Embed Size (px)
Citation preview
PAN
LAN
WAN
Person Space(office, briefcase, person)
On-campus(Office, School, Airport, Hotel)
Off-campus(Open areas)
Cellular(Kilometers)
802.11b (10’s-100’s of meters)
Bluetooth(meters to 10’s of meters)
Geography Nomenclature Wireless Technology
Bluetooth Technology Positioning
Personal Ad-hoc Personal Ad-hoc NetworksNetworks
Cable Cable ReplacementReplacement
Landline
Data/Voice Data/Voice Access PointsAccess Points
Bluetooth Wireless Technology
What does Bluetooth Do?
• Cable Replacement
What is Bluetooth?
• A hardware description• An application framework
Application Framework and Support
Link Manager and L2CAP
Radio & Baseband
Host Controller Interface
HCI
RF
Baseband
AudioLink Manager LMP
L2CAP
TCP/IP HID RFCOMM
Applications
Data
Con
trol
Latest Version on Bluetooth Website:www.Bluetooth.com
What is Bluetooth?
• A hardware description• An application framework
Modules
Software
RF
Baseband
AudioLink Manager LMP
L2CAP
TCP/IP HID RFCOMM
Applications
Data
Con
trol
Comparison with IEEE 802 protocol model
Bluetooth Core Specifications
• A: Radio• B: Baseband• C: Link Manager• D: Logical Link Control• E: Service Discovery• F: RFCOMM, IrDA, Telephony, WAP• H: Host Controllers, USB, Serial, UART• I: Compliance: Test modes, Test control interfaces
Bluetooth Radio Modules• Complete radio on a module
– Designed to meet “Limited Module Compliance” (LMA) requirements• Pre-certified to meet global regulatory requirements • Allows devices assembled with modules to be “self-certified”
– USB Interface– Solder-ball connections– External Antennae
25 mm dia25 mm dia 17x33mm17x33mm 36x43mm36x43mm
CompactCompactFLASHFLASH
CardCard
Basic Baseband Protocol
• Spread spectrum frequency hopping radio– 79 one MHz channels
– Hops every packet• Packets are 1, 3, or 5 slots long
– Frame consists of two packets• Transmit followed by receive
– Nominally hops at 1600 times a second (1 slot packets)
OneOneSlotSlot
PacketPacket
Three Slot PacketThree Slot Packet
FrameFrame
MasterMaster
SlavSlavee
625 us625 usOne SlotOne Slot
ffkk ffk+3k+3
OneOneSlotSlot
PacketPacket
FrameFrame
MasterMaster
SlaveSlave
625 us625 usOne SlotOne Slot
ffkk ffk+1k+1
OneOneSlotSlot
PacketPacket
Packet Types/Data Rates
• ACL –Packet like behavior• SCO – Circuit like behavior
00000000000100010010001000110011
NULLNULLPOLLPOLLFHSFHSDM1DM1
NULLNULLPOLLPOLLFHSFHSDM1DM1
11
01000100010101010110011001110111
HV1HV1HV2HV2HV3HV3
DH1DH1
22
DVDV1000100010011001
101010101011101111001100
DM3DM3DH3DH3
33
11011101
1110111011111111
DM5DM5DH5DH5
44
TYPETYPESEGMENTSEGMENT ACL linkACL linkSCO linkSCO link
AUX1AUX1
DM1DM1
DH1DH1
DM3DM3
DH3DH3
DM5DM5
DH5DH5
108.8108.8
172.8172.8
256.0256.0
384.0384.0
286.7286.7
432.6432.6
108.8108.8
172.8172.8
384.0384.0
576.0576.0
477.8477.8
721.0721.0
108.8108.8
172.8172.8
54.454.4
86.486.4
36.336.3
57.657.6
TYPETYPE symmetricsymmetric asymmetricasymmetric
Data Rates (Kbps)Data Rates (Kbps)Packet TypesPacket Types
M
M
SS
S
S
P
sb
sb
P
P
Bluetooth network topology• Radio designation
– Connected radios can be master or slave– Radios are symmetric (same radio can be
master or slave)
• Piconet– Master can connect to 7 simultaneous or 256
inactive (parked) slaves per piconet– Each piconet has maximum capacity (1 Mbps)
– Unique hopping pattern/ID
• Scatternet– Piconets can coexist in time and space
The Piconet
ID a
P
M Sor
sb
A
D
C
B
E
ID b
ID a
ID c
ID d
ID e
M
P
S
S
sb
ID a
ID c
ID d
ID a
IDa
IDa
ID e
ID b
• All devices in a piconet hop together– To form a piconet: master gives slaves its clock and device ID
• Hopping pattern determined by device ID (48-bit)
• Phase in hopping pattern determined by Clock
• Non-piconet devices are in standby
• Piconet Addressing– Active Member Address (AMA, 3-bits)
– Parked Member Address (PMA, 8-bits)
Inter-connected Piconets: ScatternetComplex scenarios
slave
master
master/slave
Printer
LaptopLaptop
Mouse
Mobile Phone
Headset
LAN
Access Point
Data Transfer in Piconet
Data
slavemaster
Ack
Poll
Ack
Data
Master -> Slave
Slave -> Master
625 us
625 us
625 us
n * 625 us
Data Transfer in Scatternetmaster/slave
Data
slavemaster
Ack
Poll
Ack
Data
Master -> Slave
Slave -> Master
DataAck
Poll
Ack
Data
Poll
Functional Overview (states)• Standby
– Waiting to join a piconet
• Inquire– Search for devices. Ask about
radios to connect to
• Page– Connect to a specific radio.
Construct a specific connection.
• Connected– Actively on a piconet (master
or slave)
• Park/Hold– Low Power connected states
Inquiry Page
C onnectedAMA
T ransm itdataAMA
T typ ica l=0.6s
T typ ica l=2s
H O LDAMA
PAR KPMA
T typ ica l=2 m s T typ ica l=2 m s
R e leasesA M A
A ddress
Low Pow erStates
ActiveStates
Standby
ConnectingStates
UnconnectedStandby
Det
ach
Inquiry procedure
32 wake-up carriers
Mobile = Battery Life• Low power consumption*
– Standby current < 0.3 mA • 3 months
– Voice mode 8-30 mA• 75 hours
– Data mode average 5 mA – (0.3-30mA, 20 kbit/s, 25%)
• 120 hours
• Low Power Architecture– Programmable data length (else radio sleeps)– Hold and Park modes 0.6 mA
• Devices connected but not participating• Hold retains AMA address, Park releases AMA, gets PMA address• Device can participate within 2 ms
*Estimates calculated with 600 mAh battery and internal amplifier, power will vary with implementation
Error Handling
• Forward-error correction (FEC)– headers are protected with 1/3 rate FEC and HEC
– payloads may be FEC protected• 1/3 rate: simple bit repetition (SCO packets only)
• 2/3 rate: (10,15) shortened Hamming code
• 3/3 rate: no FEC
• ARQ (ACL packets only)– 16-bit CRC (CRC-CCITT) & 1-bit ACK/NACK
– 1-bit sequence number
access code header payload
72b 54b 0-2745b
®®
Bluetooth Security Features• Fast Frequency Hopping (79 channels)• Low Transmit Power (range <= 10m)• Authentication of remote device
– Based on link key (128 Bit)– May be performed in both directions
• Encryption of payload data– Stream cipher algorithm ( 128 Bit)– Affects all traffic on a link
• Initialization– PIN entry by user
Bluetooth Security Model
PIN
E2
Link Key
Encryption Key
E3
Encryption
Authentication
PIN
E2
Link Key
Encryption Key
E3
User Input(Initialization)
(possibly)PermanentStorage
TemporaryStorage
Application Level Security• Builds on-top of link-level security
– Creates trusted device groups
• Security levels for services– Authorization required– Authentication required– Encryption required
• Different or higher security requirements could be added:– Personal authentication– Higher security level– Public key
Bluetooth Protocols
transportprotocolgroup
transportprotocolgroup
middlewareprotocolgroup
middlewareprotocolgroup
applicationgroup
applicationgroup
basebandbaseband
radioradio
middleware & data applicationsmiddleware & data applicationsaudio appsaudio apps
a: audiod: datac: control
a: audiod: datac: control
radioradio
basebandbaseband
link manager
link manager
L2CAPL2CAP
controlcontrolaudioaudioHCIHCI
transportprotocolgroup
transportprotocolgroup
middlewareprotocolgroup
middlewareprotocolgroup
applicationgroup
applicationgroup
Transport protocols
(a)(a) (d)(d) (c)(c)
Source: Dr. Chatschik Bisdikian [BT_OVERVIEW_UNIVMARYLAND_03_2001.PPT]
Host Controller Interface (HCI)
Provides a common interface between the Bluetooth host and a Bluetooth module
• Interfaces in spec 1.0: USB; UART; RS-232
Link Manager Protocol (LMP)LMP manages the radio link between a master and a slave. Functions covered by LMP:
• Authentication, pairing, and encryption: basic authentication is handled in the baseband, LMP has to control the exchange of random numbers and signed responses. LMP sets the encryption mode (no encryption, point-to-point, or broadcast), key size, and random speed.
• Synchronization: Precise synchronization is of major importance within a Bluetooth network. The clock offset is updated each time a packet is received from the master. Devices can also exchange timing information related to slot boundaries between two adjacent piconets.
• Capability negotiation: devices could support different features of the standard, so devices have to agree the usage of, e.g., multi-slot packets, encryption, SCO links, voice encoding, park/sniff/hold mode, HV2/HV3 packets etc.
• Quality of service negotiation: Different parameters control the QoS of a Bluetooth device. The poll interval controls the latency and transfer capacity. Depending on the quality of the channel, DM or DH packets may be used (i.e., 2/3 FEC protection or no protection). The number of repetitions for broadcast packets can be controlled.
• Power control: A Bluetooth device can measure the received signal strength. Depending on this signal level the device can direct the sender of the measured signal to increase or decrease its transmit power (power control).
• Link supervision: LMP has to control the activity of a link, it may set up new SCO links, or it may declare the failure of a link.
• State and transmission mode change: Devices might switch the master/slave role, detach themselves from a connection, or change the operating mode.
Link Layer Control & Adaptation (L2CAP)
A simple data link protocol over baseband (connection-oriented & connectionless):
• Protocol Multiplexing– Goal: Pass packets used by a particular network
protocol to the appropriate handler
• Segmentation and Reassembly (SAR)– Goal: Hinde data link packets lengths from
network-layer protocols
• Quality of Service– Goal: Negotiate and enforce Qos contracts (per
connection)
L2CAP Connection
a: adopted protocolb: Bluetooth specific protocola: adopted protocolb: Bluetooth specific protocol
transportprotocolgroup
transportprotocolgroup
middlewareprotocolgroup
middlewareprotocolgroup
applicationgroup
applicationgroup
transport protocolstransport protocols
networkingapps
networkingappsaudio appsaudio apps IrDA
apps
IrDAapps
OBEXOBEXcontrolcontrolaudioaudio
RFCOMMRFCOMM
PPPPPP
IPIP
TCPTCP UDPUDP
SDPSDP
telephonycontrol
based onAT
commands
telephonycontrol
based onAT
commands
IrMCIrMC
TCS-BINTCS-BIN
(b)(b)
(b)(b)
(a)(a)
(a)(a)
(b)(b)
telephony appstelephony apps
Middleware protocols
Source: Dr. Chatschik Bisdikian
Service Discovery Protocol (SDP)
• Establish L2CAP connection to remote device
• Query for services– search for specific class of service, or– browse for services
• Retrieve attributes that detail how to connect to the service
• Establish a separate (non-SDP) connection to use the service
SDP Transaction
RFCOMM
- Emulates a serial-port to support a large base of legacy (serial-port-based) applications
– Allows multiple “ports” over a single physical channel between two devices
– Based on GSM TS 07.10
Design considerations:– framing: assemble bit stream into bytes and subsequently, into
packets– transport: in-sequence, reliable delivery of serial stream– control signals: RTS, CTS, DTR
RFCOMM application example: AP Access
Why use PPP ?• Security
– Authentication– Access control
• Efficiency– header and data compression
• Auto-configuration• Lower barrier for deployment
RF Comm Applications• Applications looking for virtual serial ports not
supported• Legacy TAPI/Unimodem applications see peer
devices as NULL Modems• Applications enumerate Modem/Serial Devices
through Unimodem
TAPI = Telephony APIUnimodem = Universal Modem Driver, a TAPI service
provider
RF Comm Applications• Winsock allows for dynamic discovery and
communication– Talk to the device, not to the conduit (“My
Laserjet” versus “LPT2” or “COM23”)– Once bonded device is in range the application
can find and use it– Allows for multiple remote connection to same
service– Not necessary to manage multiple virtual
COMx ports
Telephony Control Protocol (TCS)
• Call control (setup & release)
• Group management for gateway serving multiple devices
OBEX Applications• Examples
– Photos– Vcards (not “in the box”)– Simple databases
• Server– Registration– New Obex Commands and types– Application can register as handler for custom commands
• Client– Discovery – Navigate directory structure (enumerate objects)– Push Pull objects
OBEX• Full OBEX 1.2 implementation:
– Put– Get– SetPath– Definable transactions
• COM API
• Extensible to other media and transports
a: legacy applicationb: Bluetooth specific applicationa: legacy applicationb: Bluetooth specific application
transportprotocolgroup
transportprotocolgroup
applicationgroup
applicationgroup
transport protocolstransport protocols
Application group
middlewareprotocolgroup
middlewareprotocolgroup
middleware protocolsmiddleware protocols
Bluetooth adaptationBluetooth adaptation common servicescommon services
platform APIsplatform APIs
profileapplications
profileapplications
new/futureapplications
(a)(a) (b)(b) (b)(b)
(b)(b) (b)(b)
Source: Dr. Chatschik Bisdikian
Interoperability & Profiles
ProfilesP
roto
cols
Applications• Represents default
solution for a usage model
• Vertical slice through the protocol stack
• Basis for interoperability and logo requirements
• Each Bluetooth device supports one or more profiles
Bluetooth Profile Specifications
• K:1 Generic Access• K:2 Service Discovery• K:3 Cordless
Telephony• K:4 Intercom• K:5 Serial Port• K:6 Headset• K:7 Dial Up
Networking
• K:8 Fax• K:9 LAN Access• K:10 Generic Object
Exchange• K:11 Object Push• K:12 File Transfer• K:13 Synchronization
Bluetooth products
•Wireless access to Internet and corporate networks•Wireless connection to ThinkPad
•Non-directional; phone can be in your briefcase•Wirelessly update your phone’s address book from your system
•Insulates you from rapid changes in cellular networks
Ericsson Cell Phone
BluetoothModule
Ericsson Headset R520m, T39m
