Transcript Document
Bluetooth
An Ad Hoc Network
Trends
• Personal Computing Devices are ubiquitous
– Mobile phone, pager, PDA, etc.
– Improving processing power, network access, operating
environments
– Devices becoming first class network citizens
• Collaborative, peer-to-peer networks break new
ground
– Napster, Gnutella, Morpheus, etc.
– De-centralised, “infrastructure-less” systems
• Resilient, efficient use of processing power
• Currently still opportunistic, not standards-based
Infrastructure
• Most computer systems are infrastructure-oriented
– DNS servers, DHCP servers, Web servers, file servers,
application servers, …
– Not well suited to mobile, powerful devices
• Devices should be peers - collaborate directly
– Chat & instant messaging, sharing meeting notes,
broadcasting slides to audience, etc.
• Needs suitable physical networking technology
– Bluetooth, 802.11, etc.
• Needs suitable operating framework
– Jini?, JXTA?, Javaspaces?
Ad-Hoc ?
• Definition
– An ad-hoc network is a network formed
without any central administration, and whose
nodes can dynamically, arbitrarily and
continually connect and disconnect
• Nodes tend to be mobile and wireless
Characteristics
• No central Infrastructure => New problems
–
–
–
–
The “finding stuff” problem
Routing - nodes can drop in and out
Security - no trusted 3rd party certification
Fluctuating link quality
• True distributed computing
– Real work carried out by the nodes, not the server
– Requires a new way of thinking about:
• Application Development
• Systems Development
Degrees of “Ad-Hoc”ery
• If variables are independently relaxed, is network
still ad-hoc ?
– E.g. in-car nodes are not mobile w.r.t each other
– HiperLAN/2 has central control, but nodes can
communicate directly
• Key concept:
– Peer nodes can find each other, discover services,
connect directly & communicate, without central
control
Finding Stuff
• To use a service, I must be able to find it
• Important in all distributed systems, including
“sessile” ones
– DNS, CORBA Naming Service, Jini Lookup, LDAP,
etc.
• In ad-hoc, it’s even more critical
– Need to find available nodes, not just services
• which devices are near me ?
– No central authority for available resources
• Central to Bluetooth’s design and operation
Routing
• For node ‘A’ to talk to ‘B’, there must be a route
from A->B
• Difficult in ad-hoc networks
– A path which is optimal now may not even exist a
moment from now
• Approaches come in 2 flavours
– Table driven (proactive)
• Approach used in traditional fixed networks
– On-demand (reactive)
• Figure out routes as they’re needed
• Key trade-off
– Proactive - always have a route to any node, routing
tables always up-to date
• But scarce bandwidth is depleted
– Reactive - cut down on wasteful routeing updates
• But figure out route from scratch each time
• Consensus : reactive works best for ad-hoc
• Bluetooth is not inherently multi-hop
– Does not (need to?) address this problem
Security
• Can be a key issue
– How can we be sure no-one is eavesdropping ?
– Or that the other node is who it says it is ?
– But, for PAN, maybe not always crucial
• Ad-hoc networks don’t imply many new problems
– Encryption, non-repudiation theories still apply
• Key issue is trust
– No 3rd party trusted certification authority available
– Multi-hop ad-hoc networking requires trust delegation
Current Technologies
• IEEE 802.11
– Distributed Co-ordination Function mode is ad-hoc
– Underlies IP, may not be well-suited to ad-hoc
• Bluetooth
• HiperLAN
• Other “cool stuff”
– Ultra WideBand (UWB)
– Cybiko
Wireless Technologies
LAN
MAN
WAN
“Personal
Area Network”
“Local
Area Network”
“Metropolitan
Area Network”
“Wide
Area Network”
Bluetooth
802.11b
802.11a
HiperLAN2
802.11
MMDS
LMDS
GSM
GPRS
CDMA
2.5-3 G
Higher Data Rates
Higher Data Rates
Lower Data Rates
Medium Distances
Med-longer Distances
Longer Distances
Fixed, last mile
PDA Devices and
access
Handhelds to Internet
22+ Mbps
10 to 384 Kbps
PAN
Low Data Rates
Short Distances
Notebook/PC to Devices/ Computer-Computer
Printer/Keyboard/Phone
and to Internet
< 1 Mbps
2 to 54+ Mbps
Ad-Hoc Network Implementation
Bluetooth
Origins
•Low cost, low power, short range wireless communication
system origanlly developed as a replacement to cables
•Targeted at non-technical consumers. Technology should be
Transparent to the user
•Work in Progress since 1994 by Ericsson Mobile
Communication examining alternatives to using cables to link
accessories to their phones
•Bluetooth Special Interest Group established in 1998. Open
standard supported by many of the big players including
Erricsson, IBM, Nokia, Intel, Microsoft, Lucent, 3Com
Motorola
•Version 1.0 specification released in 1999
Personal Area Network
• Close Range Wireless Network
• Revolutionary way of interacting with
Information Technology Devices
• Seemless communication
• Phone Example
Bluetooth Protocol Stack
Bluetooth Protocol Stack Notes I
• Application layer, Application runs here. Specific
guidelines are in place about how it should use the
protocol stack.
• TCS ( Telephone Control Protocol Specification)
provides telephony services.
• SDP (Service Discovery Protocol) allows for the
discovery of services provided by other Bluetooth
devices.
• WAP (Wireless Application Protocol) and OBEX
(OBject EXchange protocol, part of IrDA) provide
interfaces to the higher layer parts of other
Communication Protocols.
Bluetooth Protocol Stack Notes II
• RFCOMM mimics a serial like RS232 link for the
programmer to use. Remember, Bluetooth is a replacement
technology for cables!
• AT commands are modem control signals, typically carried
over RS232 on home computers, again this is a
replacement technology for the RS232 cable!
• TCP\IP could sit at this level also, or PPP.
• L2CAP, Logical Link Control and Adaptation Protocol
multiplexes data from higher levels & converts between
different packet sizes. It encapsulates all of the above
protocols, makes them appear as just data to lower layers.
• Host Controller Interface handles commmunications
between a separate host and a Bluetooth module.
Bluetooth Protocol Stack Notes III
• Link Manager controls and configures links to
other Bluetooth devices, attaches slaves to Piconet
and suchlike.
• Baseband \ Link Controller controls physical
links via the radio, assembiling packets and
controlling frequency hopping. Really two
functions here, see later in notes.
• Radio modulates and demodulates data for
transmission and reception. It operates on the
ISM (Industrial Scientific\Medical) band. Same as
a cordless phone and our 802.11 LAN.
OSI and Bluetooth
OSI Vs Bluetooth
• No Direct mapping, Different!!!!
• Physical Layer responsible for electrical interface
to the communicaitons media. Therefore it covers
the radio and part of the Baseband
• Data Link Responsible for transmission, framing
and error control. Overlaps the Link Controller
and the control end of the baseband, including
error checking and correction
OSI Vs Bluetooth
• Network Layer is responsible for data transfer
across the network, independent of the media or
netwok topology. Covers the higher end of the
Link Controller, setting up and maintaining
multiple links and most of the Link Managers task
• Transport Layer is responsible for the reliability
and multiplexing of data transfer across the
network to the level provided by the application,
so it overlaps at the high end of the Link Manager
and the Host Controller Interface providing the
actual data transport mechanisms
OSI Vs Bluetooth
• Session Layer provide management and data flow
services, which are covered by L2CAP and and
the lower ends of RFCOMM and SDP
• Presentation layer provides common
representation for Application layer data.
• Application layer is responsible for managing
communications between host applications
Physical Layer
• Bluetooth Devices operate at 2.4000-2.4835 GHz in the globally
avaliable, licence-free Industrial Scientific Medical (ISM) band.
• Band is reserved for general use by ISM applications which obey a
basic set of power and spectral emmision and interface specifications.
• ISM cluttered with car security, cordless headphones, WLAN, random
noise from microwaves and sodium vapour lights.
• To Help overcome these problems Bluetooth uses FHS, adaptive
power control and short data packets
• Only 79 channels available in the bandwith
• The FHS algorithm ensures a maximum distance between adjacent
hops
• Retransmission will always occur on a different channel
• Polluted bandwidth with many shard users so Bluetooth has to be
robust
Physical Layer
Masters, Slaves, Slots ..
• Every Bluetooth device has a unique Bluetooth
address and Bluetooth clock.
• Bluetooth frequency hopping sequence (FHS)
calculated using a given Bluetooth address and
Bluetooth clock.
– Algorithm described in the baseband part of the spec.
• Slaves use master’s address and clock to calculate
the FHS
Masters, Slaves, Slots ..
• Master also controls when devices are
allowed to transmit
• Slots are alloacted for voice and data
– Voice is time orientated (SCO)
– Data is packet orientated (ACL)
• Data Slots: Slaves are only allowed to
transmit in reply to the Master (ACL)
• Voice slots: Slaves have to transmit regulary
in reserved slots (SCO)
Masters, Slaves, Slots ..
• Master divides up the available bandwidth
using Time Division Multiplexing (giving
each device the bandwidth for a fixed
amount of time)
Masters, Slaves, Slots ..
• Frequency hopping from slot to slot
according to FHS algorithm.
Piconets
Piconets
• A collection of Slaves acting under a single
Master is called a Piconet.
• All devices follow Masters timing and FHS as
dictated by the FHS algorithm.
• No direct link between Slaves. Centralised
through master.
• Only 7 alive Slaves allowed per Piconet, the
rest sleep.
Scatternets
Scatternet Characteristics
• A scatternet is the linking of a number of Piconets into a
larger network
• Devices may be members of more than one Piconet
• Devices in two Piconets must time-share between the
piconets.
• A Device can be:
– A slave in both Piconets
– A master in one Piconet and a slave in another
• Can’t be a Master in both. All devices would have to
synchronise to the Masters FHS
Scatternets - Interference I
• Devices in one piconet are syncronised so
they should not interfere with each other.
• Devices from nearby piconets can interfere
with other piconets by randomly colliding
on the same frequency.
• If a collision occurs, retransmission is likely
be on a different frequency so low probabilty
that collision will occur again.
• If traffic is voice, packet is ignored, low
impact on quality.
Scatternets - Interference II
• The more piconets, the greater the chance
for interference increasing the number of
retransmissions, reducing the overall data
rate.
• Interfrence can occur if there are a lot of
independent piconets.
• Interference also happens within scatternets,
as masters are independent of each other.
Piconets of different power classes
Power Consumption
•
•
Minimal Radio power used
3 classes defined in the standard
Class
1
2
3
Distance
100m
20m
10m
Power
100mW
2.5mW
1mW
Voice and Data Links
• Voice communication is typically delay
sensitive, data communication is not.
• SCO - Synchronous Connection Oriented
suites voice communication.
• ACL - Asynchronous ConnectionLess suites
data communication.
ACL Data Packets
• Constructed from 72 bit access code, 54 bit packet header
and 16 bit CRC , in addition to data payload.
• Variety of packet types, varying amounts of data.
• Largest is DH5 packet, sent over 5 slots.
• DH5 carries 339 bytes, so 2858 packet bits are sent on air
carrying 2721 data bits.
• Min length reply is 1 slot, so max baseband data rate in
one direction is 723.2 Kbps
• So with 5-slot packets in one direction, the 1-slot packets
sent in other direction will only carry 57.6Kbps yield an
asynchronous link with more data going in the 5-slot
direction. Data rate thus 433.9Kbps (down from 1Mbps on
air)
Bluetooth Security
• Some people say that FHS provides
security, this is NOT strong security as
understood by Cryptography community.
• Bluetooth can employ cryptography,
however this has been demonstrated to be
flawed (broken in fact).
• Uses streaming RC4 with 64 and 128 bit
key-lengths and Initialisation Vector, IV.
Applications and Profiles
• Profiles provide clear description of how a
full specification of a standard system
should be used to implement a given enduser function.
• Allows product (multi-vendor)
interoperability.
• ISO defines profiles as follows
– Implementation options are reduced so that
applications share the same features.
– Parameters are defined so that applications
operate in similar ways.
– Standard mechanisms for combining different
standards are defined.
– UI guidelines are defined.
Bluetooth Profiles
Generic Access Profile
Telephony Control Protocol Specification
Service Discovery
Application Profile
Cordless
Telephony Profile
Serial Port Profile
Dial-up Networking
Profile
Intercom
Profile
Generic Object Exchange Profile
File Transfer Profile
FAX
profile
Object Push Profile
Headset
Profile
Synchronisation Profile
LAN Access
Profille
Bluetooth provides
•
•
•
•
•
•
•
Convenience
Reliability
Resilience
Cost effectiveness
Low power
Short range
Data and voice communication
Application Examples
•
•
•
•
•
•
•
•
Mobile Phone to Laptop
Mobile Phone to headset
Mobile phone to mobile phone
Cordless phone (landline)
LAN Access points (like 802.11)
Laptop to PDA communication
Laptop to printer
etc, etc
Discovering Bluetooth Devices
• Laptop wants to connect to a modem and
mobile phone has a modem.
• How does say a laptop discover that a
mobile phone is within its vicinty? It
enquires.
• Laptop transmits and retransmits a series of
inquiry packets.
• Mobile phone replies with FHS packet.
• FHS synchronisation packet contains all
information for creation of connection.
• FHS packet also tells laptop the device
class.
• Device class consists of Major and Minor
parts:
– Major indicates it is a phone
– Minor indicates it is a mobile phone
• What next? Let user decide what to do?
• This is a matter for the programmer!
• May present user with list of Bluetooth
devices found, allow user to choose what to
do next, or program in responses.
• Could go on to find out which devices in
area support a modem profile for instance.
Retrieving Information on Services
Service Discovery Protocol SDP
• Service Discovery Protocol allows a device
to discover what services a Bluetooth
device has to offer
• Laptop pages the phone (wants its modem).
• Phone listening for pages (as it does),
responds.
• ACL connection is then set up and an
L2CAP connection is set up across it.
SDP, L2CAP and PSM
• L2CAP allows many protocols and services to use
one baseband ACL link
• L2CAP distinguishes between different protocols
and services on one ACL connection by adding a
Protocol and Service Multiplexor (PSM) to every
L2CAP packet.
• PSM number is different for every protocol or
service using the link.
• This connection is for Service Discovery, PSM is
0x0001, special value always used for service
discovery.
• Asks for all information from Service Discovery
Server about what services it has available
Service Discovery Database
• Service Attributes sent back to enquirer.
• Laptop application can decide to use services or
ask user for intervention.
• Laptop may poll several devices in vicinity,
closing down links when not required.
– Saves bandwidth and power
• Laptop may have choice of devices providing
required service, may interact with user or choose
automatically, depending how application was
written.
Connecting to Dial-up Networking Service
Connecting to a Bluetooth Service
• Laptop sets up a ACL connection using the same
paging process for service discovery
• Specific quality of service (QOS) requirements
may exist for Dial Up Networking (DUN)
connection so application may wish to configure
link accordingly.
• Application sends its requirements to the
Bluetooth module using the Host Controller
interface (HCI).
• The module uses the Link Manager to configure
the link using the Link Management Protocol.
• Once the ACL connection is set up, an L2CAP connection
is set up.
• DUN profile uses RFCOMM.
• L2CAP uses Protocol Stack Multiplexor for RFCOMM
(PSM = 0x0003).
• After L2CAP link established, RFCOMM connection set
up across it.
• RFCOMM (like L2CAP) can multiplex several protocols
or services across one connection. Each with distinct
channel number. Cellphone sent channel number for DUN
in service discovery information, so laptop knows which
channel to use when setting up RFCOMM connection.
• Now the laptop can use the phone to make calls.
Protocol Stack I
The Bluetooth Module
Bluetooth Radio
• Operates on the 2.4GHz channel.
• Low power design is encouraged to make it feasible to
incorporate into mobile, low power devices.
• Modulation is GFSK (Gaussian Frequency Shift Keying)
with gross bit rate of 1Mbps on a 1MKz channel.
• Antenna design is complex.
• Must radiate power in spherical fashion.
• Proximity of ground planes and casings on BT device may
affect performance of antenna.
Baseband
• Physical Layer - Responsible for:
– Channel coding and decoding.
– Provides low level control of timing and management of a single
data packet transfer.
– Error detection and correction.
• Devices may be Masters or Slaves (controlled by Masters).
• Data Links can be Synchrnous Connection Oriented
(SCO) or Asynchrnous Connection Less (ACL)
• A number of packet types exist. Trade off between
reliabilty and data bandwidth. SCO and ACL have
different packet sizes
Baseband Packet Transmission
1 Master and 3 Slaves
Link Controller
(part of Baseband)
• Responsible for managing device discoverability,
establishing connections and managing on-air links.
• Stages to establishing links
– Host requests an enquiry
– Inquiry sent using enquiry hopping sequence.
– Inquiry scanning devices respond with FHS packets, containing
information necessary for connecting to them.
– Contents of FHS sent back to host.
– Host requests connection to one of the devices which responded to
the inquiry.
– Paging is used to initiate a connection to selected device.
– If selected device is page scanning it responds to the page.
– If page scanning device accepts connection, it will begin hopping
using the Master’s frequency hopping sequence and timing.
Link Manager
• When LC finished, LM takes over.
• Many functions include
– Change role from Master to Slave
– Security procedures...
• authentication, pairing, encryption.
– May support up to three SCO connections
– May change mode, low power or test mode
– May be reconfigured at any time, mode changes, QOS
changes, packet type changes and power level changes.
– Information about an active link can be retrieved at any
time.
– LMP can cause disconnection.
Host Controller Interface
• Host can implement higher layers, L2CAP and above. Module
implements lower layers, LMP and below.
• HCI provides standardised interface between module and host and thus
interoperability for a variety of manufacturers.
• HCI uses three packet types...
– Commands from host to module.
– Events from module to host.
– Data packets in both directions.
• HCI commands allow host complete control over module including...
– Control of links, setup, teardown, configure.
– Set link policy on power saving and role switching.
– Direct access to information on local module, and access to information
on remote devices by triggering LMP exchanges.
– Control of features like Baseband timeouts
Protocol Stack II
The Bluetooth Host
L2CAP
Logic Link and Adaptation Protocol
• L2CAP passes packets to either the HCI or on a hostless
system, directly to the Link Manager.
• Functions...
– Multiplex between different higher layer protocols
– Segmentation and reassembly.
– Provide one-way transmission management to a group of other BT
devices.
– QOS management for higher layer protocols.
• Relies on ACL for end-to-end connections and QOS.
• L2CAP is a compulsory layer.
• Also used by RFCOMM and SDP.
RFCOMM
•
•
•
•
RS-232 serial ports have 9 circuits for data and signalling.
RFCOMM provides multiple RS-232 connections over L2CAP.
Baseband provides reliable in-sequence bit stream.
RFCOMM also provides
–
–
–
–
–
–
–
105 - Request To Send (RTS)
106 - Clear To Send (CTS)
107 - Data Set Ready (DSR)
109 - Data Carrier Detect (DCD or CD)
Remote Line Status, break, overrun, parity
Remote Port Settings - Baud rate, parity, no. of data bits, etc
parameter negotiation (frame size)
RFCOMM Operation
• 1st set up L2CAP connection.
• RFCOMM sent in payload of L2CAP packets.
• Once L2CAP connection up, RFCOMM control frames
sent back & forth to establish a signalling channel.
• Now subsequent channels may be set up for data transfer.
• Up to 30 channels may be established to support 30
different services.
• RFCOMM broadly based on GSM 07.10.
SDP
•
•
•
•
BT not like LAN where connections are temporally stable.
BT devices always on the hunt for new services.
SDP relies on L2CAP links between client and server.
SDP steps...
– Establish L2CAP connection to remote device (channel identified
by PSM 0x0001)
– Search for specific class of service or browse for services.
– Retrieve attributes necessary to connect to chosen service.
– Establish separate (non SDP) connection to use the service.
– Drop SDP channel or keep it open for other services.
Protocol Stack III
Cross Layer Functions
Encryption & Security
• Bluetooth encryption is deeply flawed because of
4 digit pin user intervention and the use of a
streaming cypher with a rotating short IV. Can be
cracked in circa 3 hours sniffing.
• Key scheduling implementation for RC4 is the
problem.
• Do it at the application layer, or just forget about
it. Ise IPSec or somesuch.
Bluetooth & Health
• Natural frequency of H20 molecular
oscillation is at 2,450 MHz (Microwave use
this to excite water molecules to heat food)
• Bluetooth range 2,400 MHz to 2,483.5 MHz
• Will Bluetooth leave you rare?
1
• Class 3 device produces 1mW which is 1,000,000
the amount of power of a 1KW microwave
oven .
• However, power dissipates according to r2
TCP/IP and Bluetooth
• Currently, TCP/IP runs over Point-to-Point
Protocol (PPP)
– Which runs over RFCOMM
– Similar to dialling up via a modem
• Not an ideal solution
– Particularly since L2CAP is packet switched
• Bluetooth Network Encapsulation Protocol
(BNEP) addresses this
– Layered over L2CAP - hosts IP (and others)
– Part of the PAN Profile
• Is TCP well suited to Bluetooth ?
– In any case, still need HCI, SDP at least
Some real uses of Bluetooth
•
•
•
•
•
•
•
•
Search & rescue
Environmental monitoring
Health care in the home
In-car infotainment bus
Automatic locking of PCs (Xyloc)
BlueTag
ChatPen (Ericsson, licensed from Anoto)
(Wireless Gaming)