Bluetooth LE - Dodging the Bullets
-
Upload
daniel-kummer -
Category
Engineering
-
view
62 -
download
3
Transcript of Bluetooth LE - Dodging the Bullets
Bluetooth LEDodging The BulletsDaniel Kummer.NCamp. 2016.
NCamp. 2016. 1
DisclaimerMinimal Technical StuffAt the end there will be !
NCamp. 2016. 2
Preface - Mental Health
To keep everyone calm and relaxed after stressful slides, cute kittens will be shown
NCamp. 2016. 3
AgendaEntry
▸▸ Origins ▸ Basics ▸ iOS/Android ▸ Hardware
Experience
▸▸ Advertising ▸ Pairing ▸ Bonding ▸ Operation
Exit
▸▸ Data Quantities ▸ Survival Tips ▸ Tools
NCamp. 2016. 4
Bluetooth OriginsHistory Side Trip
NCamp. 2016. 5
King Harald Blåtand958 - 986
NCamp. 2016. 6
Blueooth Low Energy» 4.0 (2010)▸▸ Wibree (Nokia) aka Bluetooth Smart, GATT, 25Mbit/s, 60m
» 4.2 (2014)▸▸ IoT key features, focus on security
» 5.0 (2017)▸▸ 50MBit/s, 240m
NCamp. 2016. 7
BLE Basics2'000 pages core spec ▸▸ 2 slides
NCamp. 2016. 8
Terminology
NCamp. 2016. 9
GATTGeneric Attribute Profile
Your main battlefield
» Data exchange
» Use case specific
» SIG defined (Glucose Profile, HID, ...)
» Vendor defined
NCamp. 2016. 10
Shootin' time!Dodge + CoverNCamp. 2016. 11
iOS / Android
NCamp. 2016. 12
iOSSince iPhone 4s / iOS 5
» ! More reliable and failure tolerant than Android
» ! Works on one device, works on all
» " Restrictive API
» " Restrictive peripheral mode (acting as server)
NCamp. 2016. 13
AndroidSince Android 4.3
» ! High API freedom
» " Issues below Android 5.0 (API Level 21)(it's #)
» " Android Problem Multiplexer
NCamp. 2016. 14
Android Problem Multiplexer
» No predictions possible
» Approach ▸ Test and verifyNCamp. 2016. 15
HardwareNuts and Bolts
NCamp. 2016. 16
Hardware Issues» Bad and worse chipsets out
there
» Practically all have issues
» Bad and complicated (and/or wrong) documentation
“Imaging an universal power adapter not fitting into a plug”
NCamp. 2016. 17
Hardware Advice» Get target hardware asap
» Stick to BLE core functionality
» Get in contact with the chipset manufacturer
Chipset Hints
» Nordic !, Texas Instruments ", Qualcomm #
NCamp. 2016. 18
RelaxationKitten #1 ▸
NCamp. 2016. 19
AdvertisingHello, I'm here
NCamp. 2016. 20
Bluetooth Advertising» Like the beam of a lighthouse
» Shortly visible, in periods
» Not much information transfer possible
» 26 Characters1 - that's it
» Usually device/functionality identifiers
1 Bytes
NCamp. 2016. 21
Advertising Hints» Plan ahead - Define early what goes into
advertising
» Request company identifier from Bluetooth SIG
» Use scan response and active scanning
» Advertising should be static data, scan response changing data
NCamp. 2016. 22
iOS Advertising» iOS uses obsfucated device identifier, not the MAC
address
» When mocking a peripheral:
» No full control of advertising data (ex: Manufacturer Specific Data)
» MAC will change randomly
NCamp. 2016. 23
iOS Advertising Hints» Implement independent from identifier (especially
for cross-platform apps)
» Know your mock limitations
NCamp. 2016. 24
Android Advertising Hints» The Android BLE stack(s) are ! - period!
» Lagging initial discovery time (up to 30 sec)
» Devices dropping out of cache when too many other devices are advertising
❗ Android will fall back to BR/EDR mode on dual mode chipsets
» Android 4.3 cannot filter 128Bit UUIDs
NCamp. 2016. 25
Dodge Android Advertising» Maintain your own list of BLE devices in app-code
» Don't rely on SDK provided filtering
» Don't use dual-mode chipsets on the target hardware
» Don't use Android < 5.0 (API Level 21)
NCamp. 2016. 26
RelaxationKitten #2 ▸
NCamp. 2016. 27
Pairing + BondingShort- & longterm Relationships
NCamp. 2016. 28
Goldfish vs. Elephant
» Pairing - Short term, forget after disconnect
» Bonding - Long term, rememberNCamp. 2016. 29
Focus BondingSwallow the fish, free the elephant
NCamp. 2016. 30
Bonding» Initiated after first encrypted characteristic
read attempt (iOS)
» Extremely hardware and stack dependent
» Increased overall complexity
NCamp. 2016. 31
Bonding Suggestions» Determine whether truly necessary - usually not
» Include early in development
» Don't assume working without verifying (Android ❗)
NCamp. 2016. 32
Final Bonding Advice1# Don't use it2# Implement app-side
NCamp. 2016. 33
RelaxationKitten #3 ▸
NCamp. 2016. 34
Connection ManagementHello? Are you still there?
NCamp. 2016. 35
Connection Management» Random and frequent disconnects will occur
» Connections remain open without active disconnects
» Limited amount of services and characteristics
» Lots of possible errors can occur
NCamp. 2016. 36
Connection Management Suggestions» Implement auto-reconnect yourself
» Do not use non-standard MTU3
» Be very failure tolerant
» Limit characteristic usage
3 https://www.adafruit.com/product/2269
NCamp. 2016. 37
Connection ManagementAndroid Supplement
NCamp. 2016. 38
Android Supplement» Do not use the autoConnect feature
» States can be stale - don't trust them too much
» Many undocumented status codes can occur - implement retry
» 'Restart Phone' is a valid problem solving approach
» Always close GATT after disconnect
NCamp. 2016. 39
RelaxationKitten #4 ▸
NCamp. 2016. 40
OperationIs the smoke normal?
NCamp. 2016. 41
Operation» All communication is async - but you cannot do two
things at once
» Chipsets sometimes limit GATT UUID formats
» Characteristic descriptors (read/write/indicate/notify/...) are frickle
» Reliable read / write operations aren't reliable
» Many problems might lead to inconsistent stack
NCamp. 2016. 42
Operation Proposals» Limit notification characteristics as much as
possible
» Implement 'heartbeat' for tracking connection loss
» Implement your own synchronization layer where necessary
NCamp. 2016. 43
Data QuantitiesHow much? Seriously?
NCamp. 2016. 44
Data Quantities» GATT is not intended for large transfer volumes
» 20 Bytes per characterisic
» 'Roll your own' complex implementation
» Don't try to transfer larger volumes!
» Data where integrity is important
» Firmware upgrades, control code, ...
NCamp. 2016. 45
Data Quantities Proposals“GATT services and characteristics are not always the right approach!”Anonymous
» Later changes are extremely expensive
» SPP (Serial Port Profile) alternative
» RS232 over Bluetooth - RX and TX
» Use-case based descision
NCamp. 2016. 46
RelaxationKitten #5 ▸
NCamp. 2016. 47
Survival TipsThe Art of staying alive
NCamp. 2016. 48
Do NotReally! Seriously!
» Commit to fixed timelines
» Guarantee functionality / device support
» Blindly estimate testing efforts
NCamp. 2016. 49
DoAt least try to
» Do Proof of concepts early
» Organize your mobile test devices (phones)
» Stick to core functionality
» Get your hands on real hardware (peripherals) asap
» Debug Frequently
» Log extensively
NCamp. 2016. 50
ToolsSpoon?
NCamp. 2016. 51
ToolsAndroid - nRF Connect App - HCI Snoop Protocol + WireShark
iOS - LightBlue Explorer App
Hardware - Bluefruit LE Sniffer3
3 https://www.adafruit.com/product/2269
NCamp. 2016. 52
Resources» Ask someone with experience▸▸ Really!
» O'Reilly - Getting Started with Bluetooth Low Energy▸▸ Good but very shallow
» Bluetooth.org + Core Specification▸▸ You'll have to even if you don't want to
NCamp. 2016. 53
Closing Thoughts
NCamp. 2016. 54
The ! is a lie!» Well, not completely
» The technology is there BUT it's often not as good as advertised
» Don't go off just using it for everything without having a plan
» Don't be overconfident
NCamp. 2016. 55
! You can and will get it to work! With enough time and compromises
NCamp. 2016. 56
Final relaxation kitten
NCamp. 2016. 57
Thank you
NCamp. 2016. 58