Bluetooth Mobile Ip

Wireless Networks Spring 2005Bluetooth and Mobile IP

Wireless Networks Spring 2005

Wireless Networks Spring 2005BluetoothConsortium: Ericsson, Intel, IBM, Nokia, ToshibaScenarios:connection of peripheral devicesloudspeaker, joystick, headsetsupport of ad-hoc networkingsmall devices, low-costbridging of networkse.g., GSM via mobile phone - Bluetooth - laptopSimple, cheap, replacement of IrDA, low range, lower data rates, low-powerWorldwide operation: 2.4 GHzResistance to jamming and selective frequency fading: FHSS over 79 channels (of 1MHz each), 1600hops/sCoexistence of multiple piconets: like CDMALinks: synchronous connections and asynchronous connectionlessInteroperability: protocol stack supporting TCP/IP, OBEX, SDPRange: 10 meters, can be extended to 100 metersDocumentation: over 1000 pages specification: www.bluetooth.com


Wireless Networks Spring 2005Bluetooth Application AreasData and voice access pointsReal-time voice and data transmissionsCable replacementEliminates need for numerous cable attachments for connectionLow cost < $5Ad hoc networkingDevice with Bluetooth radio can establish connection with another when in range


Wireless Networks Spring 2005Protocol ArchitectureBluetooth is a layered protocol architectureCore protocolsCable replacement and telephony control protocolsAdopted protocolsCore protocolsRadioBasebandLink manager protocol (LMP)Logical link control and adaptation protocol (L2CAP)Service discovery protocol (SDP)


Wireless Networks Spring 2005Protocol ArchitectureCable replacement protocolRFCOMMTelephony control protocolTelephony control specification binary (TCS BIN)Adopted protocolsPPPTCP/UDP/IPOBEXWAE/WAP


Wireless Networks Spring 2005Protocol ArchitectureBT Radio (2.4 GHZ Freq. Band):Modulation: Gaussian Frequency Shift KeyingBaseband: FH-SS (79 carriers), CDMA (hopping sequence from the node MAC address)Audio: interfaces directly with the baseband. Each voice connection is over a 64Kbps SCO link. The voice coding scheme is the Continuous Variable Slope Delta (CVSD)Link Manager Protocol (LMP): link setup and control, authentication and encryptionHost Controller Interface: provides a uniform method of access to the baseband, control registers, etc through USB, PCI, or UARTLogical Link Control and Adaptation Layer (L2CAP): higher protocols multiplexing, packet segmentation/reassembly, QoSService Discover Protocol (SDP): protocol of locating services provided by a Bluetooth deviceTelephony Control Specification (TCS): defines the call control signaling for the establishment of speech and data calls between Bluetooth devicesRFCOMM: provides emulation of serial links (RS232). Upto 60 connectionsOBEX: OBject EXchange (e.g., vCard)


Wireless Networks Spring 2005Usage ModelsFile transferInternet bridgeLAN accessSynchronizationThree-in-one phoneHeadset


Wireless Networks Spring 2005Piconets and ScatternetsPiconetBasic unit of Bluetooth networkingMaster and one to seven slave devicesMaster determines channel and phaseScatternetDevice in one piconet may exist as master or slave in another piconetAllows many devices to share same areaMakes efficient use of bandwidth


Wireless Network Configurations


Wireless Networks Spring 2005Network TopologyPiconet = set of Bluetooth nodes synchronized to a master nodeThe piconet hopping sequence is derived from the master MAC address (BD_ADDR IEEE802 48 bits compatible address)Scatternet = set of piconet Master-Slaves can switch rolesA node can only be master of one piconet. Why?Piconet 1MasterMasterPiconet 2ScatternetSlave


Wireless Networks Spring 2005ScatternetspiconetsEach piconet has one master and up to 7 slavesMaster determines hopping sequence, slaves have to synchronizeParticipation in a piconet = synchronization to hopping sequenceCommunication between piconets = devices jumping back and forth between the piconets


Wireless Networks Spring 2005Radio SpecificationClasses of transmittersClass 1: Outputs 100 mW for maximum rangePower control mandatoryProvides greatest distanceClass 2: Outputs 2.4 mW at maximumPower control optionalClass 3: Nominal output is 1 mWLowest power Frequency Hopping in BluetoothProvides resistance to interference and multipath effectsProvides a form of multiple access among co-located devices in different piconets


Wireless Networks Spring 2005Frequency HoppingTotal bandwidth divided into 1MHz physical channelsFH occurs by jumping from one channel to another in pseudorandom sequenceHopping sequence shared with all devices on piconetPiconet access:Bluetooth devices use time division duplex (TDD)Access technique is TDMAFH-TDD-TDMA


Wireless Networks Spring 2005Frequency Hopping


Wireless Networks Spring 2005Physical LinksSynchronous connection oriented (SCO)Allocates fixed bandwidth between point-to-point connection of master and slaveMaster maintains link using reserved slotsMaster can support three simultaneous links Asynchronous connectionless (ACL)Point-to-multipoint link between master and all slavesOnly single ACL link can exist


Wireless Networks Spring 2005Bluetooth Packet FieldsAccess code used for timing synchronization, offset compensation, paging, and inquiryHeader used to identify packet type and carry protocol control informationPayload contains user voice or data and payload header, if present


Wireless Networks Spring 2005Bluetooth Piconet MACEach node has a Bluetooth Device Address (BD_ADDR). The master BD_ADDR determines the sequence of frequency hops

Types of connections:Synchronous Connection-Oriented link (SCO) (symmetrical, circuit switched, point-to-point)Asynchronous Connectionless Link (ACL): (packet switched, point-to-multipoint, master-polls)Packet Format:Access code: synchronization, when piconet active derived from masterPacket header (for ACL): 1/3-FEC, MAC address (1 master, 7 slaves), link type, alternating bit ARQ/SEQ, checksum

bits


Wireless Networks Spring 2005Types of Access CodesChannel access code (CAC) identifies a piconetDevice access code (DAC) used for paging and subsequent responsesInquiry access code (IAC) used for inquiry purposesPreamble+sync+trailer


Wireless Networks Spring 2005Packet Header FieldsAM_ADDR contains active mode address of one of the slavesType identifies type of packetACL: Data Medium (DM) or Data High (DH), with different slot lengths (DM1, DM3, DM5, DH1, DH3, DH5)SCO: Data Voice (DV) and High-quality voice (HV)Flow 1-bit flow controlARQN 1-bit acknowledgmentSEQN 1-bit sequential numbering schemesHeader error control (HEC) 8-bit error detection code


Wireless Networks Spring 2005Payload Format Payload headerL_CH field identifies logical channel Flow field used to control flow at L2CAP levelLength field number of bytes of dataPayload body contains user dataCRC 16-bit CRC code


Wireless Networks Spring 2005Error Correction Schemes1/3 rate FEC (forward error correction)Used on 18-bit packet header, voice field in HV1 packet2/3 rate FECUsed in DM packets, data fields of DV packet, FHS packet and HV2 packetARQUsed with DM and DH packets


Wireless Networks Spring 2005ARQ Scheme ElementsError detection destination detects errors, discards packetsPositive acknowledgment destination returns positive acknowledgmentRetransmission after timeout source retransmits if packet unacknowledgedNegative acknowledgment and retransmission destination returns negative acknowledgement for packets with errors, source retransmits


Wireless Networks Spring 2005Types of packetsSCO packets: Do not have a CRC (except for the data part of DV) and are never retransmitted. Intended for High-quality Voice (HV).

ACL packets: Data Medium-rate (DM) and Data High-rate (DH)


Wireless Networks Spring 2005Channel ControlMajor statesStandby default stateConnection device connectedInterim substates for adding new slavesPage device issued a page (used by master)Page scan device is listening for a pageMaster response master receives a page response from slaveSlave response slave responds to a page from masterInquiry device has issued an inquiry for identity of devices within rangeInquiry scan device is listening for an inquiryInquiry response device receives an inquiry response


State Transition Diagram


Wireless Networks Spring 2005Inquiry ProcedurePotential master identifies devices in range that wish to participateTransmits ID packet with inquiry access code (IAC)Occurs in Inquiry stateDevice receives inquiryEnter Inquiry Response stateReturns FHS (Frequency Hop Synchrnonization) packet with address and timing informationMoves to page scan state


Wireless Networks Spring 2005Inquiry Procedure DetailsGoal: aims at discovering other neighboring devicesInquiring node: Sends an inquiry message (packet with only the access code: General Inquiry Access Code: GIAC or Dedicated IAC: DIAC). This message is sent over a subset of all possible frequencies.The inquiry frequencies are divided into two hopping sets of 16 frequencies each.In inquiry state the node will send upto NINQUIRY sequences on one set of 16 frequencies before switching to the other set of 16 frequencies. Upto 3 switches can be executed. Thus the inquiry may last upto 10.24 seconds.To be discovered node:Enters an inquiry_scan modeWhen hearing the inquiry_message (and after a backoff procedure) enter an inquiry_response mode: send a Frequency Hop Sync (FHS) packet (BD_ADDR, native clock)After discovering the neighbors and collecting information on their address and clock, the inquiring node can start a page routine to setup a piconet


Wireless Networks Spring 2005Page ProcedureMaster uses devices address to calculate a page frequency-hopping sequenceMaster pages with ID packet and device access code (DAC) of specific slaveSlave responds with DAC ID packetMaster responds with its FHS packetSlave confirms receipt with DAC IDSlaves moves to Connection state


Wireless Networks Spring 2005Page Procedure DetailsGoal: e.g., setup a piconet after an inquiryPaging node (master):Sends a page message (i.e., packet with only Device Access Code of paged node) over 32 frequency hops (from DAC and split into 2*16 freq.)Repeated until a response is receivedWhen a response is received send a FHS message to allow the paged node to synchronizePaged node (slave):Listens on its hopping sequenceWhen receiving a page message, send a page_response and wait for the FHS of the pager


Wireless Networks Spring 2005Slave Connection State ModesActive participates in piconetListens, transmits and receives packetsSniff only listens on specified slotsHold does not support ACL packetsReduced power statusMay still participate in SCO exchangesPark does not participate on piconetStill retained as part of piconet


Wireless Networks Spring 2005States of a Bluetooth DeviceBT device addressing: BD_ADDR (48 bits) AM_ADDR ( 3bits): ACTIVE, HOLD, or SNIFF PM_ADDR (8 bits): PARK Mode address (exchanged with the AM_ADDR when entering PARK mode) AR_ADDR (8 bits): not unique used to come back from PARK to ACTIVE state

ACTIVE (connected/transmit): the device is uniquely identified by a 3bits AM_ADDR and is fully participatingSNIFF state: participates in the piconet only within the SNIFF intervalHOLD state: keeps only the SCO linksPARK state (low-power): releases AM_ADDR but stays synchronized with master


Wireless Networks Spring 2005Bluetooth AudioVoice encoding schemes:Pulse code modulation (PCM) Continuously variable slope delta (CVSD) modulationChoice of scheme made by link managerNegotiates most appropriate scheme for application


Wireless Networks Spring 2005Bluetooth Link SecurityElements:Authentication verify claimed identityEncryption privacyKey management and usageSecurity algorithm parameters:Unit addressSecret authentication key (128 bits key)Secret privacy key (4-128 bits secret key)Random number


Wireless Networks Spring 2005Link ManagementManages master-slave radio linkSecurity Service: authentication, encryption, and key distributionClock synchronizationExchange station capability informationMode management: switch master/slave rolechange hold, sniff, park modesQoS


Wireless Networks Spring 2005L2CAPProvides a link-layer protocol between entities with a number of servicesRelies on lower layer for flow and error controlMakes use of ACL links, does not support SCO linksProvides two alternative services to upper-layer protocolsConnectionless serviceConnection-oriented service: A QoS flow specification is assigned in each directionExchange of signaling messages to establish and configure connection parameters


Wireless Networks Spring 2005Flow Specification ParametersService typeToken rate (bytes/second)Token bucket size (bytes)Peak bandwidth (bytes/second)Latency (microseconds)Delay variation (microseconds)


Wireless Networks Spring 2005Mobile IP


Wireless Networks Spring 2005Motivation for Mobile IPRoutingbased on IP destination address, network prefix (e.g. 129.13.42) determines physical subnetchange of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tablesSpecific routes to end-systems?change of all routing table entries to forward packets to the right destinationdoes not scale with the number of mobile hosts and frequent changes in the location, security problemsChanging the IP-address?adjust the host IP address depending on the current locationalmost impossible to find a mobile system, DNS updates take too much timeTCP connections break, security problems


Wireless Networks Spring 2005Mobile IP RequirementsTransparencymobile end-systems keep their IP addresscontinuation of communication after interruption of link possiblepoint of connection to the fixed network can be changedCompatibilitysupport of the same layer 2 protocols as IPno changes to current end-systems and routers requiredmobile end-systems can communicate with fixed systemsSecurityauthentication of all registration messagesEfficiency and scalabilityonly little additional messages to the mobile system required (connection typically via a low bandwidth radio link)world-wide support of a large number of mobile systems in the whole Internet


Wireless Networks Spring 2005TerminologyMobile Node (MN)system (node) that can change the point of connection to the network without changing its IP addressHome Agent (HA)system in the home network of the MN, typically a routerregisters the location of the MN, tunnels IP datagrams to the COAForeign Agent (FA)system in the current foreign network of the MN, typically a routerforwards the tunneled datagrams to the MN, typically also the default router for the MNCare-of Address (COA)address of the current tunnel end-point for the MN (at FA or MN)actual location of the MN from an IP point of viewcan be chosen, e.g., via DHCPCorrespondent Node (CN)communication partner


Wireless Networks Spring 2005Example networkmobile end-systemInternetrouterrouterrouterend-systemFAHAMNhome networkforeign network(physical home networkfor the MN)(current physical network for the MN)CN


Wireless Networks Spring 2005Data transfer to the mobileInternetsenderFAHAMNhome networkforeignnetworkreceiver1231. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP)2. HA tunnels packet to COA, here FA, by encapsulation3. FA forwards the packet to the MNCN


Wireless Networks Spring 2005Data transfer from the mobile InternetreceiverFAHAMNhome networkforeign networksender11. Sender sends to the IP address of the receiver as usual, FA works as default routerCN


Wireless Networks Spring 2005OverviewCNrouterHArouterFAInternetrouter1.2.3.homenetworkMNforeignnetwork4.CNrouterHArouterFAInternetrouterhomenetworkMNforeignnetworkCOA


Wireless Networks Spring 2005Network integrationAgent AdvertisementHA and FA periodically send advertisement messages into their physical subnetsMN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network)MN reads a COA from the FA advertisement messagesRegistration (always limited lifetime!)MN signals COA to the HA via the FA, HA acknowledges via FA to MNthese actions have to be secured by authentication AdvertisementHA advertises the IP address of the MN (as for fixed systems), i.e. standard routing informationrouters adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time)packets to the MN are sent to the HA, independent of changes in COA/FA


Wireless Networks Spring 2005Agent advertisementpreference level 1router address 1#addressestypeaddr. sizelifetimechecksumCOA 1COA 2typesequence numberlength0781516312423codepreference level 2router address 2. . . registration lifetime. . . reservedICMP-Type = 0; Code = 0/16; Extension Type = 16TTL = 1Dest-Adr = 224.0.0.1 (multicast on link) or 255.255.255.255 (broadcast)R: registration requiredB: busyH: home agentF: foreign agentM: minimal encapsulationG: generic encapsulationV: header compression


Wireless Networks Spring 2005RegistrationtMNHAregistrationrequestregistrationreplytMNFAHAregistrationrequestregistrationrequestregistrationreplyregistrationreplyGoal: inform the home agent of current location of MN (COA-FA or co-located COA)

Registration expires automatically (lifetime)Uses UDP port 434


Wireless Networks Spring 2005Mobile IP registration requesthome agenthome addresstypelifetime0781516312423rsvidentificationCOAextensions . . . UDP packet on port 343Type = 1 for registration requestS: retain prior mobility bindingsB: forward broadcast packetsD: co-located address=> MN decapsulates packets


Wireless Networks Spring 2005Encapsulationoriginal IP headeroriginal datanew datanew IP headerouter headerinner headeroriginal data


Wireless Networks Spring 2005Encapsulation IEncapsulation of one packet into another as payloade.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone)here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE (Generic Record Encapsulation)IP-in-IP-encapsulation (mandatory in RFC 2003)tunnel between HA and COACare-of address COAIP address of HATTLIP identificationIP-in-IPIP checksumflagsfragment offsetlengthTOSver.IHLIP address of MNIP address of CNTTLIP identificationlay. 4 prot.IP checksumflagsfragment offsetlengthTOSver.IHLTCP/UDP/ ... payload


Wireless Networks Spring 2005Encapsulation IIMinimal encapsulation (optional) [RFC2004]avoids repetition of identical fieldse.g. TTL, IHL, version, TOSonly applicable for unfragmented packets, no space left for fragment identificationcare-of address COAIP address of HATTLIP identificationmin. encap.IP checksumflagsfragment offsetlengthTOSver.IHLIP address of MNoriginal sender IP address (if S=1)Slay. 4 protoc.IP checksumTCP/UDP/ ... payloadreserved


Wireless Networks Spring 2005Optimization of packet forwardingTriangular Routingsender sends all packets via HA to MNhigher latency and network loadSolutionssender learns the current location of MNdirect tunneling to this locationHA informs a sender about the location of MNbig security problems!Change of FApackets on-the-fly during the change can be lostnew FA informs old FA to avoid packet loss, old FA now forwards remaining packets to new FAthis information also enables the old FA to release resources for the MN


Wireless Networks Spring 2005Change of foreign agent CNHAFAoldFAnewMNtrequestupdateACKdatadataMN changes locationregistrationupdateACKdatadatadatawarningupdateACKdatadataregistration


Wireless Networks Spring 2005Reverse tunneling (RFC 2344)InternetreceiverFAHAMNhome networkforeign networksender3211. MN sends to FA2. FA tunnels packets to HA by encapsulation3. HA forwards the packet to the receiver (standard case)CN


Wireless Networks Spring 2005Mobile IP with reverse tunnelingRouters accept often only topological correct addresses (firewall)a packet from the MN encapsulated by the FA is now topological correctfurthermore multicast and TTL problems solved (TTL in the home network correct, but MN is to far away from the receiver)Reverse tunneling does not solveproblems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking)optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing)The new standard is backwards compatiblethe extensions can be implemented easily and cooperate with current implementations without these extensions


Wireless Networks Spring 2005Mobile IP and IPv6security is integrated and not an add-on, authentication of registration is includedCOA can be assigned via auto-configuration (DHCPv6 is one candidate), every node has address autoconfigurationno need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisementMN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization)soft hand-over, i.e. without packet loss, between two subnets is supportedMN sends the new COA to its old routerthe old router encapsulates all incoming packets for the MN and forwards them to the new COAauthentication is always granted


Wireless Networks Spring 2005Problems with Mobile IPSecurityauthentication with FA problematic, for the FA typically belongs to another organization no protocol for key management and key distribution has been standardized in the Internetpatent and export restrictionsFirewallstypically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling)QoSmany new reservations in case of RSVPtunneling makes it hard to give a flow of packets a special treatment needed for the QoSSecurity, firewalls, QoS etc. are topics of current research and discussions!


********Slot duration: 625micro-secondsWhy dont we transmit during all the slot?********

Documents

Bluetooth Mobile Ip