Networks: L13

1

BlueTooth

•Low cost wireless connectivity for Personal Area Networks

–PDAs, mobile phones, laptops, audio headsets, printers, scanners, GPS navigators, modems, USB adapters etc.

–10 metre range for typical power class 2 transmitter

–data rate nominally 1Mbps

»less 20% for protocol overheads – headers, handshaking etc.

»432Kbps for full duplex transmission using a Time-Division Duplex master/slave scheme (alternate transmit/receive)

–uses same 2.4GHz ISM radio band as 802.11b

»with 79 1MHz-wide RF channels

–each channel divided into 625µs long time slots

»a frequency hop per time slot i.e. 1600 times per second

»normally one packet per time slot but packets can be up to five time slots wide and up to 2745 bits in length

–uses a combination of circuit and packet switching

Networks: L13

2

–up to 8 Bluetooth devices can form a piconet

»one master and up to 7 slaves

»interconnected piconets form a scatternet

»up to 10 piconets can co-exist in same personal area

–simultaneous transmission of voice and data for multiple devices

»SCO : Synchronous Connection Oriented full duplex at 64kbps, up to 3 simultaneous channels per piconet

uses reserved time slots set up by the master to avoid collisions

errors not recovered

»ACL : Asynchronous Connectionless either point-to-point (master to one slave)

or broadcast to all slaves

slaves can only transmit when polled by the master

strong error-recovery to ensure transmissions error-free

–security equivalent to wired network

»up to 128-bit public/private key authentication

»64-bit streaming cipher based on A5 algorithm used in GSM phones

Networks: L13

3

•Bluetooth Special Interest Group (SIG)

–originated by Ericsson in late 90s

–promoted by Ericsson, Nokia, IBM, Toshiba, Intel, 3Com, Motorola, Lucent and Microsoft

–over 2000 members of the SIG by 2003

–500million Bluetooth-enabled devices estimated to be sold in 2005

•Harald Bluetooth

–Danish ruler of Denmark and Norway in late 900AD

»perhaps from `ble’ (blue) meaning dark skinned and `tan’ meaning great

»son of King Gorm the Old try www.gorm.com for Viking fun!

Networks: L13

4

– Profiles describe how the technology is used

– Protocol architecture describes how the technology works :

Networks: L13

5

•Radio layer :

–defines the requirements for a Bluetooth transceiver

•Baseband :

–manages physical channels, links, error correction, hop selection, etc.

•LMP : Link Manager Protocol

–used by Link Managers for link set up and control, authentication, encryption

•HCI : Host Controller Interface

–provides a command interface to Baseband Link Controller and Link Manager

•L2CAP : Logical Link Control and Adaptation Protocol

–provides connection-oriented and connectionless data services, protocol multiplexing, packet segmentation and reassembly, QoS info. etc.

•RFCOMM :

–provides emulation of serial ports over the L2CAP protocol

•SDP : Service Discovery Protocol

–allows applications to discover available services and their characteristics

Networks: L13

6

•Radio

–79 channels from 2.402GHz to 2.480GHz hopped around 1Mhz bands with quard bands top and bottom

»except France, Spain & Japan where only 23 channels are allowed

»transmit rate 1M symbols per sec Transmit Power classes

»1 : 100mW – designed for long range devices ~100m

»2 : 2.5mW – ordinary range devices ~10m

»3 : 1mW – very short range ~10cm

»devices control output power to optimise battery life etc. from ~8-30 milliamps when transmitting down to ~30microamps when not

–Modulation»GFSK : Gaussian Frequency Shift Keying

± 115khz from centre frequency

»binary square wave passed through a Gaussian filter before transmission to reduce the bandwidth used

–Spurious emissions»tightly controlled, particularly when frequency hopping

–Required receiver sensitivity -70db or better

Networks: L13

7

•Baseband

–a baseband channel is represented by a pseudo-random hopping sequence »through the 79 (or 23) RF channels

–two or more devices using the same baseband channel form a piconet »one master and up to 7 slaves in a single piconet

but more slaves can remain synchronised to a master in a non-active parked state

any device is capable of being a master

»channel access controlled by the master

–multiple piconets with overlapping coverage form a scatternet »slaves can participate in different piconets on a time-division multiplex basis

»a master in one piconet can be a slave in another piconet

piconet

scatternet

Master

Slave

Networks: L13

8

–hopping sequence is determined by the device address of the master

»phase determined by the master’s clock

»unique for each piconet

–addresses

»device address : each transceiver has a unique 48-bit address, bd_addr

»active member address : 3-bit number for an piconet slave, am_addr (MAC)

»parked member address : 8-bit number (master local) for a parked slave

»access request address : used by a parked slave to return to active status

–a channel is divided into time slots, each 625µs in length

»a new hop frequency per time slot – 1600 hops per second

»one packet per time slot

»or multi-slot packets, using up to 5 time slots (1, 3 or 5 slots) with same hop frequency for entire packet

»time slot numbering 0 to 227-1

–Time Division Duplex (TDD) scheme

»master transmits in even-numbered slots, slaves in odd-numbered slots

Networks: L13

9

f(k) f(k+1) f(k+2) f(k+3) f(k+4) f(k+5) f(k+6)

f(k) f(k+3) f(k+4) f(k+5) f(k+6)

f(k) f(k+5) f(k+6)

625µs

f(k) f(k+1) f(k+2) f(k+3)

Master

Slave

Networks: L13

10

•Links between master and slave

–Synchronous Connection-Oriented (SCO)

»a symmetric point-to-point link

»uses reserved slots can be considered as a circuit-switched connection between master and slave

»typically used for time-critical information such as voice at a nominal 64kbs (56kbps data)

»a master can support up to 3 links to same or different slaves a slave can only support two links if links originate from different masters

»master sends SCO packets at regular intervals of TSCO slots

each slot reserved for the purpose

»slave always allowed to respond with SCO packet in the following slot

»SCO link established by master sending a setup message via the LMP

contains timing parameters e.g. TSCO and an offset DSCO from current slot no.

»unreliable transmission with no error detection and correction packets never retransmitted

synchronous transmission considered more important than error-free for voice

Networks: L13

11

–Asynchronous Connectionless (ACL)

»no reserved slots

»master can exchange packets with a slave on a per-slot basis provides a packet-switched connection between master and slave

»only one ACL link between a particular master/slave pair allowed in addition to any SCO links between the same pair

»packets not addressed to a specific slave are considered as broadcast point-to-multipoint

and read by all slaves

»a slave is permitted to respond to an ACL packet from a master in the following slot only if it has been specifically addressed in the previous slot

»packet retransmission applied for most packets to assure data integrity

»isochronous services time-critical continuous transmission for fast sources e.g. audio/video

used instead of SCO since ACL has a faster throughput rates

Networks: L13

12

•Packet format :

–Access codes

»used for identification and timing synchronisation

»channel access code : identifies a piconet

»device access code : used for paging and responses to paging

»inquiry access code : to discover which Bluetooth devices are in range

–Header

»am_addr : active member address

»type : various control, data, 1-slot, 3-slot, 5-slot, SCO & ACL packets

»flow : flow control over an ACL link header with flow=0 returned when receive buffer is full, to stop transmission

¤control packets can still be received

header with flow=1 returned when buffer is empty

Access Code Header Payload

am_addr type flow arqn seqn HEC

72 54 0 - 2745

Networks: L13

13

»arqn : 1-bit acknowledgment of a transfer is piggy-backed in the header of the return packet

ACK : arqn=1 for success (checked by CRC)

NAK : arqn=0 for failure

NAK assumed if no response received

an unnumbered ARQ scheme so arqn relates to the latest received packet

»seqn : 1 bit sequential numbering for each new transmitted packet, the seqn bit is inverted

this filters out retransmissions at the destination

¤if a retransmission occurs due to a failed ACK, the destination receives the same packet twice

¤already correctly received retransmissions can be discarded

a modified sequencing method used for broadcast packets

»HEC : Header Error Check 8-bit CRC-8 check : x7 + x6 + x4 + x2 + x + 1

–Payload

»different formats for SCO packets (fixed length 240 bits) and ACL packets checked with 16-bit CRC-CCIT polynomial : x16 + x12 + x5 + 1

Networks: L13

14

–other FEC codes used on some packet types also

»rate 1/3 : each bit repeated three times used for headers and voice data in SCO

»rate 2/3 : a (15, 10) Hamming code used in some ACL packets

»depending on the error-freeness of the environment, checked or unchecked packet types can be used as desired to optimise throughput

•Data Whitening

–before transmission and FEC coding, header and payload are scrambled

»with a data whitening word

»to randomise the data in order to minimise DC bias

–whitening word XORed with packet bits

–generated from a linear feedback register (x7 + x4 + 1)

»initialised with part of the master clock register

Networks: L13

15

•Clocks

–every Bluetooth unit has an internal system clock

»to determine the timing and hopping of the transceiver

»never adjusted and never turned off

–for synchronisation with other units, offsets are used

»provides temporary clocks which are mutually synchronised master’s offset is zero

–have a resolution of 312.5µs

»a clock rate of 3.2khz

»wraps around at 228-1, ~ a day

–frequency hopping sequence determined by the master

»when a piconet is established, the master clock is sent to the slaves

–each slave keeps an offset to its own clock for this master

»offsets need to be updated regularly to allow for inaccurate clocks

»±20ppm when active, ±250ppm when inactive and in low power state

Networks: L13

16

•Controller States

–major states : Standby and Connection

–seven substates : page, page scan, inquiry, inquiry scan, master response, slave response and inquiry response

–Standby state:

»the default state, low-power mode, clock running

»may leave standby state to scan for page or inquiry messages or to page or inquire itself

»and enter Connection state as a slave when responding to a page message

–Connection state :

»when connection has been established packets can be sent back and forth

»starts with a POLL packet from the master to verify the switch to this master’s timing and frequency hopping sequence

»then control packets containing data that characterises the link

»then data packets as required

Networks: L13

17

Standby

Connection

Page Page ScanInquiryScan

Inquiry

masterresponse

slaveresponse

inquiryresponse

Networks: L13

18

•Connection Setup (Inquiry/Paging)

–the Inquiry Procedure used where destination’s device address not known

»enables a unit to discover which units are in range and what their device addresses and clocks are

discovering unit collects device addresses of all units that respond

»a source unit enters Inquiry substate broadcasts an inquiry message continuously at different hop frequencies

¤an inquiry sequence of 32 unique wake-up hop frequencies

with no device address but can have device class specified

»a unit that allows itself to be discovered enters the Inquiry Scan substate scans for the inquiry access code in a packet

¤staying long enough at a single frequency to scan for 16 inquiry frequencies

¤using an inquiry response hop sequence corresponding to the inquiry sequence

responds with an inquiry response message

¤carrying the unit parameters

contention may arise when more than one unit responds at same time

¤unlikely to be in same phase of clock

¤but, just in case, the unit backs off from responding for a random number of slots

not obliged to respond

Networks: L13

19

–the Paging Procedure actually sets up a connection

»unit that carries out the page procedure automatically becomes the master

»the Page substate is used by the source (master) to activate and connect to a slave which periodically wakes up in Page Scan substate

»the master tries to capture the slave by repeatedly transmitting the slave’s device access code in different hop channels

according to a page hopping sequence of 32 hop frequencies

¤determined by the slave’s device address

since master and slave are not yet synchronised, master does not know exactly when the slaves wake up and on which hop frequency

¤uses an estimate of the phase position derived from their last joint encounter or from the inquiry procedure

¤but might be completely wrong – follows a scheme to get round this if necessary

¤transmits a train of identical device access codes at each hop

»a unit in page scan substate looks out for its own device access code using the page response hop sequence corresponding to the page hop sequence

having received its own device address it, enters slave response substate

¤sends slave response messages back to master

¤enters Connection state and switches to the master’s channel parameters

Networks: L13

20

•Connection Modes

–Active Mode

»the unit participates on the channel

»the master schedules transmissions based on traffic demands to and from the different slaves

also supports regular transmissions to keep slaves synchronised to the channel

»slaves listen in the master-to-slave slots for packets if not addressed, it may sleep until the next new master transmission

–plus three power-saving modes with reduced device activity

»but all still synchronised to the piconet

–Sniff Mode

»the slave listens to the piconet at a reduced rate

»the sniff interval is programmable and depends on the application

–Hold Mode

»only an internal timer running

»data transfer restarts instantly when units transition out of Hold mode

Networks: L13

21

–Park Mode

»device does not participate in traffic

»have given up their MAC address

»occasionally listen to master traffic to re-synchronise

to check on broadcast messages

»the most power efficient mode Sniff mode saves the least power, Hold mode intermediate

•Scatternets

–different piconets hop with independent sequences

–as more piconets are added, probability of collision increases

»graceful degradation of piconet performance takes place

–a unit can only be a master in one piconet

»but can swap master/slave role with a slave if required master and slave can start a new piconet with roles reversed

then other slaves of the old piconet can transfer to the new piconet

Networks: L13

22

•Bluetooth Security

–inherently quite secure :»low power transmissions means short range

»fast frequency hopping around a pseudo-random hop sequence

»much less likelihood of being eavesdropped than 802.11, for instance

–standard defines features operating at the link level»i.e. between a master and a slave

–supports authentication and encryption»based on a secret link key shared by a pair of devices

»this key generated by a pairing procedure invoked when the two devices communicate for the first time

–each device has a unique address»not easily spoofed (yet)

»scrambled address sent with each message

»security confidence comes from associating an address with an individual initialisation process uses a PIN

¤can be stored in non-volatile memory of the device

Networks: L13

23

•Security Modes

–Mode 1 : no security procedures»promiscuous or discovery mode

»allows other devices to initiate connections with it

–Mode 2 : enforces security after link establishment at L2CAP level»allows setting up flexible security policies involving application layer

controls

–Mode 3 : enforces controls such as authentication and encryption at the Baseband level before the connection is set up

»usually done by a Security Manager

•Security Levels

–device level :»trusted devices : access to all services for which trust relationship set up

»untrusted devices : restricted access to services

–service level»services that require both authentication and authorisation

»services that only require authentication

»services open to all devices

Networks: L13

24

•Link Keys

–used in the authentication process

»and as a parameter when deriving the encryption key

–session :

»the time interval for which the unit is a member of a particular piconet

–semi-permanent keys

»can be used after the current session is over to authenticate units that share it

»stored in non-volatile memory

–temporary keys

»last only until current session is terminated and cannot be reused

»typically used for a point-to-multipoint connection where the same information is to be distributed securely to several recipients

a common encryption key is useful

–four types of link key used for different types of application

»all 128-bit random numbers

»Unit key : generated in a single device when it is installed

Networks: L13

25

»Combination key : derived from information in two units a device has to store such a key for every combination of unit pairs

»Master key : used to temporarily override current key when master wants to transmit to several devices at once

»Initialisation key : protects initialisation parameters when they are transmitted

generated using bd_addr, a random number and a PIN number

–Unit keys and Combination keys functionally indistinguishable»which key is used depends on the application

more security using the Combination key but needs more storage memory

–PIN number»up to 16 bytes long, fixed or selected by the user

»recommended that it be human entered when needed but can also be stored in units

»key exchange either by human or by a secure key agreement protocol e.g. Diffie-Hellman key agreement – a public-key cryptography standard

»also used to verify access to an application or service

–Encryption»a new encryption key is generated for every packet

Networks: L13

26

•Authentication

–a challenge-response scheme

»claimant and verifier share the same symmetric secret key

–claimant’s knowledge of the secret key checked by a 2-move protocol

–verifier generates a random number, au_rand

–sends au_rand as the challenge to the claimant

–both verifier and claimant compute a function E1 (a 64-bit block cipher)

»a function of au_rand, device address bd_addr, and the link key

–claimant returns first 32 bits of result of E1 computation, sres, to verifier

–verifier checks sres is the same as its own computation

E1

au_rand

bd_addr

link key

sres’ =?sres

E1

au_rand

bd_addr

link key

sres

au_rand

sresVerifier Claimant

Networks: L13

27

–verifier not necessarily the master

»application indicates who has to be verified by whom

»sometimes only one-way verification needed

»sometimes mutual authentication needed two successive authentication procedures, one each way round

–repeated authentication attempts

»a waiting interval must pass before a verifier will initiate a new attempt to the same claimant

or before it responds to an authentication attempt initiated by a unit claiming the same identity as the suspicious unit

»for each subsequent authentication failure with the same Bluetooth address, the waiting interval in increased exponentially

e.g. doubled each time up to some maximum

values depend on the implementation

»intervals decrease exponentially to a minimum when no new failed attempts are made during a certain time period

»units need to keep a list of waiting intervals for every unit in contact

»prevents an intruder quickly trying lots of different keys

Networks: L13

28

•Encryption

–modes :

»nothing encrypted

»broadcast traffic not encrypted but individually addressed traffic encrypted

»all traffic encrypted

–encrypts the payloads of packets, not access codes or headers

–uses a stream cipher, E0 , re-initialised for every packet

»any notional encryption weakness handled by frequent re-initialisation long encrypted sequences typically needed for cryptanalysis

–E0 has three parts :

»initialisation : generation of the payload key

»generation of key stream bits using the payload key

»encryption and decryption using the key steam bits

–initialisation inputs:

»device address bd_addr, clock bits CLK26-1 , an encryption key KC

clock value different for each new packet

Networks: L13

29

–encryption key KC

»derived from a random number and the current link key (E3 hash algorithm)

»the random number transmitted to the receiver in plain before encryption starts

»possibly reduced in length from 128 bits before use if national politics require it

–initialisation algorithm combines inputs

»result used to initialise four linear feedback shift registers

–key stream generator uses a complex summation combiner:

–key stream XORed with payload data to be encrypted

x25 + x20 + x12 + x8 + 1

x32 + x24 + x16 + x12 + 1

x33 + x28 + x24 + x4 + 1

x39 + x36 + x28 + x4 + 1

LFSR1

LFSR2

LFSR3

LFSR4

XOR

+

blendingfunction

key stream

Networks: L13

30

•Security attacks?

–eavesdropping

»limited scope because of short range

–unit key not as secure as combination key

»all devices paired with a unit keyed device can eavesdrop other packets may not be a problem in future with more memory in devices

–authentication much stronger than 802.11

»cannot capture the authentication key by listening to the challenge and response

»cannot use captured data to compute the authentication key

E1 algorithm not easily invertible

only 32 bits returned – not whole sres

–initial pairing a possible area of attack

»if attacker can guess or steal the PIN, fast search to derive the link key possible long random PINs recommended

recommended that pairing be done in a private place

–“hopping along” – listening to all hop frequencies in parallel

»might give scope for capturing longer sequences for cryptanalysis

Networks: L13

31

•Link Manager Protocol

–carries out setup, authentication, link configuration and control etc.

–also deals with mode management, quality of service and power control

–discovers other remote Link Managers and communicates with them

–various types of protocol data unit (PDU) sent from one device to another

»some mandatory for all devices and some optional

»single slot packets

»have higher priority than user data

»messages not acknowledged since Baseband provides a reliable link but no guarantees over delays due to retransmission

master only guarantees to communicate with slaves every Tpoll slots

¤ Tpoll a QoS parameter

–some message types :

»general response : LMP_accepted, LMP_not_accepted

»authentication : LMP_au_rand, LMP_res the challenge response scheme

Networks: L13

32

»pairing : LMP_in_rand, LMP_sres, LMP_unit-key, etc. when two devices do not have a common link key

an initialisation key created from a PIN and a random number

link key created from initialisation key and mutual authentication made

»encryption : LMP_encryption_mode_req, LMP_encryption_key_size_req, LMP_start_encryption_req, LMP_stop_encryption_req

encryption can be used after authentication if desired – an Optional message type

if master wants all slaves in the piconet to use the same encryption parameters, it must issue a temporary key and make this the current link key for all slaves

»clock offset : LMP_clkoffset_req, LMP_clkoffset_res clock offset between slaves own clock and master’s clock

can be requested by the master to speed up paging time next time salve is paged

also updated each time a packet is received from the master

»supported features : LMP_features_req, LMP_features_res a device makes this request in case another device does not support all packet types

and features in Baseband and Radio spec

»switch master/slave role : LMP_switch_req, LMP_slot_offset in case a switch from master to slave or vice versa is needed

Networks: L13

33

»modes : LMP_detach, LMP_hold_req, LMP_sniff_req, etc. to detach a device, change modes etc.

»power : LMP_incr_power_req, LMP_decr_power_req, etc. change transmit power

»quality of service : LMP_quality_of_service, etc.

to set the poll interval Tpoll

»SCO links : LMP_SCO_link_req, LMP_remove_SCO_link_req when a connection between two devices is first established, the connection consists

of an ACL link

one or more SCO links can then be established

»multi-slot packets : LMP_max_slot, LMP_max_slot_req to set the maximum number of slots for a packet

»connection establishment : LMP_host_connection_req, LMP_setup_complete

after a connection request is accepted, security procedures can be invoked

»plus a whole lot more!

Networks: L13

34

•Host Controller Interface

–provides a command interface to Baseband and Link Manager

–and access to hardware status and control registers

–consists of two parts:

»software that implements the command interface

»physical hardware that connects Bluetooth subsystem to the host the software makes the hardware appear transparent to higher-level software

Host Application

HCI Driver

Transport Driver

Transport Firmware

HCI FirmwareLink Manager

Baseband

RF

HCI Transport Bus

Host

BluetoothSubsystem

Networks: L13

35

–HCI Software

»Data Plane responsible for data transfer across the link

»Control Plane responsible for link control and management

–HCI Commands and Events

»host controls network interface through commands provided by HCI driver

»spec also defines a set of events generated by HCI firmware to indicate state changes in the interface

–HCI Hardware/Transports

»define how to transport three classes of data UART Transport Layer

¤where Bluetooth network interface and host on the same PCB

RS232 Transport Layer

¤network interface and host located in different enclosures

USB Transport Layer

¤how to map Bluetooth data types onto USB endpoints

PC Card Transport Layer

¤not part of spec but implemented to support interoperability

Networks: L13

36

•L2CAP : Logical Link Control and Adaptation Protocol

–provides connection-oriented and connectionless services»only support for ACL links, not SCO kinks

»upper layer protocol mutiplexing capability needs to be able to distinguish between upper layer protocols such as the Service

Discovery Protocol (SDP), RFCOMM, Telephony Control etc.

since Baseband protocol does not support any upper layer protocol type field

»segmentation and reassembly of packets up to 64Kb in length largest Baseband packet payload length is 341 bytes

¤limits efficient use of bandwidth for protocols designed to use larger packets

large upper layer packets segmented

small Baseband packets assembled

»Quality of Service connection establishment process allows the exchange of information about QoS

each L2CAP implementation must monitor resources used by protocols to ensure QoS contracts are honoured

»group abstractions many protocols include concept of a group of addresses

L2CAP permits such protocols to be mapped efficiently onto piconets

Networks: L13

37

–Channel Identifiers (CIDs)»local names representing a logical channel end-point on a device

»can be managed locally as device thinks fit as long as same CID not reused for something else simultaneously

»some CIDs reserved for special purposes e.g. signalling channel 0x0001 numerous commands available e.g. connection/disconnection request and

response, information request and response, echo request for testing etc.

–Connection-oriented data channels»a connection between two devices

each end represented by a CID

–Connectionless channels»restricted to data flow in a single direction

»used to support a channel group on one or more remote devices in a best-effort manner – no QoS guarantees

–Events : all incoming messages to the L2CAP layer»indications and confirmations, requests and responses from higher layers,

data from peers, timer expirations etc.

–Group management : creation and deletion of groups of devices etc.

Networks: L13

38

•RFCOMM

–a simple transport protocol providing emulation of RS232 serial ports

–supports up to 60 simultaneous connections between two Bluetooth devices

»to accommodate computers, printers, modems etc.

–its own flow control mechanisms

»in addition to emulated software Xon/Xoff and hardware RTS/CTS etc.

»also a credit-based flow control system a sender can only send as many frames per link as it has credits

if no credits, has to stop sending and wait for more to be assigned

•Service Discovery Protocol (SDP)

–for applications to discover which services are available and their characteristics

»services available change dynamically based on proximity of devices in motion

–each available service has a service record which can be requested

»a collection of service attributes in various service classes each assigned an ID, some common to all services, some locally defined

–searching for a specific service or browsing to see what services are available

Networks: L13

39

•Profiles

–address the problem of the multiplicity of options and parameter values

–facilitates the interoperability of devices

–four key approaches :

»implementation options are reduced so applications share the same features

»parameters are defined so applications operate in similar ways

»standard mechanisms are defined for combining different standards

»user interface guidelines are defined giving uniformity across devices

–profiles describe minimum implementations of the Bluetooth protocol stack

»a minimum recipe for building a particular type of device

»which manufacturers can augment in order to distinguish their product

–if a device implements an end-user function covered by a profile, it must implement that profile, for interoperability

»but can also implement a proprietary method, for flexibility

Networks: L13

40

–profiles are built up in layers, each profile relying upon layers beneath

Networks: L13

41

–the General Access Profile provides a basic level of functionality»all Bluetooth must implement this

»ensures all devices are capable of making baseband connections

»defines : generic procedures for discovering devices (idle mode procedures)

link management aspects of connecting devices

procedures related to security levels

common formats for user interface-level parameters¤e.g. naming conventions

»all described in considerable detail in the Bluetooth specification

–Service Discovery Application profile sits directly on the Generic Access Profile

»defines how an application should use the SDP to find the capabilities of other devices in its neighbourhood

–Serial Port Profile Group»based on RFCOMM

allows applications to treat links as virtual COM ports

»provides a gateway that provides access to a service

»and a terminal that uses that service

Networks: L13

42

–headset profile :

»terminal is the headset itself

»gateway is a device, e.g. a phone, supplying an audio call to the headset

signalling for audio call uses modem format AT commands

audio call uses an SCO link

–LAN access profile :

»gateway provides a link to a local area network

»terminal is anything that might be connected to a LAN e.g. PC, laptop etc.

Networks: L13

43

–Generic Object Exchange profile

»using the Infra Red Data Association’s OBEX object exchange protocol

»allows devices to set a path to a particular directory, create & delete objects

–Synchronisation profile

»a standard way to synchronise personal data - PIM

such as phonebooks, calendars, email, notes, tasks etc.

»can be triggered at a particular time of day

»or when the devices come within range of one another

»hidden or unconscious computing

happens without the user being aware of it

Networks: L13

44

–Object Push profile

»to push predefined standard data objects to another device

can be used to exchange virtual business cards

or to pass someone your schedule in a virtual calendar

–File Transfer profile

»allows devices to use OBEX for files and folders

Networks: L13

45

–Telephony Control Protocol

»a three-in-one phone has been suggested :

on the move it’s a mobile phone connected on a cellular network

at home it’s a cordless phone connected to the PSTN via a base station

¤uses the Cordless Phone Telephony profile

in the office it’s an intercom etc.

¤uses the Intercom profile

–many more profiles expected to be defined as new applications appear

Networks: L13

46

Comparison with 802.11

Bluetooth 802.11

ApplicationCommunication between

personal devicesNetwork access

Range 10m 100m

Speed 1Mbs 11Mbps/54Mbps

Cost < $5 > $50

Power Low Medium

Security Good Poor

Maturity Improving Good

Complexity High Medium

Volume Very large Medium

Networks: L13

47

•Bluetooth and 802.11b Coexistence

–both use 2.4GHz ISM frequency band

–interference can be a substantial problem

–802.11b throughput can be substantially cut by need for retransmissions etc.

–Bluetooth inherently more robust than 802.11

»frequency hopping moves on rapidly from channels in use by other technologies

»improved specification will allow channels to be skipped entirely when interference known to be present

–various companies developing proprietary products to coexist

»Silicon Wave Inc.’s `Ultimate Blue’ technology refrain from transmitting low priority packets on channels with known interference

try anyway with high priority packets

»Intel linked devices which intercommunicate with information on channels in use

»Texas Instruments combined devices which dynamically allocate bandwidth between the technologies