bluetooth low energy (ble)...bluetooth vs ble - a quick comparison traditional bluetooth...
TRANSCRIPT
Bluetooth Low Energy (BLE) Dariusz Bursztynowski – Warsaw University of Technology
Bigger picture
802.15.4
802.15.5 6loWPAN
CoAP/MQTT
(physical & link layers)
802.15.1
ANT
BLE
WirelessHART … ZigBee
Why BLE?
Need for connectivity of mobile devices with outside world
What is „outside world”? small , task-specific products, innovative, that are are sill to come
low-cost, low bandwidth, extremely low power, low complexity
Idea – a framework to exchange data, so focus on a set of relatively low-level APIs
to give developers freedom to use BLE the way they want and
hide technological complexity
(in contrast to Bluetooth which is oriented towards applications)
No artificial barriers for adoption easy-to-understand data model
no licensing
no fees for accessing the specs
Bluetooth vs BLE - a quick comparison
Traditional Bluetooth connection-oriented
device „connected” means that a link is maintained all the time between peers, even if there is no data to be sent)
streaming support provided
power reduction is possible due to sniff modes (devices can go asleep)
months of battery life-time.
although the power is lower than for other radio standards, it is still too much for coin cells and very energy-efficient applications
BLE – from Bluetooth 4.0 spec. data transfer, no support for a real streaming (rate limit ~125kbit/s)
a new radio, new protocol stack, new profile (i.e., application) architecture
designed to run from coin cells and support an Apps Store mode
range 150 meters LOS, but in reality is closer to several meters
radio standard for a new decade, enabling the Internet of Things
Note: since specification 4.1, L2CAP can create high throughput data channels (why not if it does not impact low-energy features ... ?)
BLE – key facts
Data throughput on a single channel ~125kbit/s in theory, less in practice
designed for sending small chunks of data (exposing state)
not optimised for file transfer
does not support streaming
Since Bluetooth 4.1, high-throughput user data channels at L2CAP
Operating range up to 150 meters LOS, but in reality is closer to just several meters
Network topologies allowed (type of communication) broadcasting & observing
connections (devices are coupled, i.e., associated – a state is needed)
Broadcaster
observer
observer observer
Central device
peripheral device
peripheral device
peripheral device
BLE – key factsheet
Range: below 150m (typically much less)
Output Power: ~ 10mW (10dBm)
Max Current: ~ 15mA
Latency: 3 ms
Topology: Star
Connections: > 2 billion
Modulation: GFSK @ 2.4 GHz
Robustness: Adaptive Frequency Hopping, 24 bit CRC
Security: 128bit AES CCM
Sleep current ~ 1 μA
Modes: Broadcast, Connection
Network topologies supported
Broadcasting & observing
Broadcaster: sends advertising packets to any observer willing to receive
them
Observer – scans the preset frequencies to receive advertising packes
Broadcast packet contains: broadcaster capabilities + custom information (data); larger payload can be sent in two consecutive packets
No security nor privacy of data
Connections (devices are coupled, i.e., associated – a state is needed) To send data in both directions or when there are more than two
payloads to send, encryption is used
Periodical exchange of data between peers
Signalling procedure is used for setting up connections
Broadcaster
observer
observer observer
Central device
peripheral device
peripheral device
peripheral device
connectionless
connection oriented
phone, tablet, ...
Protocol stack (single-mode device*)
Generic Access Profile (GAP)
Generic Attribute Profile (GATT)
Security Manager Protocol (SMP)
Attribute Profile (ATT)
Logical Link Control and Adaptation Protocol (L2CAP)
Link Layer (LL)
Low Energy Physical Layer (PHY)
Application (App) Application
Host
Controller
Host Controller Interface (HCI)
BLE device
* In a dual-mode device, protocol stacks for BLE and classical Bluetooth are present. We do not consider classical Bluetooth here.
Hardware configurations (physical architectures)
Application
Host
Controller
System on chip (SoC)
Application
Host
Controller
Dual IC over HCI
Main CPU
HCI over USB/UART*
Application
Host
Controller
Dual IC (Connectivity device)
Main CPU
Proprietary protocol
Three generic configuration of the HW • Simple sensors opt for SoC for low complexity reasons • Smartphones/tablets opt for Dual IC over HCI • Dual IC with Connectivity device is for special scenarios
*) Universal Asynchronous Receiver/Transmitter
Physical layer
Contains analog communications circurity
Radio uses the 2.4GHz ISM (Industrial, Scientific, and Medical) band
40 channels on ~2MHz spacing, 1MBit GFSK (wider range than Bluetooth BR)
Channel layout is shown in the drawing; out of the 40 channels 37 channels are for connection data
three advertising channels to setup connections and broadcast data
Frequency hopping spread spectrum used on each connection event
Link Layer (LL)
Link Layer (LL) - general
Directly interfaces with PHY , isolates higher layers from PHY Isolated itself from the rest of the layers by HCI (Host Control Interface)
Carries main computational tasks (typically implemented in HW) Preamble generation, access address handling, air protocol framing
CRC generation and computation
Random number generation , encryption (imposed by higher layers)
Defines the following roles Advertiser (sends advertising packets)
Scanner (listens for advertising packets)
Slave (accepts a connection request and follows master’s timing)
Master (initiates a connection and manages it)
Logical tasks (typically software) advertising, scanning
establishing/tearing down connections, changing connection parameters
handling white lists
no connection
connection
SMP ATT SMP ATT
L2CAP L2CAP LL / LL connection
LL connection between devices L2CAP flow between upper protocol entities
HCI (Host Control
Interface)
Link Layer – Bluetooth device address
Bluetooth device address – fundamental identifier of Bluetooth appliance
like Ethernet MAC address
Two types of address Public device address – factory-programmend address, set
according to IEEE registration procedure
Random device address – either pre-programmed or dynamically generated
e.g., when a device manufacturer wants to avoid IEEE registration
if dynamic, set by the GAP layer
Link Layer - advertising mode
• Peripherals (broadcasters) advertise their presence or request connections (broadcast data) to the master (observers). • potential receivers do periodical scanning
• Devices can have a variety of reasons to advertise:
• broadcast promiscuously • transmit signed data to a previously connected device • advertise their presence to a device wanting to connect • reconnect asynchronously due to a local event
• Two modes of scanning operation
• passive scanning (listen for advertisements, never feedbacks to the advertiser)
• Active scanning – the scanner sends Scan request packet in response to advertising packet and the advertiser responds with Scan response packet (only ONCE)
See the example on the next page
Link Layer - advertising mode - example
Example: peripheral advertising packets sniffed(here: passive)
Example sequence
passive active passive
ADV_IND ADV_IND SCAN_RSP ADV_IND
SCAN_REQ
channel 37 channel 38 channel 39
Peripheral peripheral
central
Link Layer - advertising packet (example)
full list of Advertising Data types: https://www.bluetooth.com/specifications/assigned-numbers/generic-access-profile
could also be ADV_DIRECT_IND to indicate Directed connectable mode
Link Layer – connection setup and data exchange
Connection needed for information exchanges longer that two packets or for bidirectional data exchange
always takes place between a specific pair of devices (a „pipe”)
typically the slave announces the need for a connection (by sending specific advertisements)
Actual establishement initiated by the Master (CONNECT_REQ packet)
Device address is used only during connection establishement
within a connection, data packets are marked using unique conncetion identifier (set by the Master)
Features Exclusive – one for a peripheral; peripheral stops sending adverts after
establishing a connection (becomes invisible to other centrals)
A series of bi-directional data exchange (Master-> Slave + Slave->Master)
A bunch of exchanges is called Connection event, one per Connection Interval (see next slide)
both determined by Master per connection, can be changed by Master during conn. lifetime
Reliable
error detection via CRC, repetition until confirmation based on a stop-and wait acknowledgement mechanism
Encrypted
Link Layer – connection setup and data exchange - example
Example: CONNECT_REQ packet sniffed
duration of Connection Interval [ms] (min. time between two subsequent connections)
max time between consecutive packets to consider a connection to be broken
Empty message (invite to send data)
User data message (27 byte payload)
could also be ADV_DIRECT_IND (Directed connectable mode)
e.g., advertises undirected connectable mode
etc. Used as Ack, invite next data if positive ack
Connection Interval
ADV_IND slave
master master CONN_REQ
channel 37 data channel
Logical Link Control and Adaptation Protocol (L2CAP)
Main functionality Multiplexing protocols from upper layers (as for now, ATT and SMP)
No segmentation/reassembly needed (higher layers take care of L2CAP max payload size, e.g. see ATT – queued writes)
Example: packet formats across BLE stack for ATT
L2CAP - general
SMP ATT SMP ATT
L2CAP L2CAP LL connection
LL connection between devices L2CAP flow between upper protocol entities
LL
L2CAP
ATT
L2CAP - more
Routes (multiplexes) two protocols Attribute Protocol , ATT(the basis for data exchange of BLE
applications)
Security Manager Protocol , SMP (provides framework to generate and distribute security keys between peers)
Muxing achieved using a 2-byte channel ID (CID) in L2CAP packets
Since version 4.1 of Bluetooth specification Can create its own user-defined channels for high-throughput data
transfer (new format, additional signalling procedures for flow control - we do not expand on it here)
23 = 27-4
Attribute Protocol (ATT)
ATT – intro ATT vs GATT
Generic Attribute Profile
(GATT)
Attribute Profile (ATT)
Logical Link Control and Adaptation Protocol (L2CAP)
Application
Generic Attribute Profile
(GATT)
Attribute Profile (ATT)
Logical Link Control and Adaptation Protocol (L2CAP)
Application
Structured data at the app level, structure interpreted retrieved using GATT
APP: select peers based on services
discovered, exchange service-
related data
Intro GATT/APPL see structures
ATT sees ordered attributes
GATT – defines strustures and translates them into attributes ATT – find and send elementary data pieces
APPL: provide the service, decide what/when to send, send (talk) using structured data
Attribute Protocol (ATT) – intro, ATT vs GATT
Generic Attribute Profile (GATT) framework that uses the ATT for the discovery of services, read, write, push data grouped as hierarchy of
primary and secondary services, and their characteristics
the exchange of characteristics from one device to another.
A characteristic is a set of data which includes a value and properties. At the ATT level, they all are stored in attributes.
ATT vs GATT while GATT/Applications „see” structured information, for example:
a server runs a ‘temperature sensor’ service that
provides a ‘temperature’ characteristic that uses
an attribute for describing the sensor (i.e., the device)
attribute for storing a value of temperature measurement
yet another attribute for specifying the measurement units
etc.
etc.
ATT defines a flat set of elementary attributes and mechanisms to access them.
Structured data
ATT - overview
ATT perspective: services and characteristics together with their values and properties are all available as attributes
e.g., GATT combines attributes into structures in the form of services, characteristics, values (descriptors), etc.
ATT operates on a flat set of attributes (for accessing them over L2CAP, using right L2CAP connections)
Attribute - elementary data structure piece of information managed by the GATT, structured as:
universally unique identifier (UUID) – globally unique („worldwide”)
specifies the type and nature of data contained in the value
Length: 128 bit for customised, and 16 bit for Bluetooth SIG defined ones
16 bit handle, unique to a given device for a given UUID (attr. instance id)
value represents named information
attribute values can be referenced by either UUID or by handle, depending on the application
ATT offers a simple client-server stateless protocol Based on attributes presented by a device
Client (central) can access server (peripheral) for attributes
Works on top of a dedicated L2CAP channel
ATT – overview cntd
Mode of operation any device can be a client, server or both (regardless of
their Master/Slave roles)
e.g., slave sends server initialted handle indication or notification
the client or server role of a device is determined by the GATT (app)
multiple types of operations are allowed (e.g., read , write)
strict in sequencing
no request can be sent until the response is received and processed
ATT – operations
Set of categories, several operations in each category Each peration has its parameters
Most of them are of type request/response (transactional)
Categories/operations
Error handling Error response
Server configuration Exchange MTU Request/Response
Find information Find information Request/Response
Find by Type/Value (returns handle range for UUID and value)
Read operations Read by type Request/Response (by UUID)
Read Request/Response (by handle)
Read blob Request/Response (read a part of a value by handle)
Read multiple Request/Response
Read by group type Request/Response
ATT – operations cntd
Write operations Write Request/Response
Write command (without response)
Signed write command (like write command, but using a signature)
Queued writes Prepare write Request/Response
Execute write Request/Response
Server initiated (asynchronous push operations to the client initiated by the server)
Handle value indication/confirmation (by handle, expects confirmation)
Handle value notification (as above, no confirmation required)
Generic ATTribute Profile (GATT) services & characteristics
GATT – data structures
GATT provides a framework for handling data structured in a hierarchy
GATT data hierarchy - view of services
GATT server
Service 1 Characteristic 1
Value
Descriptor (optional) ...
Characteristic 2
...
Characteristic 3 Service 2
...
...
...
GATT example: service level
Handle UUID Description
0x0100 0x2800 Service A definition
... ... Service details
0x0150 0x2800 Service B definition
... ... Service details
0x0300 0x2800 Service C definition
... ... Service details
into the service description ...
GATT – data structures (2)
Handle UUID Description Value
0x0100 0x2800 Thermometer service definition UUID 0x1816
0x0101 0x2803 Characteristic: temperature UUID 0x2A2B Value handle: 0x0102
0x0102 0x2A2B Temperature value 20
0x0104 0x2A1F Descriptor: unit Celsius
0x0110 0x2803 Characteristic: date/time UUID 0x2A08 Value handle: 0x0111
0x0111 0x2A08 Date/Time 1/1/1980 12:00
GATT example – single service description two characteristics, one with a descriptor
all are attributes in ATT, and
GATT decomposes this structure into
attributes and retrieves them one by one using ATT
GATT – service example (HRT case)
Heart rate monitor (HRT) – order of accessing data by the client (idea)
GATT server
1
2
3 4
GATT client
1 2
3
4
For a service: Read list of
characteristics
Read list of
services
Read characteristic
Read characteristic
K. Townsend et al. „Getting started with Bluetooth Low Energy”, O’REILLY, 2014.
Generic Access Profile (GAP) advertising & connections
Generic Access Profile (GAP) - scope
Framework that all devices must follow to: broadcast data
discover each other and their services
establish secure connections
negotiate security levels
Generic Access Profile (GAP)
Security Manager (SM)
Logical Link Control and Adaptation Protocol (L2CAP)
Application
Generic Access Profile (GAP)
Security Manager (SM)
Logical Link Control and Adaptation Protocol (L2CAP)
Application
control of discovery establishment of
connections
Link Layer Link Layer
ADVERTISEMENT SCAN
CONNECT convey GAP information
GAP - scope
Framework that all devices must follow to: broadcast data
discover each other and their services
establish secure connections
negotiate security levels
Distinguishes Roles
to be adopted by a device to join a network
Modes (within a role)
state of the device in which defined procedures can be performed
mode results from the role adopted by the device (application)
Procedures and data formats
sequences of actions that enable devices to perform their tasks
Procedure results from the mode (and role), and possibly events occuring
format of Advertising Data carried in ADVERTISING and SCAN_RESPONSE packets.
Different types of information can be announced in AD
e.g., list of GATT services for discovery or Service Data to avoid setting up connections can be included in Advertising Data
GAP – roles, modes, procedures
Roles Broadcaster - undertakes LL (link-layer) advertiser role
Observer - undertakes LL scanner role
Central - corresponding to LL master (initiates a connection)
Peripheral - corresponding to LL (link-layer) slave (accepts the connection)
Note: GAP roles typically stay constant thoughout the lifetime of a device (in GAPP, each device can perform as GAPP client or server, depending on the sender of the request).
Modes/procedures
Procedure Applicable role(s)
Applicable peer mode(s)
Observation Observer Broadcast
Limited discovery Central Limited discoverable
General discovery Central Limited and General discoverable
Name discovery Peripheral, central N/A
Connection establishment Central Connectable
Connection parameter update Peripheral, central N/A
Terminate connection Peripheral, central N/A
Thank you
Quiz questions
What is (are) the main difference(s) between classical Bluetooth and Bluetooth Low Energy (BLE, aka Bluetooth Smart)?
When the advertising mode of communication is sufficient and when connections are necessary?
What is the main role (domain) of GAT (Generic Access Profile)?
What is the main role (domain) of GATT (Generic Attribute Profile)?
What is the role of ATT (Attribute protocol) wrt GATT?
Can a Central be GATT server, GATT client, or both?