1. Bluetooth An Ad Hoc Network

2. Trends Personal Computing Devices are ubiquitous –Mobile phone, pager, PDA, etc. –Improving processing power, network access, operating environments –Devices becoming first class network citizens Collaborative, peer-to-peer networks break new ground –Napster, Gnutella, Morpheus, etc. –De-centralised, “infrastructure-less” systems Resilient, efficient use of processing power Currently still opportunistic, not standards-based

3. Infrastructure Most computer systems are infrastructure-oriented –DNS servers, DHCP servers, Web servers, file servers, application servers, … –Not well suited to mobile, powerful devices Devices should be peers - collaborate directly –Chat & instant messaging, sharing meeting notes, broadcasting slides to audience, etc. Needs suitable physical networking technology –Bluetooth, 802.11, etc. Needs suitable operating framework –Jini?, JXTA?, Javaspaces?

4. Ad-Hoc ? Definition –An ad-hoc network is a network formed without any central administration, and whose nodes can dynamically, arbitrarily and continually connect and disconnect Nodes tend to be mobile and wireless

5. Characteristics No central Infrastructure => New problems –The “finding stuff” problem –Routing - nodes can drop in and out –Security - no trusted 3rd party certification –Fluctuating link quality True distributed computing –Real work carried out by the nodes, not the server –Requires a new way of thinking about: Application Development Systems Development

6. Degrees of “Ad-Hoc”ery If variables are independently relaxed, is network still ad-hoc ? –E.g. in-car nodes are not mobile w.r.t each other –HiperLAN/2 has central control, but nodes can communicate directly Key concept: –Peer nodes can find each other, discover services, connect directly & communicate, without central control

7. Finding Stuff To use a service, I must be able to find it Important in all distributed systems, including “sessile” ones –DNS, CORBA Naming Service, Jini Lookup, LDAP, etc. In ad-hoc, it’s even more critical –Need to find available nodes, not just services which devices are near me ? –No central authority for available resources Central to Bluetooth’s design and operation

8. Routing For node ‘A’ to talk to ‘B’, there must be a route from A->B Difficult in ad-hoc networks –A path which is optimal now may not even exist a moment from now Approaches come in 2 flavours –Table driven (proactive) Approach used in traditional fixed networks –On-demand (reactive) Figure out routes as they’re needed

9. Key trade-off –Proactive - always have a route to any node, routing tables always up-to date But scarce bandwidth is depleted –Reactive - cut down on wasteful routeing updates But figure out route from scratch each time Consensus : reactive works best for ad-hoc Bluetooth is not inherently multi-hop –Does not (need to?) address this problem

10. Security Can be a key issue –How can we be sure no-one is eavesdropping ? –Or that the other node is who it says it is ? –But, for PAN, maybe not always crucial Ad-hoc networks don’t imply many new problems –Encryption, non-repudiation theories still apply Key issue is trust –No 3rd party trusted certification authority available –Multi-hop ad-hoc networking requires trust delegation

11. Current Technologies IEEE 802.11 –Distributed Co-ordination Function mode is ad-hoc –Underlies IP, may not be well-suited to ad-hoc Bluetooth HiperLAN Other “cool stuff” –Ultra WideBand (UWB) –Cybiko

12. Wireless Technologies Bluetooth 802.11b 802.11a HiperLAN2 GSM GPRS CDMA 2.5-3 G Low Data Rates Short Distances Notebook/PC to Devices/ Printer/Keyboard/Phone Higher Data Rates Med-longer Distances Fixed, last mile access Lower Data Rates Longer Distances PDA Devices and Handhelds to Internet < 1 Mbps 22+ Mbps 10 to 384 Kbps PAN“Personal Area Network” LAN“Local WAN“Wide 802.11 MMDS LMDS MAN“Metropolitan Area Network” Higher Data Rates Medium Distances Computer-Computer and to Internet 2 to 54+ Mbps

13. Ad-Hoc Network Implementation Bluetooth

14. Origins Low cost, low power, short range wireless communication system origanlly developed as a replacement to cables Targeted at non-technical consumers. Technology should be Transparent to the user Work in Progress since 1994 by Ericsson Mobile Communication examining alternatives to using cables to link accessories to their phones Bluetooth Special Interest Group established in 1998. Open standard supported by many of the big players including Erricsson, IBM, Nokia, Intel, Microsoft, Lucent, 3Com Motorola Version 1.0 specification released in 1999

15. Personal Area Network Close Range Wireless Network Revolutionary way of interacting with Information Technology Devices Seemless communication Phone Example

16. Bluetooth Protocol Stack

17. Bluetooth Protocol Stack Notes I Application layer, Application runs here. Specific guidelines are in place about how it should use the protocol stack. TCS ( Telephone Control Protocol Specification) provides telephony services. SDP (Service Discovery Protocol) allows for the discovery of services provided by other Bluetooth devices. WAP (Wireless Application Protocol) and OBEX (OBject EXchange protocol, part of IrDA) provide interfaces to the higher layer parts of other Communication Protocols.

18. Bluetooth Protocol Stack Notes II RFCOMM mimics a serial like RS232 link for the programmer to use. Remember, Bluetooth is a replacement technology for cables! AT commands are modem control signals, typically carried over RS232 on home computers, again this is a replacement technology for the RS232 cable! TCP\IP could sit at this level also, or PPP. L2CAP, Logical Link Control and Adaptation Protocol multiplexes data from higher levels & converts between different packet sizes. It encapsulates all of the above protocols, makes them appear as just data to lower layers. Host Controller Interface handles commmunications between a separate host and a Bluetooth module.

19. Bluetooth Protocol Stack Notes III Link Manager controls and configures links to other Bluetooth devices, attaches slaves to Piconet and suchlike. Baseband \ Link Controller controls physical links via the radio, assembiling packets and controlling frequency hopping. Really two functions here, see later in notes. Radio modulates and demodulates data for transmission and reception. It operates on the ISM (Industrial Scientific\Medical) band. Same as a cordless phone and our 802.11 LAN.

20. OSI and Bluetooth

21. OSI Vs Bluetooth No Direct mapping, Different!!!! Physical Layer responsible for electrical interface to the communicaitons media. Therefore it covers the radio and part of the Baseband Data Link Responsible for transmission, framing and error control. Overlaps the Link Controller and the control end of the baseband, including error checking and correction

22. OSI Vs Bluetooth Network Layer is responsible for data transfer across the network, independent of the media or netwok topology. Covers the higher end of the Link Controller, setting up and maintaining multiple links and most of the Link Managers task Transport Layer is responsible for the reliability and multiplexing of data transfer across the network to the level provided by the application, so it overlaps at the high end of the Link Manager and the Host Controller Interface providing the actual data transport mechanisms

23. OSI Vs Bluetooth Session Layer provide management and data flow services, which are covered by L2CAP and and the lower ends of RFCOMM and SDP Presentation layer provides common representation for Application layer data. Application layer is responsible for managing communications between host applications

24. Physical Layer Bluetooth Devices operate at 2.4000-2.4835 GHz in the globally avaliable, licence-free Industrial Scientific Medical (ISM) band. Band is reserved for general use by ISM applications which obey a basic set of power and spectral emmision and interface specifications. ISM cluttered with car security, cordless headphones, WLAN, random noise from microwaves and sodium vapour lights. To Help overcome these problems Bluetooth uses FHS, adaptive power control and short data packets Only 79 channels available in the bandwith The FHS algorithm ensures a maximum distance between adjacent hops Retransmission will always occur on a different channel Polluted bandwidth with many shard users so Bluetooth has to be robust

25. Physical Layer

26. Masters, Slaves, Slots.. Every Bluetooth device has a unique Bluetooth address and Bluetooth clock. Bluetooth frequency hopping sequence (FHS) calculated using a given Bluetooth address and Bluetooth clock. –Algorithm described in the baseband part of the spec. Slaves use master’s address and clock to calculate the FHS

27. Masters, Slaves, Slots.. Master also controls when devices are allowed to transmit Slots are alloacted for voice and data – Voice is time orientated (SCO) – Data is packet orientated (ACL) Data Slots: Slaves are only allowed to transmit in reply to the Master (ACL) Voice slots: Slaves have to transmit regulary in reserved slots (SCO)

28. Masters, Slaves, Slots.. Master divides up the available bandwidth using Time Division Multiplexing (giving each device the bandwidth for a fixed amount of time)

29. Masters, Slaves, Slots.. Frequency hopping from slot to slot according to FHS algorithm.

30. Piconets

31. A collection of Slaves acting under a single Master is called a Piconet. All devices follow Masters timing and FHS as dictated by the FHS algorithm. No direct link between Slaves. Centralised through master. Only 7 alive Slaves allowed per Piconet, the rest sleep.

32. Scatternets

33. Scatternet Characteristics A scatternet is the linking of a number of Piconets into a larger network Devices may be members of more than one Piconet Devices in two Piconets must time-share between the piconets. A Device can be: –A slave in both Piconets –A master in one Piconet and a slave in another Can’t be a Master in both. All devices would have to synchronise to the Masters FHS

34. Scatternets - Interference I Devices in one piconet are syncronised so they should not interfere with each other. Devices from nearby piconets can interfere with other piconets by randomly colliding on the same frequency. If a collision occurs, retransmission is likely be on a different frequency so low probabilty that collision will occur again. If traffic is voice, packet is ignored, low impact on quality.

35. Scatternets - Interference II The more piconets, the greater the chance for interference increasing the number of retransmissions, reducing the overall data rate. Interfrence can occur if there are a lot of independent piconets. Interference also happens within scatternets, as masters are independent of each other.

36. Piconets of different power classes

37. Power Consumption Minimal Radio power used 3 classes defined in the standard ClassDistancePower 1100m100mW 220m2.5mW 310m1mW

38. Voice and Data Links Voice communication is typically delay sensitive, data communication is not. SCO - Synchronous Connection Oriented suites voice communication. ACL - Asynchronous ConnectionLess suites data communication.

39. ACL Data Packets Constructed from 72 bit access code, 54 bit packet header and 16 bit CRC, in addition to data payload. Variety of packet types, varying amounts of data. Largest is DH5 packet, sent over 5 slots. DH5 carries 339 bytes, so 2858 packet bits are sent on air carrying 2721 data bits. Min length reply is 1 slot, so max baseband data rate in one direction is 723.2 Kbps So with 5-slot packets in one direction, the 1-slot packets sent in other direction will only carry 57.6Kbps yield an asynchronous link with more data going in the 5-slot direction. Data rate thus 433.9Kbps (down from 1Mbps on air)

40. Bluetooth Security Some people say that FHS provides security, this is NOT strong security as understood by Cryptography community. Bluetooth can employ cryptography, however this has been demonstrated to be flawed (broken in fact). Uses streaming RC4 with 64 and 128 bit key-lengths and Initialisation Vector, IV.

41. Applications and Profiles Profiles provide clear description of how a full specification of a standard system should be used to implement a given end- user function. Allows product (multi-vendor) interoperability.

42. ISO defines profiles as follows –Implementation options are reduced so that applications share the same features. –Parameters are defined so that applications operate in similar ways. –Standard mechanisms for combining different standards are defined. –UI guidelines are defined.

43. Service Discovery Application Profile Telephony Control Protocol Specification Generic Access Profile Cordless Telephony Profile Intercom Profile Generic Object Exchange Profile File Transfer Profile Object Push Profile Synchronisation Profile Serial Port Profile Dial-up Networking Profile FAX profile Headset Profile LAN Access Profille Bluetooth Profiles

44. Bluetooth provides Convenience Reliability Resilience Cost effectiveness Low power Short range Data and voice communication

45. Application Examples Mobile Phone to Laptop Mobile Phone to headset Mobile phone to mobile phone Cordless phone (landline) LAN Access points (like 802.11) Laptop to PDA communication Laptop to printer etc, etc

46. Discovering Bluetooth Devices Laptop wants to connect to a modem and mobile phone has a modem.

47. How does say a laptop discover that a mobile phone is within its vicinty? It enquires. Laptop transmits and retransmits a series of inquiry packets. Mobile phone replies with FHS packet. FHS synchronisation packet contains all information for creation of connection. FHS packet also tells laptop the device class.

48. Device class consists of Major and Minor parts: –Major indicates it is a phone –Minor indicates it is a mobile phone What next? Let user decide what to do? This is a matter for the programmer! May present user with list of Bluetooth devices found, allow user to choose what to do next, or program in responses. Could go on to find out which devices in area support a modem profile for instance.

49. Retrieving Information on Services

50. Service Discovery Protocol SDP Service Discovery Protocol allows a device to discover what services a Bluetooth device has to offer Laptop pages the phone (wants its modem). Phone listening for pages (as it does), responds. ACL connection is then set up and an L2CAP connection is set up across it.

51. SDP, L2CAP and PSM L2CAP allows many protocols and services to use one baseband ACL link L2CAP distinguishes between different protocols and services on one ACL connection by adding a Protocol and Service Multiplexor (PSM) to every L2CAP packet. PSM number is different for every protocol or service using the link. This connection is for Service Discovery, PSM is 0x0001, special value always used for service discovery. Asks for all information from Service Discovery Server about what services it has available

52. Service Discovery Database Service Attributes sent back to enquirer. Laptop application can decide to use services or ask user for intervention. Laptop may poll several devices in vicinity, closing down links when not required. –Saves bandwidth and power Laptop may have choice of devices providing required service, may interact with user or choose automatically, depending how application was written.

53. Connecting to Dial-up Networking Service

54. Connecting to a Bluetooth Service Laptop sets up a ACL connection using the same paging process for service discovery Specific quality of service (QOS) requirements may exist for Dial Up Networking (DUN) connection so application may wish to configure link accordingly. Application sends its requirements to the Bluetooth module using the Host Controller interface (HCI). The module uses the Link Manager to configure the link using the Link Management Protocol.

55. Once the ACL connection is set up, an L2CAP connection is set up. DUN profile uses RFCOMM. L2CAP uses Protocol Stack Multiplexor for RFCOMM (PSM = 0x0003). After L2CAP link established, RFCOMM connection set up across it. RFCOMM (like L2CAP) can multiplex several protocols or services across one connection. Each with distinct channel number. Cellphone sent channel number for DUN in service discovery information, so laptop knows which channel to use when setting up RFCOMM connection. Now the laptop can use the phone to make calls.

56. Protocol Stack I The Bluetooth Module

57. Bluetooth Radio Operates on the 2.4GHz channel. Low power design is encouraged to make it feasible to incorporate into mobile, low power devices. Modulation is GFSK (Gaussian Frequency Shift Keying) with gross bit rate of 1Mbps on a 1MKz channel. Antenna design is complex. Must radiate power in spherical fashion. Proximity of ground planes and casings on BT device may affect performance of antenna.

58. Baseband Physical Layer - Responsible for: –Channel coding and decoding. –Provides low level control of timing and management of a single data packet transfer. –Error detection and correction. Devices may be Masters or Slaves (controlled by Masters). Data Links can be Synchrnous Connection Oriented (SCO) or Asynchrnous Connection Less (ACL) A number of packet types exist. Trade off between reliabilty and data bandwidth. SCO and ACL have different packet sizes

59. Baseband Packet Transmission

60. 1 Master and 3 Slaves

61. Link Controller (part of Baseband) Responsible for managing device discoverability, establishing connections and managing on-air links. Stages to establishing links –Host requests an enquiry –Inquiry sent using enquiry hopping sequence. –Inquiry scanning devices respond with FHS packets, containing information necessary for connecting to them. –Contents of FHS sent back to host. –Host requests connection to one of the devices which responded to the inquiry. –Paging is used to initiate a connection to selected device. –If selected device is page scanning it responds to the page. –If page scanning device accepts connection, it will begin hopping using the Master’s frequency hopping sequence and timing.

62. Link Manager When LC finished, LM takes over. Many functions include –Change role from Master to Slave –Security procedures... authentication, pairing, encryption. –May support up to three SCO connections –May change mode, low power or test mode –May be reconfigured at any time, mode changes, QOS changes, packet type changes and power level changes. –Information about an active link can be retrieved at any time. –LMP can cause disconnection.

63. Host Controller Interface Host can implement higher layers, L2CAP and above. Module implements lower layers, LMP and below. HCI provides standardised interface between module and host and thus interoperability for a variety of manufacturers. HCI uses three packet types... –Commands from host to module. –Events from module to host. –Data packets in both directions. HCI commands allow host complete control over module including... –Control of links, setup, teardown, configure. –Set link policy on power saving and role switching. –Direct access to information on local module, and access to information on remote devices by triggering LMP exchanges. –Control of features like Baseband timeouts

65. Protocol Stack II The Bluetooth Host

66. L2CAP Logic Link and Adaptation Protocol L2CAP passes packets to either the HCI or on a hostless system, directly to the Link Manager. Functions... –Multiplex between different higher layer protocols –Segmentation and reassembly. –Provide one-way transmission management to a group of other BT devices. –QOS management for higher layer protocols. Relies on ACL for end-to-end connections and QOS. L2CAP is a compulsory layer. Also used by RFCOMM and SDP.

68. RFCOMM RS-232 serial ports have 9 circuits for data and signalling. RFCOMM provides multiple RS-232 connections over L2CAP. Baseband provides reliable in-sequence bit stream. RFCOMM also provides –105 - Request To Send (RTS) –106 - Clear To Send (CTS) –107 - Data Set Ready (DSR) –109 - Data Carrier Detect (DCD or CD) –Remote Line Status, break, overrun, parity –Remote Port Settings - Baud rate, parity, no. of data bits, etc –parameter negotiation (frame size)

69. RFCOMM Operation 1 st set up L2CAP connection. RFCOMM sent in payload of L2CAP packets. Once L2CAP connection up, RFCOMM control frames sent back & forth to establish a signalling channel. Now subsequent channels may be set up for data transfer. Up to 30 channels may be established to support 30 different services. RFCOMM broadly based on GSM 07.10.

70. SDP BT not like LAN where connections are temporally stable. BT devices always on the hunt for new services. SDP relies on L2CAP links between client and server. SDP steps... –Establish L2CAP connection to remote device (channel identified by PSM 0x0001) –Search for specific class of service or browse for services. –Retrieve attributes necessary to connect to chosen service. –Establish separate (non SDP) connection to use the service. –Drop SDP channel or keep it open for other services.

72. Protocol Stack III Cross Layer Functions

73. Encryption & Security Bluetooth encryption is deeply flawed because of 4 digit pin user intervention and the use of a streaming cypher with a rotating short IV. Can be cracked in circa 3 hours sniffing. Key scheduling implementation for RC4 is the problem. Do it at the application layer, or just forget about it. Ise IPSec or somesuch.

74. Bluetooth & Health Natural frequency of H 2 0 molecular oscillation is at 2,450 MHz (Microwave use this to excite water molecules to heat food) Bluetooth range 2,400 MHz to 2,483.5 MHz Will Bluetooth leave you rare? Class 3 device produces 1mW which is the amount of power of a 1KW microwave oven. However, power dissipates according to r 2

75. TCP/IP and Bluetooth Currently, TCP/IP runs over Point-to-Point Protocol (PPP) –Which runs over RFCOMM –Similar to dialling up via a modem Not an ideal solution –Particularly since L2CAP is packet switched Bluetooth Network Encapsulation Protocol (BNEP) addresses this –Layered over L2CAP - hosts IP (and others) –Part of the PAN Profile Is TCP well suited to Bluetooth ? –In any case, still need HCI, SDP at least

76. Some real uses of Bluetooth Search & rescue Environmental monitoring Health care in the home In-car infotainment bus Automatic locking of PCs (Xyloc) BlueTag ChatPen (Ericsson, licensed from Anoto) (Wireless Gaming)