BLUETOOTH
1
2
Concept
Who is Bluetooth ? ? ?
• HARALD BLUETOOTH• King of Denmark (940 – 981)• Unified Danish tribes into a single kingdom
3
By Ericsson in Sweden (1999)
4
History
~Invented in 1994 by Ericsson.
~The company later started working with a larger group of companies called the Bluetooth Special Interest Group or “SIG”, to develop the technology into what it is today.
~Bluetooth is not owned by any one company and is developed and maintained by SIG. 5
History
The Bluetooth Special Interest Group (SIG) was founded by
• Ericsson,
• IBM,
• Intel,
• Nokia and
• Toshiba
in February 1998 to develop as open specification for
short-range wireless connectivity.6
Features
• Cable-replacement technology
• Wireless technology for short-range voice and data
communication
• Low-cost and low-power
• Provides a communication platform between a wide
range of “smart” devices
• Not limited to “line of sight” communication 7
. . .
• Universal radio interface for ad-hoc wireless connectivity
• Interconnecting computer and peripherals, handheld
devices, PDAs, cell phones – replacement of IrDA
• Embedded in other devices, goal: 5€/device (2002:
50€/USB bluetooth)
• Short range (10 m), low power consumption, license-free
2.45 GHz ISM
• Voice and data transmission, approx. 1 Mbit/s gross data
rate
8
Technically,
it is a chip to be plugged into computers, printers, mobile
phones, etc.
Designed by taking the information normally carried by the
cable,
transmitting it at a special frequency to a receiver
Bluetooth chip
which will then give information received to these mobile
devices. 9
It comprises of a
base band processor, a radio and an antenna.
The base-band processor converts the data into signals,
the antenna of another blue tooth device, within at least 30
feet distance, receives a transmitted signal in the air.
. . .
10
Bluetooth in Action
Source: http//:www.motorola.com
In the Office In the house
11
Home Security On the Road
Source: http//:www.motorola.com
12
On your Car
Source: http//:www.motorola.com
13
Types of Bluetooth Devices
1. Head Set
2. In-Car Bluetooth System
3. Bluetooth Equipped Printer
4. Bluetooth Equipped Web Cam
5. Bluetooth GPS System
6. Bluetooth Key Board 14
Pros
• These have Replaced cables for transferring Information
from one Electronic Device to another one.
• These have decreased Strain like carrying phones while
talking, making hands free to do another work.
• This is cheaply Available.
• It’s Mobility is also very Important as it doesn’t need any
power outlet or Internet connection or any other items.15
Cons
Data sent between two Bluetooth devices is very slow
compared with Wi-Fi transfer Rate.
Range Of a Bluetooth Device is 15-30 feet depending
upon the Device.
Security is Biggest Disadvantage as transfer takes place
through radio waves and a hacker can easily hack it.
16
Characteristics
1. 2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier
spacing
• Channel 0: 2402 MHz … channel 78: 2480 MHz
• G-FSK modulation, 1-100 mW transmit power
2. FHSS and TDD
• Frequency hopping with 1600 hops/s
• Hopping sequence in a pseudo random fashion, determined by a
master
• Time division duplex for send/receive separation17
FHSS
• Bluetooth devices use a protocol called (FHHS) Frequency-
Hopping Spread Spectrum .
• Uses packet-switching to send data.
• Bluetooth sends packets of data on a range of frequencies.
• In each session one device is a master and the others are
slaves.
• The master device decides at which frequency data will
travel.18
. . .
• Transceivers “hop” among 79 different frequencies in the 2.4 GHz baud at a rate of 1600 frequency hops per second.
• The master device tells the slaves at what frequency data will be sent.
• This technique allows devices to communicate with each other more securely.
19
Characteristics (Contd.)
3. Voice link – SCO (Synchronous Connection Oriented)
• FEC (forward error correction), no retransmission, 64 kbit/s
duplex, point-to-point, circuit switched
4. Data link – ACL (Asynchronous ConnectionLess)
• Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9
kbit/s symmetric or 723.2/57.6 kbit/s asymmetric, packet
switched
5. Topology
• Overlapping piconets (stars) forming a scatternet20
BLUETOOTH
ARCHITECTURE
21
Piconet
M=Master
S=Slave
P=Parked
SB=Standby
M
PS
22
SB SB
SB
SBP
P S
S
P
. . .• A Piconet session is a communication link that must be created
between devices for devices to communicate with each other.
• If two devices come onto contact with each other( 32 feet) the
user will be prompted to initiate a communication session
• Users then can either deny or accept the request to initiate a
session
• Only devices approved by the user can take part in the session
• Data will appear as noise to unauthorized devices (A great
security feature). 23
. . .• Collection of devices connected in an ad hoc fashion
• One unit acts as master and the others as slaves for the lifetime of the
piconet
• Master determines hopping pattern, slaves have to synchronize
• Each piconet has a unique hopping pattern
• Participation in a piconet = synchronization to hopping sequence
• P device-cannot actively participate , are known and can be reactivated
within some milliseconds
• SB device-do not participate in piconent
• Each piconet has one master and up to 7 simultaneous slaves
• > 200 devices could be parked
24
. . .• All devices in a piconet hop together
• Master sends its clock and device ID to slaves• Hopping pattern is determined by device ID (48 bit, unique id)• Phase in hopping pattern is determined by master’s clock
• Addressing• Active Member Address (AMA, 3 bit) for active devices• Parked Member Address (PMA, 8 bit) for parked devices• SB devices do not need an address
SBSB
SB
SB
SB
SB
SB
SB
SB
MS
P
SB
S
S
P
P
SB
25
Scatternet• Linking of multiple co-located piconets through the sharing of common
master or slave devices
• Devices can be slave in one piconet and master of another
• Communication between piconets
• Devices jumping back and forth between the piconets
M
S
P
SB
S
S
P
P
SB
M
S
S
P
SB 26
BLUETOOTH PROTOCOL
STACK
27
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
AT: attention sequenceOBEX: object exchangeTCS BIN: telephony control protocol specification – binaryBNEP: Bluetooth network encapsulation protocol
SDP: service discovery protocolRFCOMM: radio frequency comm.
PPP
28
. . .
Bluetooth Protocol stack is divided into two
parts:
Core specification
Profile specification
29
Core Protocol
Radio: Specification of the air interface, ie frequency,
modulation and transmit power.
Base band: Describes basic connection establishment, packet
format, timing, basic QoS parameters.
Link manager protocol: link setup and management b/w
devices including security functions and parameter negotiation
Logical link control and adaptation protocol (L2CAP):adapt
higher layers to the base band.
Service discovery protocol: Device discovery in close proximity
30
. . . Profile specification:
describes protocols and functions needed to adapt
the wireless Bluetooth technology to legacy and new
applications
Above L2CAP is the cable replacement protocol
RFCOMM that emulates a serial line interface. This allows a simple replacement of serial line cables and enables
many applications and protocols to run over bluetooth
Supports multiple serial ports over a single physical channel 31
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN
SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
TCS-BIN(telephony control protocol – binary) Bit oriented protocoldefines call control signaling for establishment of voice and data
calls b/w bluetooth devicesDescribes mobility and group management functions
PPP
32
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
PPP
33
Host controller interface (HCI) b/w baseband and L2CAP provides command interface to baseband controller and link manager. Access to the hardware status and control registers. Can be seen as the hardware and software boundary.
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
PPP
34 Classical internet appln can use the TCP/IP stack running over Point to
Point Protocol (PPP)or use the Bluetooth network encapsulation
protocol(BNEP)
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
AT: attention sequence
Telephony applns can use AT modem commands as if using a standard modem.
PPP
35
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
Calendar or business card objects (vCal/vCard)
can be exchanged using object exchange protocol(OBEX).
PPP
36
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDPIP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
Provide support for audio Audio applications may directly use the baseband layer after
encoding the audio signals
PPP
37
OBEX
vCal/vCard
Core Protocol
Radio
Base band
Link manager protocol
Logical link control and adaptation protocol (L2CAP)
Service discovery protocol38
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
PPP
39
Radio layer
Defines carrier frequencies and output power
Design Limitations
Bluetooth devices will be integrated into mobile devices and
thus rely on battery power.
Requires small low power chips that can be built into
handheld devices
Frequency must be available worldwide
Bluetooth has to support multimedia data40
. . .
FEATURES
Uses license free 2.4 GHz frequency band for world wide
operation
Bluetooth uses frequency hopping/time division duplex
scheme for transmission
Hopping rate= 1600 hops/s
Time b/w 2 hops is called a slot (625 microseconds)
Each slot uses a different frequency
Bluetooth uses 79 hop carriers equally spaces at 1MHz41
. . .
Bluetooth transceivers are available in three classes:
Power class1:
max power 100mW and minimum power 1 mW ,
100m range without obstacles
Power control is mandatory.
Power class2:
max power 2.5mW, normal power is 1mW and min power is
0.25mW,
10m range.
Power control is optional.
Power class3: maximum power is 1mW.
42
. . .
Core Protocol
Radio
• BASE BAND
• Link manager protocol
• Logical link control and adaptation protocol (L2CAP)
• Service discovery protocol43
Radio
Baseband
Link Manager
Control
HostControllerInterface
Logical Link Control and Adaptation Protocol (L2CAP)Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modemcommands
telephony apps.audio apps. mgmnt. apps.
PPP
44
Baseband layer
Baseband layer
Performs frequency hopping
Defines physical links and packet formats
In a piconet each device hops to the same frequency
at the same time.
45
Frequency selection during data transmission
(1 slot packets)
• Within each slot the master or any of the slaves may
transmit data in an alternating fashion
• Each data transmission uses one 625 µs slot.
46
S
fk
625 µs
fk+1 fk+2 fk+3 fk+4 fk+5 fk+6
MM M Mt
S S
. . .
Defines 3-slot or 5-slot packets for higher data rate.
If a master or slave sends a packet covering 3 or 5 slots
Here radio transmitter remains in the same frequency until the
packet is transmitted.
No frequency hopping is performed within a packet
After transmission the radio returns to the frequency required
by the hopping pattern.(handle hidden terminal problem).
Shifting phase even in one device would destroy the piconet47
Frequency selection during data transmission
(3,5 slot packets)
fk+3 fk+4fk
fk
fk+5
fk+1 fk+6
fk+6
M
M M
M Mt
t
S S
S
48
Baseband packet format
access code packet header payload68(72) 54 0-2745 bits
AM address type flow ARQN SEQN HEC3 4 1 1 1 8 bits
preamble sync. (trailer)
4 64 (4)
49
Access Code
50
• For timing synchronization and piconet identification
• Consists of preamble, synchronization field and trailer
• 64 bit sync is determined from the lower 24 bits of an
address(LAP- lower address part)
access code68(72)
preamble sync. (trailer)
4 64 (4)
Packet Header
• Packet header• Features: address, packet type, flow and error control and checksum• 3-bit active member address : temporarily assigned address to slave.
• Zero values are reserved for broadcast.• 4-bit type field : determines type of packet : control,
asynchronous ,synchronous data.• 1-bit flow field: flow control mechanism for asynchronous traffic.
• Flow=0-transmission stop• Flow=1- transmission resume
• SEQN(seq no.) and ARQN (ARQ seq.no) are used for acknowledgement• 8 bit HEC(Header Error Check):protect packet header
packet header54
AM address type flow ARQN SEQN HEC3 4 1 1 1 8 bits
51
Payload
• Upto 343 bytes payload can be transferred
• Structure of the payload field depends on the type of link
52
Physical Links
• Bluetooth offers 2 types of links :
1. Synchronous connection oriented link (SCO)
2. Asynchronous connectionless link(ACL)
53
Synchronous connection oriented link (SCO)
– Voice connections require symmetrical, circuit switched, point to point
connection.
– Two time slots (forward and return slot) are reserved at fixed intervals
for transmission
– Master supports upto three simultaneous SCO links to the same or
different slaves.
– Slaves support upto two links from different masters or upto three links
from the same master
– SCO carry voice at 64 kbits/s without FEC, with 2/3 FEC or 1/3 FEC
(Forward Error Correction)
54
SCO payload types
payload (30)
audio (30)
audio (10)
audio (10)
HV3
HV2
HV1
DV
FEC (20)
audio (20) FEC (10)
header (1) payload (0-9) 2/3 FEC CRC (2)
(bytes)
55
Asynchronous connectionless link (ACL)
Data appln require symmetric or asymmetric, packet switched, point to multipoint transfer scenarios
• Master uses a polling scheme• Slave may answer only if addressed by the master in the
preceding slot• Only one ACL link exists b/w master and a slave• Can carry 1-slot,3-slot or 5-slot packets.• Data can be protected using 2/3 FEC scheme(helps in noisy
environments with a high link error rate)• high overhead ,so a fast ARQ scheme is used for reliable
transmission• Payload is CRC protected except for AUX1 packet
56
ACL Payload types
payload (0-343)
header (1/2) payload (0-339) CRC (2)
header (1) payload (0-17) 2/3 FEC
header (1) payload (0-27)
header (2) payload (0-121) 2/3 FEC
header (2) payload (0-183)
header (2) payload (0-224) 2/3 FEC
header (2) payload (0-339)DH5
DM5
DH3
DM3
DH1
DM1
header (1) payload (0-29)AUX1
CRC (2)
CRC (2)
CRC (2)
CRC (2)
CRC (2)
CRC (2)
(bytes)
57
….• Control packets are available for
• polling slaves
• hopping synchronization
• acknowledgement
• DM1 (data medium rate)& DH1(data high rate) use single slot and 1 byte header
• DM3 & DH3 use three slots
• DM5 & DH5 use five slots
• Medium rates are always FEC protected
• High rates rely on CRC only for error detection
• HV (High Quality Voice) packets use single slot
• DV (Data & Voice)- combined packet where CRC,FEC and payload header are valid
for the data part only
58
Example Data Transmission
59
•One master and two slaves
•Master always uses even frequency slots
•Slaves uses odd slots
•Every 6th slot is used for SCO link b/w M and S
•ACL link uses single or multiple slots
Core Protocol
Radio
Base band
• LINK MANAGER PROTOCOL
• Logical link control and adaptation protocol (L2CAP)
• Service discovery protocol60
Link Manager protocol
Manages
various aspects of radio link between a master and slave
current parameter setting of the devices
Enhances baseband functionality but higher layers can still
directly access the baseband61
Functions of LMP
1. AUTHENTICATION, PAIRING & ENCRYPTION
basic authentication in baseband
control the exchange of random numbers and signed responses
pairing service -to establish an initial trust relationship b/w two
devices that have never communicated before. The result of
pairing is a link key
not directly involved in the encryption process, but sets the
encryption mode ,key size, and random speed
62
…
2. SYNCHRONIZATION
Precise synchronization is important
Clock offset is updated each time a packet is received from the master
Special synchronization packets can be received
Devices can also exchange timing information related to the time differences
(slot boundaries) between two adjacent piconets
3. CAPABILITY NEGOTIATION
Version of LMP , information about the supported features can be exchanged
devices have to agree the usage of, e.g., multi-slot packets, encryption, SCO
links, voice encoding, park/sniff/hold mode etc.63
….
4. QUALITY OF SERVICE NEGOTIATION poll interval- maximum time between transmissions from a master to a particular
slave, controls the latency and transfer capacity
quality of the channel – DM or DH
Number of repetitions for broadcast packets can be controlled
master can limit the number of slots available for slave’s answers to increase its own
bandwidth
5. POWER CONTROL Device can measure the received signal strength
Depending on this signal level, device can direct the sender of the measured signal to
increase or decrease its transmit power. 64
…
6. LINK SUPERVISION
Control the activity of a link
set up new SCO links or
may declare the failure of a link
7. STATE AND TRANSMISSION MODE EXCHANGE
Devices might switch the master/slave role,
detach themselves from a connection or
change the operating mode
65
Baseband states of a Bluetooth device
66
STANDBY MODE
• Every device which is currently not participating in a piconet
• & is not switched off.
• Low power mode
Baseband states of a Bluetooth device
67
Step towards inquiry
mode can be in 2
ways:
Either a device
want to establish a
piconet
Or a device wants
to just listen
Baseband states of a Bluetooth device
68
PAGE• After finding all the
required devices, master sets up a piconet
• Depending on device addresses, special hopping sequence is calculated.
• Slaves answer and synchronize
Baseband states of a Bluetooth device
69
CONNECTION STATE• Has Active state &
Low Power state• In Active state –
Slave participates in the piconet by listening, transmitting, and receiving
• devices can either transmit data or are simply connected.
…
• To save battery power, a Bluetooth device can go into one
of three low power states:
1.Sniff :highest power consumption, listen periodically
2.Hold: stop ACL transmission, SCO still possible by slave,
possibly participate in another piconet
3.Park: lowest duty cycle ,lowest power
consumption,release AMA(Active Member Address), get
PMA(Parked Member Address )70
Core Protocol
Radio
Base band
Link Manager Protocol
• LOGICAL LINK CONTROL AND ADAPTATION PROTOCOL
(L2CAP)
• Service discovery protocol71
L2CAP-Logical Link Control and Adaptation
Protocol
Simple data link control protocol on top of baseband
that offer logical channels b/w Bluetooth devices.
L2CAP is available for ACLs only
Types of logical channels include
– Connection oriented, connectionless and signaling channels
72
. . .
Connectionless: unidirectional channels for broadcast from master to slaves
Connection oriented: bidirectional channels and supports QoS specifications
in each direction.
Signaling: used to exchange signaling messages.
Channel identifier (CID): Channels are identified using CID
– CID=1 for signaling channel.
– CID=2 for connectionless channels.
– CID>=64 for connection oriented channels.(64-65535).73
L2CAP logical channels
baseband
L2CAP
baseband
L2CAP
baseband
L2CAP
Slave SlaveMaster
ACL
2 d 1 d d 1 1 d 21
signalling connectionless connection-oriented
d d d
74
L2CAP packet formats
length2 bytes
CID=22
PSM2
payload0-65533
length2 bytes
CID2
payload0-65535
length2 bytes
CID=12
One or more commands
Connectionless PDU
Connection-oriented PDU
Signalling command PDU
code ID length data1 1 2 0
Length : Length of payload
75
L2CAP packet formats
length2 bytes
CID=22
PSM2
payload0-65533
length2 bytes
CID2
payload0-65535
length2 bytes
CID=12
One or more commands
Connectionless PDU
Connection-oriented PDU
Signalling command PDU
code ID length data1 1 2 0
PSM : Protocol/Service multiplexer : to identify the higher layer recipient for the payload
76
L2CAP packet formats
length2 bytes
CID=22
PSM2
payload0-65533
length2 bytes
CID2
payload0-65535
length2 bytes
CID=12
One or more commands
Connectionless PDU
Connection-oriented PDU
Signalling command PDU
code ID length data1 1 2 0
code : for command reject, connection request, disconnection response etc.ID : To match request with replyLength : length of data
77
Security Components & Protocols
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
Data DataCipher data
Authentication key generation(possibly permanent storage)
Encryption key generation(temporary storage)
PIN (1-16 byte)User input (initialization)
Pairing
Authentication
Encryption
Ciphering
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
PIN (1-16 byte)
78
Core Protocol
Radio
Base band
Link Manager Protocol
Logical link control and adaptation protocol (L2CAP)
• SERVICE DISCOVERY PROTOCOL79
SDP – Service Discovery Protocol
• To know what devices or specifically what services are available in radio proximity
• SDP defines only the discovery of services not their usage.• Discovered services can be cached and gradual discovery is
possibly.• Inquiry/response protocol for discovering services
– Searching for and browsing services in radio proximity– Adapted to the highly dynamic environment– Can be complemented by others like SLP, Jini, Salutation, …– Defines discovery only, not the usage of services– Caching of discovered services– Gradual discovery 80
SDP – Service Discovery Protocol
• Service record format : all the info. about a service
– Information about services provided by attributes
– list of service attributes
– Attributes are composed of an 16 bit ID (name) and a value
– values may be derived from 128 bit Universally Unique Identifiers
(UUID)
– protocol descriptor list comprises the protocols needed to access this
service
– example service record : URLs for service documentation,
an icon for the service
service name
81
Profiles• To provide compatibility among the devices offering the
same services, Bluetooth specified many profiles in
addition to the core protocols.
• Without profiles, interoperation between devices from
different manufacturers impossible
• Represent default solutions for a certain usage model
– Vertical slice through the protocol stack
– Basis for interoperability
Profiles
Prot
ocol
s
Applications
82
ProfilesBASIC PROFILES
• Generic Access Profile• Service Discovery Application Profile• Cordless Telephony Profile• Intercom Profile• Serial Port Profile• Headset Profile• Dial-up Networking Profile• Fax Profile• LAN Access Profile• Generic Object Exchange Profile• Object Push Profile• File Transfer Profile• Synchronization Profile
Profiles
Prot
ocol
s
Applications
83
Profiles
ADDITIONAL PROFILES
• Advanced Audio Distribution
• PAN
• Audio Video Remote Control
• Basic Printing
• Basic Imaging
• Extended Service Discovery
• Generic Audio Video Distribution
• Hands Free
• Hardcopy Cable Replacement
Profiles
Prot
ocol
s
Applications
84