Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Introduction to Bluetooth® March 3, 2011. 2 Introduction.

Similar presentations


Presentation on theme: "1 Introduction to Bluetooth® March 3, 2011. 2 Introduction."— Presentation transcript:

1 1 Introduction to Bluetooth® March 3, 2011

2 2 Introduction

3 3 Why Bluetooth? The purpose of Bluetooth is to provide cable replacement between commonly used devices by using wireless radio links Some of the goals are Low cost Low power Short range

4 4 Technical Overview

5 5 The ISM Band Bluetooth operates in the Industrial, Scientific and Medical (ISM) band Roughly 2400 MHz to 2480 MHz The ISM band is available worldwide Devices operating in the ISM band are unlicensed under certain radiated power requirements Many other devices use the ISM band b and g Cordless phones Wireless stereo headsets Microwave ovens

6 6 Radio Power Classes Class 1 - Roughly 100 meters Class 2 - Roughly 10 meters Class 3 - Less than 5 meters

7 7 Frequency Hopping Spread Spectrum Bluetooth uses Frequency Hopping Spread Spectrum Frequency Hopping avoids conflicts with other devices Bluetooth divides the ISM band into 79 channels Channel selection is performed such that all 79 channels are used (approximately) equally Radio frequency usage conflicts with other devices are avoided since Bluetooth uses pieces of the ISM band small amounts at a time

8 8 Frequency Hopping Spread Spectrum Information about the Master device determines the channel selection sequence The Master’s unique device address (“Bluetooth Device Address” or BD_ADDR) is one of the components in the channel selection sequence The Master’s internal clock (“Bluetooth clock”) is another component of the channel selection sequence The two components taken together provide enough randomness in the channel selection sequence that a reasonable number of Bluetooth piconets can operate in the same physical space The Master’s Bluetooth clock is rarely “on the air”, so the frequency hopping provides a measure of security

9 9 Adaptive Frequency Hopping (AFH) AFH is used to allow Bluetooth to adapt to the local operating environment When using AFH, devices determine channels that appear to be unreliable The devices can then agree not to use the unreliable channels AFH allows Bluetooth to Avoid channels where transmission is unlikely to succeed; improving throughput since those channels are not even tried Cooperate better with other wireless technologies by not transmitting on frequencies that another device is using

10 10 Data Links ACL links are used to pass application data and radio-to-radio control messages from one device to another Basic Data Rate ACL links are limited to approximately 720 KBits/Sec based on a 1 MBit/sec data rate Enhanced Data Rate (EDR) ACL links provide up to 2.16 MBits/Sec based on a 3 Mbit/sec data rate

11 11 Data Links Two EDR capable devices will monitor the packet error rates between them and adjust the transmission data rate and packet sizes to minimize the amount of data received with errors

12 12 Audio Links SCO (Synchronous Connection Oriented) and eSCO (Extended SCO) links are commonly used for audio transmission Audio quality is roughly the same as that of the public telephone network SCO/eSCO links provide guaranteed time slots eSCO links use larger packet sizes than SCO, allowing more audio information to be transferred in a single transmission This allows eSCO links to also support retransmission, something that it not available in SCO

13 13 Audio Over ACL The Advanced Audio Distribution Profile (A2DP) provides for the streaming of high quality audio over ACL links Audio compression algorithms such as MP3 or SBC reduce the bandwidth required for audio

14 14 Bluetooth Networks

15 15 Device Addressing Bluetooth Device Addressing uses the IEEE 48 bit MAC address format. Each Bluetooth device has a unique address known as the Bluetooth Device Address The upper 24 bits are an Organizationally Unique Identifier (OUI) assigned by the IEEE This is commonly referred to as a BD_ADDR

16 16 Masters and Slaves A Bluetooth “Master” is a device that initiates a connection to another device A Bluetooth “Slave” is a device that accepts a connection from a Master A device that is not currently connected is neither a Master or a Slave A Bluetooth network consists of one Master device and up to seven Slave devices This is called a “piconet” When a device participates in more than one piconet, a “scatternet” is present

17 17 Masters and Slaves The Master device provides timing and access control for Slave devices Slaves do not speak unless spoken to Slave devices only communicate with their associated Master devices Slave devices do not directly communicate with one another After a connection is established, a Master and Slave may chose to trade places This is referred to as a “Role Switch”

18 18 Inquiry and Paging

19 19 Device Discoverability Bluetooth devices may be placed into a mode where they periodically listen for a request to locate nearby devices This is referred to as “Inquiry Scanning” A device that is not Inquiry Scanning will not receive the “Inquiry Request” and is therefore invisible to the Device Discovery process When an Inquiry request message is received, the device responds with its BD_ADDR, Bluetooth Clock, Class of Device and some other information The Class of Device is a rough description of the device and can be used to filter away devices that are not of interest “Inquiry Scanning”, “Inquireable” and “Discoverable” are often used interchangeably

20 20 Device Connectability Bluetooth devices may be placed into a mode where they periodically listen for a request from another device to initiate a physical connection This is referred to as “Page Scanning” A device that is not Page Scanning will not receive the “Page Request” and is therefore invisible to the Device Connection process When the device is in this mode, and it receives a request with its device address, it responds to the requesting device and the process of creating a physical connection ensues “Page Scanning”, “Pageable” and “Connectable” are often used interchangeably

21 21 Device Connectability A device may be in any combination of Inquirable and Pageable as needed

22 22 Security

23 23 Link Keys Two devices may establish a common secret known as a "Link Key“ This allows two devices to determine that they know each other at a later time The devices exchange information based on what they believe is the shared link key If the information is correct, the two devices are known to each other This is known as LMP Authentication The Link Key itself is never transmitted over the air Instead, values derived from the Link Key, a large random number, and some other data items is used to compute the information that appears on the air

24 24 LMP Authentication The results from the Authentication process do not persist across connections If a connection is broken, the devices must Authenticate again at their next connection Authentication must be performed before encryption is enabled One of the values from the Authentication process is used in the computation of the seed for the encryption key sequence

25 25 Where Do Link Keys Come From? The Link Key shared between a pair of devices may be permanently stored in the devices This is used for special circumstances and is generally discouraged Two devices execute a process known as “Pairing” to create their common Link Key The Link Key is stored for future use A new Link Key may be generated at any time by re-executing the Pairing process There are two form of Pairing: Legacy Pairing Secure Simple Pairing

26 26 Where Do Link Keys Come From? Two devices which have executed the pairing process and computed a common link key are said to be Bonded After two devices have Bonded, there may be no need for either of them to be Discoverable

27 27 Legacy Pairing Legacy Pairing generally involves the use of a shared four digit PIN Code The devices exchange large random numbers and then perform some math on those numbers factoring in the PIN Code The result of the math is a Link Key The PIN Code itself is never transmitted over the air LMP Authentication is used to confirm that both devices computed the same answer (Link Key)

28 28 Vulnerabilities Of Legacy Pairing PIN Codes may be up to 16 bytes in length and may be binary 4 digits are commonly used to reduce the amount of input that the user needs to provide The limited number of buttons on mobile phones has caused only the digits 0 to 9 to be used in common practice The lack of a user interface on devices such has mobile phone headsets had led to the common use of “0000” as the PIN Code

29 29 Vulnerabilities Of Legacy Pairing If the PIN Code is known to a third party, and the exchange of random numbers can be captured over the air, then the third party can compute the Link Key

30 30 Secure Simple Pairing Secure Simple Pairing was introduced in version 2.1 of the Bluetooth Core Specification to address the issues in Legacy Pairing A two phase approach is used to compute the Link Key The first phase involves the use of the Diffie Helman Elliptic Curve algorithm to compute a common numeric value

31 31 Secure Simple Pairing The second phase varies based on the capabilities of the two devices The second phase methods are known as Numeric Comparison Just Works Passkey Entry Out Of Band When a Bluetooth 2.1 (or later) device learns that its peer device is also a 2.1 device, Secure Simple Pairing MUST be used to generate the common Link Key

32 32 Secure Simple Pairing – Numeric Comparison This method may be chosen when both devices have a display and the ability for the user to enter a “Yes” or “No” value A 6 digit random number is displayed on both devices The user must then confirm on both devices that the same number is displayed

33 33 Secure Simple Pairing – Just Works This method may be chosen when one of the devices has neither a display or a keyboard A 6 digit random number is exchanged between the devices The devices automatically accept value without user intervention This method is not as secure as Numeric Comparison The resulting Link Key is labeled “un-authenticiated” so that the application software can decide if it is usable

34 34 Secure Simple Pairing – Passkey Entry This method may be chosen when one device has a display and the other device has a keyboard A 6 digit random number is displayed on the device containing the display The 6 digit number is entered on the device which has the keyboard

35 35 Secure Simple Pairing – Out Of Band When two devices share a secure means of transferring data without using Bluetooth, the Out Of Band mechanism may be used The cryptographic information may be exchanged using Smart Cards Near Field Communications RFID

36 36 Encryption Because the “seed” for the encryption key sequence comes from the most recent LMP Authentication, the encryption key sequence is different each time two devices connect Bluetooth currently uses Safer+ A stronger method, possibly AES-128, may be used in the future

37 37 Security Modes The Bluetooth Core Specification defines four security modes Security Mode 1 is “non secure” Security Mode 2 is “service level enforced security” In this mode, an application (service) initiates security The security features used may be trusted device Authentication, or Authentication and Encryption Security Mode 3 is “link level enforced security” In this mode, security is initiated when the devices connect to one another The security features are the same as with mode 2

38 38 Security Modes Security Mode 4 is a more stringent form of Security Mode 2 All applications (services) are required to initiate security procedures Both Authenticiation and Encryption are required to be used Services may choose to re-initiate the pairing process based on the strength of the existing Link Key. An un-authenticated Link Key may not be strong enough for some applications When a Bluetooth 2.1 (or later) device learns that its peer device is also a 2.1 device, Security Mode 4 MUST be used An exception is the Service Discovery Protocol, which is used to learn the set of services available on the peer device

39 39 Secure Simple Pairing Debug Mode The first phase of Secure Simple Pairing (Diffie Helman algortihm) was chosen to make it difficult to capture the pairing process using an “Air Sniffer” Secure Simple Pairing Debug Mode may be enabled on a device to cause the pair of devices to used a predefined set of public and private keys An Air Sniffer when seeing one of the predefined public keys on the air automatically knows the rest of the keys and can excute the Diffie Helman algorithm A Link Key that results from Debug Mode is labeled as a Debug Key and is not considered to be secure

40 40 The Host Controller Interface

41 41 The Host Controller Interface Bluetooth defines two entities that make up a complete implementation Hosts Host Controllers You need one of each “Host Controllers” are often simply referred to as “Controllers” Bluetooth Device 1 HOST HOST Controller

42 42 Hosts and Host Controllers The Host is where the application executes If a device has a CPU, it may be convenient for the Host to execute there The Host Controller is where the radio work gets done The Host Controller creates links to other Bluetooth devices upon request from the Host It maintains the quality of the radio link It responds to a limited class of messages without involving the Host Bluetooth Device 1 HOST HOST Controller

43 43 Host and Controller Interconnection The connection point between a Host and a Controller is the Host Controller Interface Bluetooth defines a messaging protocol to be used at the interface - HCI HCI allows application software from one vendor to be used with a Bluetooth radio (Controller) from another vendor Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface

44 44 HCI Transports USB  Sometimes referred to as “H2”  The USB transport takes advantage of the robustness and increased data rates provided by the Universal Serial Bus Secure Digital (SD)  The SD transport allows for Bluetooth HCI to be carried over SDIO interfaces Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD)

45 45 HCI Transports Future Transports Under Consideration  SPI  PCI Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD)

46 46 The Bluetooth Protocol Stack

47 47 Host Controller Side Protocols Transmitting and receiving of data is performed by the Baseband layer Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD) Baseband

48 48 Host Controller Side Protocols The Link Controller provides packet link level control and maintenance of a communications link The Link Manager Protocol provides the command and control interface for Link Controller & Baseband  HCI commands often result in the exchange of one or more Link Manager Protocol messages  A number of HCI events are generated in response to messages from the Link Manager Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD) Baseband Link Controller/ Link Manager

49 49 Host Side Protocols The L2CAP protocol is used to create and control virtual channels over an existing ACL link L2CAP provides protocol multiplexing allowing a single ACL connection to be used for multiple purposes Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD) Baseband Link Controller/ Link Manager L2CAP

50 50 Host Side Protocols The Service Discovery Protocol allows a device to learn about the applications that are supported on another device Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD) Baseband Link Controller/ Link Manager L2CAP SDP

51 51 Host Side Protocols RFCOMM is used for general purpose datastreams by the application profiles RFCOMM has a flow control mechanism based on credits Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface Baseband Link Controller/ Link Manager L2CAP SDPRFCOMM HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD)

52 52 Profiles Profiles are used at the application level as a way of specifying high level functionality The profile specifications define the rules and messaging required to implement a particular application client or server Bluetooth Device 1 HOST HOST Controller HCI Host Controller Interface Baseband Link Controller/ Link Manager L2CAP SDPRFCOMM Profiles HCI Transports Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD)

53 53 HOST RFCOMM L2CAP Bluetooth Device 1 HOST Controller Profiles SDP Link Controller/ Link Manager Baseband HCI HOST RFCOMM L2CAP Bluetooth Device 2 HOST Controller Profiles SDP Link Controller/ Link Manager Baseband HCI Host Controller Interface HCI Transports Host Controller Interface Asynchronous Serial HCI UART (H4) Three-Wire UART (H5) BCSP I/O Busses USB (H2) Secure Digital (SD)

54 54 Profiles

55 55 Profiles Each profile is developed by a Working Group and consists of three documents Profile Specification Defines the features available in the profile Defines the functions used to create the given features Profile Implementation Conformance Statement (PICS) A list of the features provided by the profile along with an indication of those that are Mandatory versus those that are optional Profile Test Specification Defines the procedures used to test the application functions defined in the Profile Provides a mapping between the features listed in the PICS and the functions used to implement them

56 56 Roles and Responsibilities A Profile specification defines one or more roles for a given Bluetooth application Most Profiles define two roles, one for each side of the application purpose For example, a mobile phone and a headset Each Profile feature is defined in terms of the overall roles for the profile For example, a mobile phone can place a call using the phone number provided to it by a headset.

57 57 Profile Testing The Bluetooth SIG has released the Profile Tuning Suite (PTS) PTS can be used to test implementations to ensure function in accordance with the specifications If two devices that are supposed to communicate with each other can pass the profile tests, there is high confidence that the devices will interoperate Use of the PTS is required by the Bluetooth Qualification Program

58 58 Common Profiles

59 59 Headset Profiles The Headset profiles are used with mobile phones, personal headsets for hands free phone usage, and hands free phone systems used in automobiles HandsFree Profile (HFP) Roles HandsFree Unit: Headset or car kit Audio Gateway: Mobile phone Headset Profile (HSP) Roles Headset Audio Gateway

60 60 Printing Profiles The Printing profiles are used to transfer data from devices to printers. They can also be used for moving photos to “smart picture frames” Basic Imaging Profile (BIP) Used for printing pictures and other graphics Roles Initiatiator: The device that is sending a picture Responder: The device that is receiving a picture to be printed or otherwise displayed

61 61 Printing Profiles Basic Printing Profile (BPP) Printer support for text based descriptions of the printed output Simple text files HTML web pages Structured text objects such a vCards Roles Sender Printer

62 62 Printing Profiles Hardcopy Cable Replacement Profile (HCRP) A simple command and messaging structure to allow for the elimination of cables between printers and other devices Roles HCRP Client HCRP Server

63 63 Transfer Profiles The Transfer profiles are used to transfer information between devices File Transfer Profile (FTP) General purpose file transfer between devices Supports file system directory structures on the serving device Session based connection where multiple operations may be carried out Roles File Transfer Client File Transfer Server

64 64 Transfer Profiles Object Push Profile (OPP) Primarily used for transferring common items such as business cards betweens mobile phones, PDAs, etc Used to “push” (send) an item from one to device to the another Not session based, a single connection is used for item to be pushed Many implementations support the transfer or arbitrary files Also considered a Printing profile since the target device may be a printer Roles Object Push Client Object Push Server

65 65 Input Profiles There is only one Input profile – HID Human Interface Device Profile (HID) Based on computing industry standard Human Interface Device specifications Used for computer keyboards, mice, etc Roles Host: Computer or other device needing input Device: Mouse, Keyboard, etc

66 66 Music Profiles The Music profiles are used to transmit high quality audio (music) from MP3 players, home stereo systems, etc. In addition, the Music profiles provide a means to remotely control such systems Advanced Audio Distribution Profile (A2DP) Streaming audio transfer from a music source to headphone, speakers or other devices Roles Source: MP3 player, home stereo, etc Sink: Stereo headphones, speakers, etc

67 67 Music Profiles Audio/Video Remote Control Profile Remote control of an entertainment device such as an MP3 player, television, home stereo etc Often used in conjuction with A2DP devices to allow the A2DP Sink to control the A2DP Source Roles Controller: The remote control unit Target: The device being controlled

68 68 Miscellaneous Profiles Serial Port Profile (SPP) Wireless serial cable emulation Commonly used for cable elimination between devices using asynchronous serial communications Roles Device A: The device that initiates a serial port connection Device B: The device that accepts a serial port connection Note that “Device A” and “Device B” have no correspondence to the common “DTE” (Data Terminal Equipment) and “DCE” (Data Communications Equipment) terminology. “Device A” may be a “DTE” or a “DCE”; “Device B” may be either as well

69 69 Miscellaneous Profiles SIM Access Profile This profile is used to allow HandsFree car kits and similar devices to access the setup information of a mobile phone The setup information can be used to allow the car kit to disable the mobile phone and operate on its behalf Roles SIM Access Client SIM Access Server

70 70 Miscellaneous Profiles Phone Book Access Profile (PBAP) The Profile provides a standardized way for a car kit or similar device to access the address book in a mobile phone Roles Client Server

71 71 References

72 72 Books "Bluetooth 1.1: Connect Without Cables" By Jennifer Bray, Charles F Sturman Generally considered a good place to start when learning about Bluetooth Some parts are technical but can be skimmed over "Bluetooth Application Developer's Guide" Edited by Jennifer Bray This book is often mentioned as the next place to go for those who will be working with Bluetooth

73 73 Websites Profile and protocol specifications Test specifications Much more


Download ppt "1 Introduction to Bluetooth® March 3, 2011. 2 Introduction."

Similar presentations


Ads by Google