: attention sequenceOBEX: object exchangeTCS BIN: telephony control protocol specification – binaryBNEP: Bluetooth network encapsulation protocol

SDP: service discovery protocolRFCOMM: radio frequency comm.

PPP

28

. . .

Bluetooth Protocol stack is divided into two

parts:

Core specification

Profile specification

29

Core Protocol

Radio: Specification of the air interface, ie frequency,

modulation and transmit power.

Base band: Describes basic connection establishment, packet

format, timing, basic QoS parameters.

Link manager protocol: link setup and management b/w

devices including security functions and parameter negotiation

Logical link control and adaptation protocol (L2CAP):adapt

higher layers to the base band.

Service discovery protocol: Device discovery in close proximity

30

. . . Profile specification:

describes protocols and functions needed to adapt

the wireless Bluetooth technology to legacy and new

applications

Above L2CAP is the cable replacement protocol

RFCOMM that emulates a serial line interface. This allows a simple replacement of serial line cables and enables

many applications and protocols to run over bluetooth

Supports multiple serial ports over a single physical channel 31

Radio

Baseband

Link Manager

Control



TCS BIN

SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


TCS-BIN(telephony control protocol – binary) Bit oriented protocoldefines call control signaling for establishment of voice and data

calls b/w bluetooth devicesDescribes mobility and group management functions

PPP

32

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


PPP

33

Host controller interface (HCI) b/w baseband and L2CAP provides command interface to baseband controller and link manager. Access to the hardware status and control registers. Can be seen as the hardware and software boundary.

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


PPP

34 Classical internet appln can use the TCP/IP stack running over Point to

Point Protocol (PPP)or use the Bluetooth network encapsulation

protocol(BNEP)

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


AT: attention sequence

Telephony applns can use AT modem commands as if using a standard modem.

PPP

35

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


Calendar or business card objects (vCal/vCard)

can be exchanged using object exchange protocol(OBEX).

PPP

36

Radio

Baseband

Link Manager

Control



TCS BIN SDPIP

NW apps.

TCP/UDP

BNEP


AT modemcommands


Provide support for audio Audio applications may directly use the baseband layer after

encoding the audio signals

PPP

37

OBEX

vCal/vCard

Core Protocol

Radio

Base band

Link manager protocol

Logical link control and adaptation protocol (L2CAP)

Service discovery protocol38

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


PPP

39

Radio layer

Defines carrier frequencies and output power

Design Limitations

Bluetooth devices will be integrated into mobile devices and

thus rely on battery power.

Requires small low power chips that can be built into

handheld devices

Frequency must be available worldwide

Bluetooth has to support multimedia data40

. . .

FEATURES

Uses license free 2.4 GHz frequency band for world wide

operation

Bluetooth uses frequency hopping/time division duplex

scheme for transmission

Hopping rate= 1600 hops/s

Time b/w 2 hops is called a slot (625 microseconds)

Each slot uses a different frequency

Bluetooth uses 79 hop carriers equally spaces at 1MHz41

. . .

Bluetooth transceivers are available in three classes:

Power class1:

max power 100mW and minimum power 1 mW ,

100m range without obstacles

Power control is mandatory.

Power class2:

max power 2.5mW, normal power is 1mW and min power is

0.25mW,

10m range.

Power control is optional.

Power class3: maximum power is 1mW.

42

. . .

Core Protocol

Radio

• BASE BAND

• Link manager protocol

• Logical link control and adaptation protocol (L2CAP)

• Service discovery protocol43

Radio

Baseband

Link Manager

Control



TCS BIN SDP

OBEX

vCal/vCard

IP

NW apps.

TCP/UDP

BNEP


AT modemcommands


PPP

44

Baseband layer

Baseband layer

Performs frequency hopping

Defines physical links and packet formats

In a piconet each device hops to the same frequency

at the same time.

45

Frequency selection during data transmission

(1 slot packets)

• Within each slot the master or any of the slaves may

transmit data in an alternating fashion

• Each data transmission uses one 625 µs slot.

46

S

fk

625 µs

fk+1 fk+2 fk+3 fk+4 fk+5 fk+6

MM M Mt

S S

. . .

Defines 3-slot or 5-slot packets for higher data rate.

If a master or slave sends a packet covering 3 or 5 slots

Here radio transmitter remains in the same frequency until the

packet is transmitted.

No frequency hopping is performed within a packet

After transmission the radio returns to the frequency required

by the hopping pattern.(handle hidden terminal problem).

Shifting phase even in one device would destroy the piconet47

Frequency selection during data transmission

(3,5 slot packets)

fk+3 fk+4fk

fk

fk+5

fk+1 fk+6

fk+6

M

M M

M Mt

t

S S

S

48

Baseband packet format

access code packet header payload68(72) 54 0-2745 bits

AM address type flow ARQN SEQN HEC3 4 1 1 1 8 bits

preamble sync. (trailer)

4 64 (4)

49

Access Code

50

• For timing synchronization and piconet identification

• Consists of preamble, synchronization field and trailer

• 64 bit sync is determined from the lower 24 bits of an

address(LAP- lower address part)

access code68(72)

preamble sync. (trailer)

4 64 (4)

Packet Header

• Packet header• Features: address, packet type, flow and error control and checksum• 3-bit active member address : temporarily assigned address to slave.

• Zero values are reserved for broadcast.• 4-bit type field : determines type of packet : control,

asynchronous ,synchronous data.• 1-bit flow field: flow control mechanism for asynchronous traffic.

• Flow=0-transmission stop• Flow=1- transmission resume

• SEQN(seq no.) and ARQN (ARQ seq.no) are used for acknowledgement• 8 bit HEC(Header Error Check):protect packet header

packet header54

AM address type flow ARQN SEQN HEC3 4 1 1 1 8 bits

51

Payload

• Upto 343 bytes payload can be transferred

• Structure of the payload field depends on the type of link

52

Physical Links

• Bluetooth offers 2 types of links :

1. Synchronous connection oriented link (SCO)

2. Asynchronous connectionless link(ACL)

53

Synchronous connection oriented link (SCO)

– Voice connections require symmetrical, circuit switched, point to point

connection.

– Two time slots (forward and return slot) are reserved at fixed intervals

for transmission

– Master supports upto three simultaneous SCO links to the same or

different slaves.

– Slaves support upto two links from different masters or upto three links

from the same master

– SCO carry voice at 64 kbits/s without FEC, with 2/3 FEC or 1/3 FEC

(Forward Error Correction)

54

SCO payload types

payload (30)

audio (30)

audio (10)

audio (10)

HV3

HV2

HV1

DV

FEC (20)

audio (20) FEC (10)

header (1) payload (0-9) 2/3 FEC CRC (2)

(bytes)

55

Asynchronous connectionless link (ACL)

Data appln require symmetric or asymmetric, packet switched, point to multipoint transfer scenarios

• Master uses a polling scheme• Slave may answer only if addressed by the master in the

preceding slot• Only one ACL link exists b/w master and a slave• Can carry 1-slot,3-slot or 5-slot packets.• Data can be protected using 2/3 FEC scheme(helps in noisy

environments with a high link error rate)• high overhead ,so a fast ARQ scheme is used for reliable

transmission• Payload is CRC protected except for AUX1 packet

56

ACL Payload types

payload (0-343)

header (1/2) payload (0-339) CRC (2)

header (1) payload (0-17) 2/3 FEC

header (1) payload (0-27)


header (2) payload (0-183)


header (2) payload (0-339)DH5

DM5

DH3

DM3

DH1

DM1

header (1) payload (0-29)AUX1

CRC (2)

CRC (2)

CRC (2)

CRC (2)

CRC (2)

CRC (2)

(bytes)

57

….• Control packets are available for

• polling slaves

• hopping synchronization

• acknowledgement

• DM1 (data medium rate)& DH1(data high rate) use single slot and 1 byte header

• DM3 & DH3 use three slots

• DM5 & DH5 use five slots

• Medium rates are always FEC protected

• High rates rely on CRC only for error detection

• HV (High Quality Voice) packets use single slot

• DV (Data & Voice)- combined packet where CRC,FEC and payload header are valid

for the data part only

58

Example Data Transmission

59

•One master and two slaves

•Master always uses even frequency slots

•Slaves uses odd slots

•Every 6th slot is used for SCO link b/w M and S

•ACL link uses single or multiple slots

Core Protocol

Radio

Base band

• LINK MANAGER PROTOCOL

• Logical link control and adaptation protocol (L2CAP)


Link Manager protocol

Manages

various aspects of radio link between a master and slave

current parameter setting of the devices

Enhances baseband functionality but higher layers can still

directly access the baseband61

Functions of LMP

1. AUTHENTICATION, PAIRING & ENCRYPTION

basic authentication in baseband

control the exchange of random numbers and signed responses

pairing service -to establish an initial trust relationship b/w two

devices that have never communicated before. The result of

pairing is a link key

not directly involved in the encryption process, but sets the

encryption mode ,key size, and random speed

62

…

2. SYNCHRONIZATION

Precise synchronization is important

Clock offset is updated each time a packet is received from the master

Special synchronization packets can be received

Devices can also exchange timing information related to the time differences

(slot boundaries) between two adjacent piconets

3. CAPABILITY NEGOTIATION

Version of LMP , information about the supported features can be exchanged

devices have to agree the usage of, e.g., multi-slot packets, encryption, SCO

links, voice encoding, park/sniff/hold mode etc.63

….

4. QUALITY OF SERVICE NEGOTIATION poll interval- maximum time between transmissions from a master to a particular

slave, controls the latency and transfer capacity

quality of the channel – DM or DH

Number of repetitions for broadcast packets can be controlled

master can limit the number of slots available for slave’s answers to increase its own

bandwidth

5. POWER CONTROL Device can measure the received signal strength

Depending on this signal level, device can direct the sender of the measured signal to

increase or decrease its transmit power. 64

…

6. LINK SUPERVISION

Control the activity of a link

set up new SCO links or

may declare the failure of a link

7. STATE AND TRANSMISSION MODE EXCHANGE

Devices might switch the master/slave role,

detach themselves from a connection or

change the operating mode

65

Baseband states of a Bluetooth device

66

STANDBY MODE

• Every device which is currently not participating in a piconet

• & is not switched off.

• Low power mode


67

Step towards inquiry

mode can be in 2

ways:

Either a device

want to establish a

piconet

Or a device wants

to just listen


68

PAGE• After finding all the

required devices, master sets up a piconet

• Depending on device addresses, special hopping sequence is calculated.

• Slaves answer and synchronize


69

CONNECTION STATE• Has Active state &

Low Power state• In Active state –

Slave participates in the piconet by listening, transmitting, and receiving

• devices can either transmit data or are simply connected.

…

• To save battery power, a Bluetooth device can go into one

of three low power states:

1.Sniff :highest power consumption, listen periodically

2.Hold: stop ACL transmission, SCO still possible by slave,

possibly participate in another piconet

3.Park: lowest duty cycle ,lowest power

consumption,release AMA(Active Member Address), get

PMA(Parked Member Address )70

Core Protocol

Radio

Base band

Link Manager Protocol

• LOGICAL LINK CONTROL AND ADAPTATION PROTOCOL

(L2CAP)


L2CAP-Logical Link Control and Adaptation

Protocol

Simple data link control protocol on top of baseband

that offer logical channels b/w Bluetooth devices.

L2CAP is available for ACLs only

Types of logical channels include

– Connection oriented, connectionless and signaling channels

72

. . .

Connectionless: unidirectional channels for broadcast from master to slaves

Connection oriented: bidirectional channels and supports QoS specifications

in each direction.

Signaling: used to exchange signaling messages.

Channel identifier (CID): Channels are identified using CID

– CID=1 for signaling channel.

– CID=2 for connectionless channels.

– CID>=64 for connection oriented channels.(64-65535).73

L2CAP logical channels

baseband

L2CAP

baseband

L2CAP

baseband

L2CAP

Slave SlaveMaster

ACL

2 d 1 d d 1 1 d 21

signalling connectionless connection-oriented

d d d

74

L2CAP packet formats

length2 bytes

CID=22

PSM2

payload0-65533

length2 bytes

CID2

payload0-65535

length2 bytes

CID=12

One or more commands

Connectionless PDU

Connection-oriented PDU

Signalling command PDU

code ID length data1 1 2 0

Length : Length of payload

75


length2 bytes

CID=22

PSM2

payload0-65533

length2 bytes

CID2

payload0-65535

length2 bytes

CID=12


Connectionless PDU




PSM : Protocol/Service multiplexer : to identify the higher layer recipient for the payload

76


length2 bytes

CID=22

PSM2

payload0-65533

length2 bytes

CID2

payload0-65535

length2 bytes

CID=12


Connectionless PDU




code : for command reject, connection request, disconnection response etc.ID : To match request with replyLength : length of data

77

Security Components & Protocols

E3

E2

link key (128 bit)

encryption key (128 bit)

payload key

Keystream generator

Data DataCipher data

Authentication key generation(possibly permanent storage)

Encryption key generation(temporary storage)

PIN (1-16 byte)User input (initialization)

Pairing

Authentication

Encryption

Ciphering

E3

E2

link key (128 bit)

encryption key (128 bit)

payload key

Keystream generator

PIN (1-16 byte)

78

Core Protocol

Radio

Base band

Link Manager Protocol

Logical link control and adaptation protocol (L2CAP)

• SERVICE DISCOVERY PROTOCOL79

SDP – Service Discovery Protocol

• To know what devices or specifically what services are available in radio proximity

• SDP defines only the discovery of services not their usage.• Discovered services can be cached and gradual discovery is

possibly.• Inquiry/response protocol for discovering services

– Searching for and browsing services in radio proximity– Adapted to the highly dynamic environment– Can be complemented by others like SLP, Jini, Salutation, …– Defines discovery only, not the usage of services– Caching of discovered services– Gradual discovery 80

SDP – Service Discovery Protocol

• Service record format : all the info. about a service

– Information about services provided by attributes

– list of service attributes

– Attributes are composed of an 16 bit ID (name) and a value

– values may be derived from 128 bit Universally Unique Identifiers

(UUID)

– protocol descriptor list comprises the protocols needed to access this

service

– example service record : URLs for service documentation,

an icon for the service

service name

81

Profiles• To provide compatibility among the devices offering the

same services, Bluetooth specified many profiles in

addition to the core protocols.

• Without profiles, interoperation between devices from

different manufacturers impossible

• Represent default solutions for a certain usage model

– Vertical slice through the protocol stack

– Basis for interoperability

Profiles

Prot

ocol

s

Applications

82

ProfilesBASIC PROFILES

• Generic Access Profile• Service Discovery Application Profile• Cordless Telephony Profile• Intercom Profile• Serial Port Profile• Headset Profile• Dial-up Networking Profile• Fax Profile• LAN Access Profile• Generic Object Exchange Profile• Object Push Profile• File Transfer Profile• Synchronization Profile

Profiles

Prot

ocol

s

Applications

83

Profiles

ADDITIONAL PROFILES

• Advanced Audio Distribution

• PAN

• Audio Video Remote Control

• Basic Printing

• Basic Imaging

• Extended Service Discovery

• Generic Audio Video Distribution

• Hands Free

• Hardcopy Cable Replacement

Profiles

Prot

ocol

s

Applications

84

bluetooth - comprehensive presentation

Devices & Hardware