bluetooth technology initial research instructor: professor ivan student: chang li 7067014 email:...
TRANSCRIPT
BLUETOOTH TECHNOLOGY INITIAL RESEARCHInstructor: Professor IvanStudent: Chang Li 7067014Email: [email protected]
Contents
Introduction History and Version Bluetooth vs Other wireless technologies Bluetooth Architecture Connection Establishment States Bluetooth Protocol Stack Bluetooth Profile Bluetooth Security Advantages and Disadvantages Question
What is Bluetooth?
A cable-replacement technology that can be used to connect almost any device to any other device
Radio interface enabling electronic devices to communicate wirelessly via short range (10 meters) ad-hoc radio connections
a standard for a small , cheap radio chip to be plugged into computers, printers, mobile phones, etc
What is Bluetooth?
Uses the radio range of 2.45 GHz Theoretical maximum bandwidth is 1 Mb/s Several Bluetooth devices can form an ad hoc
network called a “piconet” In a piconet one device acts as a master (sets frequency
hopping behavior) and the others as slaves Example: A conference room with many laptops
wishing to communicate with each other
Class of Bluetooth Bluetooth devices are classified according to three
different power classes, as shown in the following table.
History
Harald Bluetooth : 10th century Danish King, managed to unite Denmark and Norway
Bluetooth SIG (Special Interest Group) : Founded in 1998 by : Ericsson, Intel, IBM, Toshiba and
Nokia Currently more than 2500 adopter companies Created in order to promote, shape an define the
specification and position Bluetooth in the market place Current specification : Bluetooth 4.0
Bluetooth Applications
Automatic synchronization between mobile and stationary devices
Connecting mobile users to the internet using bluetooth-enabled wire-bound connection ports
Dynamic creation of private networks
PDACell Phone
Cordless PhoneBase Station
InkjetPrinter
Scanner
Home Audio System
ComputerDigital Camera
Version Bluetooth v1.2 Backward compatible with v1.1, faster connection and discovery. Recovered confrontation to radio frequency interference by avoiding the use of crowded frequencies in the hopping
sequence. Data transmission speed up to 721 kbit / s. Bluetooth v2.0 Backward compatible with the previous v1.2. Enhanced Data Rate (EDR) for faster data transfer. The nominal rate of EDR is about 3 Mbit / s Bluetooth v2.1 Backward compatible with v1.2. Uses secure simple pairing (SSP) to improve a better pairing experience for Bluetooth devices. Uses sniff sub rating, which reduces the power consumption in low-power mode. Bluetooth v3.0 Backward compatible with v2.1. Bluetooth 3.0 provides theoretical data transfer speeds of up to 24 Mbit / s. For high data rate traffic this version uses the adjacent 802.11 link. Bluetooth v4.0 Backward compatible with v3.0. It includes Classic Bluetooth, Bluetooth high speed and Bluetooth low energy protocols. Bluetooth high speed is
based on Wi-Fi, and Classic Bluetooth consists of legacy Bluetooth protocols. Provides faster speed in data transmission than the earlier version. It comes with greatly reduced power consuming, as if it does not require any power at all to function. It provides more security in data transmission than the earlier version.
Bluetooth vs Other wireless technologies
Bluetooth Architecture
Piconet Each piconet has one master and up to 7 simultaneous
slaves Master : device that initiates a data exchange. Slave : device that responds to the master
Scatternet Linking of multiple piconets through the master or slave
devices Bluetooth devices have point-to-multipoint capability to
engage in Scatternet communication.
Establishing Piconets
Whenever there is a connection between two Bluetooth devices, a piconet is formed
Always 1 master and up to 7 active slaves
Any Bluetooth device can be either a master or a slave
Can be a master of one piconet and a slave of another piconet at the same time (scatternet)
All devices have the same timing and frequency hopping sequence
MS
S
SP
PSB
SB
M=Master P=ParkedS=Slave SB=Standby
Scatternets
Formed by two or more Piconets
Master of one piconet can participate as a slave in another connected piconet
No time or frequency synchronization between piconets
Link Manager Operation
Devices operate in standby mode by default until they become connected to a piconet
4 Connection Modes Active Hold Park Sniff
Modes allow devices to adjust power consumption, performance, and the number/role of participants in a piconet
Active Mode
Limited to 7 Active slaves for each master Three bit address (AM_ADDR) given to each
active slave Unit actively participates on channel Can receive communications in any given frame Active slaves are polled by master for
transmissions Unit operates on high-power
Hold Mode
Frees slave to Attend another Piconet Perform scanning, paging, or inquiry operations Move into low-power sleep
Unit keeps active member address Unit does not support ACL packets on the channel but may
support SCO packets Master and slave agree on a one time hold duration after which
the slave revives and synchronizes with channel traffic Unit operates on low-power
Sniff Mode
Very similar to hold mode Slave is freed for reoccurring fixed time
intervals Master can only communicate during arranged
“sniff” time slots
Park Mode
Parked unit gives up active member address and is assigned 8 bit Parked member address (PM_ADDR) – allows
master to unpark slave 8 bit Access request address (AR_ADDR) – allows
slave to ask master to unpark it Unit stays synchronized to channel Operates in very low-power sleep
Park Mode (cont.)
Provides the ability to connect more than 7 devices to a master (8 bit PM_ADDR allows 255 parked devices)
Active and Parked slaves can be switched in and out to allow many connections to a single piconet
Inquiry and Page
Inquiry
Page
Inquiryscan
Masterresponse
Inquiryresponse
Pagescan
Slaveresponse
Connection Connection
(1) ID packet (Broadcast)
(2) FHS packet
(3) Paging ID packet
(4) ID packet
(5) FHS packet
(6) ID packet
(7) ID packet
Standby Standby
Master Slave
This is the connection process from standby
Physical links
Between master and slave(s), different types of links can be established. Two link types have been defined: Synchronous Connection-Oriented (SCO) link Asynchronous Connection-Less (ACL) link
Synchronous Connection Oriented (SCO)
Intended for use with time-bounded information such as audio or video
Provides a circuit-switched connection where data is regularly exchanged
Retransmission is not necessary, since data is real-time
Up to 3 SCO links per piconet
Asynchronous Connection-Less (ACL)
Designed for data traffic Packet switched connection where data is
exchanged sporadically as and when data is available from higher up the stack
Data integrity is checked through error checking and retransmission
One ACL link between a master and a slave
Frequency-Hopping Spread Spectrum (FHSS)
In order to mitigate interference, Bluetooth implements frequency hopping
1600 hops per second through 79MHz channels Spreads Bluetooth traffic over the entire ISM band All slaves in piconet follow the master for frequency hop sequence Such type of frequency hopping technique is called Adaptive
Frequency Hopping (AFH).
Frequency-Hopping Spread Spectrum(FHSS)
This adaptive hopping technique helps in the coexistance of other non-hoping static ISM devices with the Bluetooth devices. A good protection from the interference can be obtained with a fast hop rate. The other advantage is that the packets are short length. So whenever there is blocking or interference in the frequency, the packets can be resent in any other frequency provided by the frequency scheme of the master.
Bluetooth Protocol Stack
Bluetooth Radio
Baseband
LMP
L2CAPAudio
RFCOMM
PPP
IPUDP TCP
WAPWAE
OBEXvCard/vCal
AT-Commands
TCS BIN
Host Controller Interface (HCI)
Bluetooth Core Protocol
Adopted Protocol
Cable Replacement Protocol
SDP
Telephony Protocol
Bluetooth Protocol Stack Bluetooth Radio : specifics details of the air interface,
including frequency, frequency hopping, modulation scheme, and transmission power.
Baseband: concerned with connection establishment within a piconet, addressing, packet format, timing and power control.
Link manager protocol (LMP): establishes the link setup between Bluetooth devices and manages ongoing links, including security aspects (e.g. authentication and encryption), and control and negotiation of baseband packet size
Bluetooth Protocol Stack Logical link control and adaptation protocol (L2CAP):
adapts upper layer protocols to the baseband layer. Provides both connectionless and connection-oriented services.
Service discovery protocol (SDP): handles device information, services, and queries for service characteristics between two or more Bluetooth devices.
Host Controller Interface (HCI): provides an interface method for accessing the Bluetooth hardware capabilities. It contains a command interface, which acts between the Baseband controller and link manager
Bluetooth Profile
On the basis of the nature of the Bluetooth application, the Bluetooth Special Interest Group(SIG) has number of models profile for the usage of bluetooth technology in a device. In the other words, it is a wireless specification for the device that communicates using bluetooth technology. To provide the services based on the bluetooth technology a device must incorporate the terms of bluetooth profiles for the desired services.
Bluetooth Profile
Dial-up Networking Profile (DNP) LAN Access Profile (LAP) FAX Profile Object Push Profile (OPP) File Transfer Profile (FTP) Synchronization Profile (SYNC) Headset Profile (HSP) Hands Free Profile (HFP) Human Interface Device Profile (HID) Basic Imaging Profile (BIP) Hardcopy Cable Replacement Profile (HCRP) Basic Printing Profile (BPP) Personal Area Network Profile (PAN) Advanced Audio Distribution Profile (A2DP) Audio/Video Remote Control Profile (AVRCP) General Access Profile (GAP) Service Discovery Application Profile (SDAP) Serial Port Profile (SPP) Generic Object Exchange Profile (GOEP)
Inquiry and Page
Inquiry
Page
Inquiryscan
Masterresponse
Inquiryresponse
Pagescan
Slaveresponse
Connection Connection
(1) ID packet (Broadcast)
(2) FHS packet
(3) Paging ID packet
(4) ID packet
(5) FHS packet
(6) ID packet
(7) ID packet
Standby Standby
Master Slave
Bluetooth Security There are three modes of security for Bluetooth
access between two devices. non-secure service level enforced security link level enforced security
Device security level Trusted untrusted
Service security level Authorization and Authentication Authentication only Open to all devices
Bluetooth Security
The following are the three basic security services specified in the Bluetooth standard: Authentication
verifying the identity of communicating devices. User authentication is not provided natively by Bluetooth.
Confidentiality preventing information compromise caused by eavesdropping by
ensuring that only authorized devices can access and view data. Authorization
allowing the control of resources by ensuring that a device is authorized to use a service before permitting it to do so.
Bluetooth Security Bluebugging: Bluebugging attacking is targeted for privacy issues that are
specific to cell phones and Bluetooth headsets. In order to succeed, bluebugging needs skilled hackers with knowledge of Bluetooth privacy protection and protocols. The hacker gains the access to a cellular phone’s commands and persisted information. A number of functions are performed by the hacker while in control of the cell phone.
Bluejacking: A least damaging Bluetooth privacy issues. It could cause great annoyance to users. Bluejacking allows other user of mobile phones for sending business cards to other people’s phones anonymously. Usually, bluejacking is a prank. It may be able to transmit Trojan viruses.
Bluesnarfing: Bluesnarfing are attacks which are more serious issues of privacy than bluejacking. It describes the unauthorized access to the utilization of information on a Bluetooth device, which includes cell phones, computer systems and PDAs. The information includes the text messages, calendar schedules, address books, emails, pictures and also videos. The best privacy protection against bluesnarfing is setting Bluetooth device to “non-discoverable”.
Advantages
Eliminates wires Facilitates Data and Voice Communication Offers formation of Ad hoc networks Free of charge Easy to use Low power consumes battery less Stationary and mobile environments
Disadvantages
Relatively short range less secure Interference with other devices Mediocre Data rates Bluetooth internet connection gets slow somtimes
Question1
How many devices can communicate concurrently? Answer: Bluetooth device playing the role of the “master” can communica
te with up to 7 devices playing the role of the “slave”. This network of “group of up to 8 devices” (1 master + 7 slaves) is called a piconet. A piconet is an ad-hoc computer network of devices using Bluetooth technology protocols to allow one master device to interconnect with up to seven active slave devices (because a three-bit MAC address is used). Up to 255 further slave devices can be inactive, or parked, which the master device can bring into active status at any time.
Question2
In the part of differences between ACL and SCO?
Answer: Slide 21 & 22
Intended Traffic Type
Retransmission
Max # links between master and slave
Supported during hold mode
Switched connection type
ACL Data Yes 1 No Packet
SCO Time bounded info (Audio or Video)
No 3 Yes Circuit
Question3
In the part of Bluetooth security, which kind of attack would send out messages to other devices?why?
Answer: Bluejacking.Bluejacking allows other user of mobile phones for sending business cards to other people’s phones anonymously. Usually, bluejacking is a prank. It may be able to transmit Trojan viruses.
Explain:Slide 33
Thank you!