What is Bluetooth?
Bluetooth
is a short-range and low power cable-replacement technology originally
developed for exchanging data over short distances from fixed and mobile
devices, creating personal area networks (PANs).
The word
"Bluetooth" is taken from the 10th century Danish King Harald Blatand, he had
been influential in uniting Scandinavian tribes(Denmark, southern Sweeden and
southern Norway) into a single kingdom.
The
Bluetooth logo is a bind rune merging the Younger Futhark runes
Runic letter ior.svg (Hagall) (ᚼ) and Runic letter berkanan.svg (Bjarkan) (ᛒ), Harald's
initials.
The
Bluetooth specification was first developed in 1994 by Sven Mattison and Jaap Haartsen, who
were working for Ericsson Mobile Platforms in Sweden.
5
companies (Ericsson, Nokia, IBM, Intel & Toshiba) joined to form the
Bluetooth Special Interest Group (SIG) in 1998(now SIG has more than 25,000
member companies).
The IEEE
standardized Bluetooth as IEEE 802.15.1, but no longer maintains the standard
Uses the
short-wavelength radio waves from 2.4 to 2.485 GHz
It uses 79 designated Bluetooth channels(each
channel has a bandwidth of 1 MHz).
History of Bluetooth
Bluetooth v1.0 and v1.0B:
• It had
many problems and manufacturers had difficulty making their products
interoperable.
• It also
included mandatory Bluetooth hardware device address (BD_ADDR) transmission in
the Connecting process, which was a major setback for certain services planned
for use in Bluetooth environments.
Bluetooth v1.1:
• Ratified
as IEEE Standard 802.15.1-2001
• Many
errors found in the v1.0B specifications were fixed.
• Received
Signal Strength Indicator (RSSI).
Bluetooth v1.2:
• Ratified
as IEEE Standard 802.15.1–2005
• Improved
resistance to radio frequency interference by avoiding the use of crowded
frequencies in the hopping sequence.
• Higher
transmission speeds in practice, up to 721 kbit/s.
• Host
Controller Interface (HCI) operation with three-wire UART.
•
Introduced Flow Control and Retransmission Modes for L2CAP.
Bluetooth v2.0 + EDR:
• This was
released in 2004,for an Enhanced Data Rate (EDR) upto 3 Mbit/s, although the practical data transfer rate is 2.1 Mbit/s.
• EDR can
provide a lower power consumption through a reduced duty cycle.
• Aside
from EDR, the v2.0 specification contains other minor improvements.
Bluetooth v2.1 + EDR:
• This was
adopted by the Bluetooth SIG on 26 July 2007.
• The
headline feature of v2.1 is secure simple pairing (SSP).
• Version
2.1 allows various other improvements, including "Extended inquiry
response" (EIR), which provides more information during the inquiry
procedure to allow better filtering of devices before connection; and sniff subrating, which
reduces the power consumption in low-power mode.
Bluetooth v3.0 + HS:
• This was
adopted by the Bluetooth SIG on 21 April 2009.
•
Bluetooth v3.0 + HS provides theoretical data transfer speeds of up to 24 Mbit/s,
though not over the Bluetooth link itself. Instead, the Bluetooth link is used
for negotiation and establishment, and the high data rate traffic is carried
over a colocated 802.11
link.
• The main
new feature is AMP (Alternative MAC/PHY), the addition of 802.11 as a high
speed transport.
Bluetooth v4.0:
• This
version 4.0 (called Bluetooth Smart) has been adopted on 30 June 2010.
• It
includes Classic Bluetooth, Bluetooth high speed and Bluetooth low energy
protocols. It provides more security in data transmission than the earlier
version.
Bluetooth v4.1:
• The
Bluetooth SIG announced formal adoption of the Bluetooth v4.1 specification on
4 December 2013.
• This
specification is an incremental software update to Bluetooth Specification
v4.0, and not a hardware update.
• These
include increased co-existence support for LTE, bulk data exchange rates.
Bluetooth v4.2:
•
Bluetooth v4.2 was released on December 2, 2014.
• It
Introduces some key features for IoT. Some features, such as Data Length Extension, require
a hardware update.
Bluetooth Architecture
(Bluetooth core system architecture)
Generic Access Profile(GAP)
• The
Generic Access Profile (GAP) block represents the base functionality common to
all Bluetooth devices such as modes and access procedures used by the
transports, protocols and application profiles.
• GAP
services include device discovery, connection modes, security, authentication,
association models and service discovery.
Security Manager Protocol(SMP)
• The
Security Manager Protocol (SMP) is the peer-to-peer protocol used to generate
encryption keys and identity keys.
• This
block is only used in LE systems.
• Similar
functionality in the BR/EDR system is contained in the Link Manager block in
the Controller.
• The
protocol operates over a dedicated fixed L2CAP channel.
• The SMP
block also manages storage of the encryption keys and identity keys and is
responsible for generating random addresses.
Attribute Protocol(ATT)
• The
Attribute Protocol (ATT) block implements the peer-to-peer protocol between an
attribute server and an attribute client.
• The ATT
client communicates with an ATT server on a remote device over a dedicated
fixed L2CAP channel.
Service Discovery Protocol(SDP)
• The
Service Discovery Protocol allows a device to discover services offered by
other devices, and their associated parameters.
• Each
service is identified by a Universally Unique Identifier (UUID), with official
services (Bluetooth profiles) assigned a short form UUID (16 bits rather than
the full 128).
•
Advanced Media Protocol(AMP)
• The AMP
manager is a layer that uses L2CAP to communicate with a peer AMP Manager on a
remote device.
• It is
responsible for discovering remote AMP(s), determining their availability and
information.
• This
information is used to set up and manage AMP physical links.
• The AMP
manager uses a dedicated L2CAP signaling channel to communicate with remote AMP
manager(s).
•
Radio Frequency Communication(RFCOMM)
• The
Bluetooth protocol RFCOMM is a simple set of transport protocols, made on top
of the L2CAP protocol.
• RFCOMM
is sometimes called serial port emulation.
• Enforces the
security policy for dial-up networking and other services relying on a serial
port.
Logical Link Control and Adaptation Protocol(L2CAP)
• Manages
the creation and termination of virtual connections called channels with other
devices.
•
Negotiates and dictates security parameters for channel establishment.
• The
Logical Link Control and Adaptation Protocol used to multiplex multiple logical
connections between two devices. Provides segmentation and reassembly of on-air
packets.
• In
Retransmission and Flow Control modes, L2CAP can be configured either for
isochronous data or reliable data per channel by performing retransmissions and
CRC checks.
• There
are two modes which effectively deprecate original Retransmission and Flow
Control modes:
• Enhanced
Retransmission Mode (ERTM): This mode is an improved version of the original
retransmission mode. This mode provides a reliable L2CAP channel.
•
Streaming Mode (SM): This is a very simple mode, with no retransmission or flow
control. This mode provides an unreliable L2CAP channel.
•
Adopted Protocols:
Adopted protocols are defined by other standards-making
organizations and incorporated into Bluetooth’s protocol stack, allowing
Bluetooth to code protocols only when necessary.
Point-to-Point Protocol (PPP): Internet
standard protocol for transporting IP datagrams over a point-to-point link.
TCP/IP/UDP:
Foundation Protocols for TCP/IP protocol suite.
Object Exchange Protocol (OBEX):
Session-layer protocol for the exchange of objects, providing a model for
object and operation representation.
Wireless Application
Environment/Wireless Application Protocol (WAE/WAP): WAE
specifies an application framework for wireless devices and WAP is an open
standard to provide mobile users access to telephony and information services.
Bluetooth Profiles
Advanced Audio Distribution Profile
(A2DP):
This profile
defines how multimedia audio can be streamed from one device to another over a
Bluetooth connection
Audio/Video Remote Control Profile
(AVRCP):
This profile is
designed to provide a standard interface to control TVs, all of the A/V
equipments to allow a single remote control
Basic Imaging Profile (BIP):
This profile is
designed for sending images between devices and includes the ability to resize,
and convert images to make them suitable for the receiving device.
Basic Printing Profile (BPP):
This allows
devices to send text, e-mails, vCards, or other items to printers based on print jobs.
Cordless Telephony Profile (CTP):
This is designed
for cordless phones to work using Bluetooth.
Device ID Profile (DIP):
It provides
identification of the manufacturer, product id, product version, and the
version of the Device
Dial-up Networking Profile (DUN):
This profile
provides a standard to access the Internet and other dial-up services over
Bluetooth.
Fax Profile (FAX):
This profile is
intended to provide a well-defined interface between a mobile phone or
fixed-line phone and a PC with Fax software installed.
File Transfer Profile (FTP):
Provides the
capability to browse, manipulate and transfer objects (files and folders) in an
object store (file system) of another system.
Generic Audio/Video Distribution
Profile (GAVDP):
GAVDP provides
the basis for A2DP and VDP, the basis of the systems designed for distributing
video and audio streams using Bluetooth technology.
Generic Access Profile (GAP):
Provides the
basis for all other profiles. GAP defines how two Bluetooth units discover and
establish a connection with each other.
Health Device Profile (HDP):
Health
Thermometer profile (HTP) and Heart Rate Profile (HRP) fall under this category
as well.
Hands-Free Profile (HFP):
This allow car
hands-free kits to communicate with mobile phones in the car. It commonly uses
Synchronous Connection Oriented link (SCO).
Human Interface Device Profile (HID):
Provides support
for devices such as mice, joysticks, keyboards, as well as sometimes providing
support for simple buttons and indicators on other types of devices.
Headset Profile (HSP):
This is the most
commonly used profile, providing support for the popular Bluetooth headsets to
be used with mobile phones.
LAN Access Profile (LAP):
LAN Access
profile makes it possible for a Bluetooth device to access LAN, WAN or Internet
via another device that has a physical connection to the network.
Message Access Profile (MAP):
Message Access
Profile (MAP) specification allows exchange of messages between devices.
Object Push Profile (OPP):
A basic profile
for sending "objects" such as pictures, virtual business cards, or
appointment details. It is called push because the transfers are always
instigated by the sender (client), not the receiver (server).
Personal Area Networking Profile (PAN):
This profile is
intended to allow the use of Bluetooth Network Encapsulation Protocol on Layer
3 protocols for transport over a Bluetooth link.
Phone Book Access Profile (PBAP, PBA):
Phone Book Access
(PBA) or Phone Book Access Profile (PBAP) is a profile that allows exchange of
Phone Book Objects between devices.
Serial Port Profile(SPP):
This profile
emulates a serial cable to provide a simple substitute for existing RS-232,
including the familiar control signals.
Pairing Process
During
pairing, the two devices establish a relationship by creating a shared secret
known as a link key. If both devices store the same link key, they are said to
be paired or bonded.
Legacy pairing:
This is available in Bluetooth v2.0 and before. Each
device must enter a PIN code; pairing is only successful if both devices enter
the same PIN code. Any 16-byte UTF-8 string may be used as a PIN code; however,
not all devices may be capable of entering all possible PIN codes.
Secure Simple Pairing (SSP):
This is required by Bluetooth v2.1, although a Bluetooth
v2.1 device may only use legacy pairing to interoperate with a v2.0 or earlier
device. Secure Simple Pairing uses a form of public key cryptography, and some
types can help protect against man in the middle, or MITM attacks.
Bluetooth Network configurations
Piconets:
• Two or more Bluetooth
units sharing the same channel.
• One device acts as a
master and the devices connected to it act as slaves.
• Slaves can not directly
send data to each other.
• In effect, the master acts
as a switch for the piconet and all traffic must pass
through the master.
• There can be up to 7
active slaves in a piconet but only one master.
Scatternets:
• A set of two or more
interconnected piconets form scatternets
• A Bluetooth unit can be a
slave in two or more piconets, but it can be a master in
only one.
• Bluetooth units can only
transmit and receive data in one piconet at a time.
• Piconets may be identified by the
master's identity and clock.
Security concerns
Bluejacking is the
sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices
such as mobile phones, PDAs or laptop computers, sending a vCard which
typically contains a message in the name field to another Bluetooth-enabled
device via the OBEX protocol.
Bluesnarfing is the
unauthorized access of information from a wireless device through a Bluetooth connection.This allows access to a calendar, contact
list, emails and text messages, and on some phones, users can copy pictures and
private videos. While Bluejacking is essentially harmless as it only
transmits data to the target device, Bluesnarfing is the theft of information from the target device.
Bluebugging is a form
of Bluetooth attack often caused by a lack of awareness,it allows hackers to remotely access a user's phone and
use its features, including placing calls and sending text messages, and the
user doesn't realize it's happening.
Bluetooth architecture in WinCE
Host Controller Interface (HCI) Architecture
The HCI provides a command interface to the
baseband controller and link manager, and access to configuration parameters.
This interface provides a uniform method of accessing the Bluetooth baseband
capabilities.
Using HCI, a BT application can access BT Hardware
without knowledge of the transport layer or other hardware implementation
details.
In
systems where the higher layers are run on a host device’s processor and lower
layers on a BT device, an interface is needed between the higher and lower
layers.
The
BT standard defines the HCI.
HCI Packet Types
The BT standard for the host controller interface
defines the following:
1. Command
packets used by the host to control the module
2. Event
packets used by the module to inform the host of changes in the lower layers
3. Data
packets to pass voice and data between host and module
HCI Command packets
The host to control the Bluetooth module and to
monitor its status uses HCI commands.
Commands are transferred using HCI command packets
If a command can complete immediately, an HCI_Command_Complete is
returned to indicate that the command has been dealt with.
If a command cannot complete immediately, an HCI_Command_Status
event is returned immediately, and another event is returned later when the
command has completed.
The
Opcode parameter is divided into
two fields, called the OpCode Group Field (OGF) and OpCode Command Field (OCF).
The
OGF occupies the upper 6 bits of the Opcode, while the OCF occupies
the remaining 10 bits.
HCI Data packets
HCI ACL Data Packets
HCI
ACL Data Packets are used to exchange data between the Host and Controller.
HCI Synchronous Data Packets
HCI
synchronous (SCO and eSCO) Data Packets are used to exchange synchronous data
between the Host and Controller.
HCI Event packets
The
HCI Event Packet is used by the Controller to notify the Host when events
occur. The Host must be able to accept HCI Event Packets with up to 255 octets
of data excluding the HCI Event Packet header.
HCI Commands - Example
Scanning sequence
HCI
Command : Inquiry (0x0401)
HCI Event : Command Status (0x0F)
HCI Event : Inquiry Result (0x02) or Extended Inquiry Result(0x2F) and/or
Inquiry Result with RSSI (0x22)
HCI Event : Inquiry Complete (0x01)
HCI
Command : Remote Name Request (0x0419)
HCI Event : Command Status (0x0F)
HCI Event : Remote Name Request Complete (0x07)
Pairing / Connection sequence
HCI
Command : Create Connection (0x0405)
HCI Event : Command Status (0x0F)
HCI Event : Connection Complete (0x03)
HCI
Command : Read Clock Offset (0x041F)
HCI Event : Max Slots Change (0x1B)
HCI Event : Read Clock Offset Complete (0x1C)
HCI
Command : Write Link Policy Settings
(0x080D)
HCI Event : Command Status (0x0F)
HCI
Command : Read Remote Extended Features (0x041C)
HCI Event : Command Status (0x0F)
HCI Event : Read Remote Extended Features Complete
(0x07)
HCI
Command : Authentication Requested (0x0411)
HCI Event : Command Complete (0x0E)
HCI Event : IO Capability Request (0x31)
HCI
Command : IO Capability Request Reply (0x042B)
HCI Event : Command Complete (0x0E)
HCI Event : IO Capability Response (0x32)
...
Will
be followed by ACL/SCO data packets...
HCI Transport layer driver in WEC7
This
is the only layer in WEC7 which can be modified.
WEC7
provides the HCI transport layer driver for generic bluetooth devices, (CSR BT dongle)
though USB and UART.
For
SDIO interface, the driver needs to be ported from WinCE6.0 to WEC7.
For
non-generic modules such as Redpine 9113 BT module, HCI
transport layer should be modified according to the module datasheet/Linux
driver.
HCI Transport layer driver - Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Bluetooth\Transports\PnP\{<GUID>}]
"flags"=dword:80000000
"driver"="bthusb.dll"
"resetdelay"=dword:0
"PacketSize"=dword:200
"BlockSize"=dword:5
[HKEY_LOCAL_MACHINE\Software\Microsoft\Bluetooth\sys]
"Power"=dword:1 ; Radio on by default
"ScanMode"=dword:3
; Radio is discoverable
"DisableAutoSuspend"=dword:1 ; Allow suspend when connected
[HKEY_LOCAL_MACHINE\Drivers\USB\LoadClients\5656_37139\Default\Default\Bluetooth_USB_Driver]
"DLL"="bthusb.dll"
[HKEY_LOCAL_MACHINE\Drivers\SDCARD\ClientDrivers\Custom\MANF-041B-CARDID-9330-FUNC-1]
"Dll"="bthsdio.dll"
WEC7 Catalog items and SYSGEN variables
Bluetooth Stack with Universal Loadable Driver SYSGEN_BTH
Bluetooth Settings SYSGEN_BTH_SETTINGS
Bluetooth HID – Keyboard SYSGEN_BTH_HID_KEYBOARD
Bluetooth HID – Mouse SYSGEN_BTH_HID_MOUSE
Bluetooth HS/HF and Audio Gateway Service SYSGEN_BTH_AG
Bluetooth PAN SYSGEN_BTH_PAN
Bluetooth Profile Management APIs SYSGEN_BTH_BTHUTIL
Bluetooth services SYSGEN_BTH_BTHSSVC
OBEX Client SYSGEN_OBEX_CLIENT
OBEX Server SYSGEN_OBEX_SERVER
OBEX File Browser SYSGEN_OBEX_FILEBROWSER
OBEX Inbox SYSGEN_OBEX_INBOX
Bluetooth utilities SYSGEN_BTH_UTILS
Bluetooth audio SYSGEN_BTH_AUDIO
Bluetooth modem SYSGEN_BTH_MODEM
Bluetooth vs. Wi-Fi
•Bluetooth
works at 2.4GHz frequency while Wi-Fi based networks work at 2.4, 3.6 and 5 GHz
.
•Wi-Fi is
intended as a replacement for high speed cabling for general local area network
access in work areas(wireless local area networks (WLAN)).
•Bluetooth
was intended for portable equipment and its applications(wireless personal area
network (WPAN)).
•Wi-Fi is
usually access point-centered, with an asymmetrical client-server connection with all
traffic routed through the access point, while Bluetooth is usually
symmetrical, between two Bluetooth devices.
•Wi-Fi
Direct was recently developed to add a more Bluetooth-like ad-hoc functionality
to Wi-Fi.
Advantages and Disadvantages
The Advantages of Bluetooth:
• Widely Used: Companies are taking the benefit by using this in
their new and future products to make life much easier for everyone.
• Feature Simplicity: You do not need to know much about
technology in order to run Bluetooth. Anyone that doesn't have no knowledge
about the new technology can still be able to use the Bluetooth feature due to
its simplicity and the ease of use.
• Go Wireless!: It allows you to stay cord free and do not have to
worry about finding the correct place to connect that extra long cord.
The Disadvantages of Bluetooth:
• Though
the transfer speeds are impressive at around 25 Mbps, certain other
technologies like Wi-Fi Direct can offer speeds up to 250 Mbps.
• Even
though the security is good, it is even better on Wi-Fi Direct.
• The
battery usage during a single transfer is negligible, but if the device is
switched on for long, it will drain the battery.
• Shorter
range when compared to WiFi
Note: This is a blog post extracted from a ppt that was prepared and presented by me and my team-mate in iWave Systems.
Please leave your questions or suggestions as comments.
Thanks. :)
Hi Keshava,
ReplyDeleteThank you, for your useful post about WEC7 Bluetooth.
Best Regards,
Naresh
Redpine signals,Inc Hyderabad.
Thanks! :)
Delete