cs4/msc computer networking - school of informatics · cs4/msc computer networking ... –...
TRANSCRIPT
Computer Networking, Copyright © University of Edinburgh 2005
CS4/MScComputer Networking
Lecture 13:
Personal Area Networks – Bluetooth
2
BlueTooth
• Low cost wireless connectivity for Personal Area Networks– PDAs, mobile phones, laptops, audio headsets, printers, scanners, GPS navigators, modems, USB adapters etc.
– 10 metre range for typical power class 2 transmitter
– Low data rate; nominally 1Mbps (3Mbps with v.2 + EDR)
– 2.4GHz ISM radio band; same as 802.11b/g
• Bluetooth Special Interest Group (SIG)– Originated by Ericsson in late 90s
– Promoted by Ericsson, Nokia, IBM, Toshiba, Intel, …
– 500million Bluetooth-enabled devices estimated to be sold in 2005
– IEEE also involved, 802.15.1
• Harald Bluetooth– Danish ruler of Denmark and Norway in late 900AD
– Converted Vikings to Christianity
3
Architecture
• Piconet– The basic unit of a Bluetooth system
– One master node, up to 7 active slaves
– and up to 255 inactive, “parked” nodes
– Independent piconets can co-exist in same area
• Scatternet– Interconnected collection of piconets
– A node can participate in more than 1 piconet» But not as master in both
• Master/slave architecture– Simplified medium access control: the master polls the slaves
– Most characteristics of the communication controlled by master» E.g. freq. hoping sequence, synchronisation clock
– Slaves can only “talk” with master, “respond” to be precise
4
Bluetooth protocol stack
• Core protocols: radio, baseband, LMP, L2CAP, SDP
• Cable replacement and Telephony: RFCOMM, TCS BIN
• Adopted protocols: PPP, IP, OBEX, AT-commands, …
• Profile specification: application support
5
Bluetooth Radio
• Frequency hopping spread spectrum– 79 1MHz physical channels from 2.402GHz to 2.480GHz
– Transmit rate 1M symbols per sec (720kbps max real rate)» 1µs per symbol
– Dwell time 625µs, (called slot time) or 1600 hops/sec
• Hop sequence determined by master, based on its unique 48b ID– Collocated piconets have different masters, hence diff. sequences
• Modulation: Gaussian Frequency Shift Keying (GFSK)– 1 symbol represents 1 bit
• Power classes and power control– Class 1 100mW, 100m
– Class 2 2.4mW, 10m
– Class 3 1mW, few cm
– Power control ensures RF power is not more than required
6
Bluetooth baseband
• Equivalent to the MAC layer– Converts bit stream to frames, defines packet formats, data-link protocols
• Time-Division Duplex (TDD)– Data transmitted in one direction at a time, alternating between directions
– Prevents crosstalk between transmit-receive operations» Simplifies radios, keeps cost low
– Polled slave responds at the slot following master’s transmission
625µs
f(k) f(k+1) f(k+2) f(k+3)
Master
Slave
625µs
f(k) f(k+1) f(k+2) f(k+3)
Master
Slave
7
Multi-slot packets
• At end of transmission time is allowed for radios to stabilize after hopping to the next frequency: ~260 µs
– Leaving only 366bits for transmission including headers
• Multislot packets used for higher efficiency– 1, 3, 5 slot packets defined
• Frequency hopping is suspended while a multihop packet is transmitted– All of the available slot time is used for transmission (except last one)
– At the end of transmission, radios move to the frequency they should be as if they were hopping every 625µs
• Slave does not have to respond with same size packet– Asymmetric transmission
• Note that all packet sizes are odd number of slots– Master always transmits at even slots
– Slave at odd slots
8
Master-slave link types: Synchronous Connection-Oriented
• Point to point synchronous communication link
• Used for time-critical information, e.g. telephone connections– Guaranteed, fixed-rate transmission using slot reservations
– Master sends SCO packets at regular intervals of TSCO slots
– Slave always allowed to respond with SCO packet in the following slot
• SCO packets are never retransmitted
• Forward error correction can be used– 1/3 rate FEC: 3 copies of each bit sent. Receiver does a majority operation
– 2/3 rate FEC: Hamming code. 1 bit corrected, 2 bit detected per codeword
• A master can support up to 3 SCO links– A slave can only support two links if links originate from different masters
9
Master-slave link types: Asynchronous Connectionless (ACL)
• Master exchanges packets with a slave on a per-slot basis– Using SCO’s leftover slots
– Provides a packet-switched connection between master and slave
• Only one ACL link between a particular master/slave pair allowed– in addition to any SCO links between the same pair
– Multiplexing for different flows/applications happens at higher layer
• Broadcasting packets to all active slaves is possible
• A slave is permitted to respond to an ACL packet from a master in the following slot only if it has been specifically addressed in the previous slot
• Packet retransmission applied for most packets to assure data integrity– stop-and-wait ARQ
» Slave gives ACK, NAK for received packet in its reply slot
– 2/3 FEC also available, combined with ARQ
10
Bluetooth packet format
• Access Code – timing synchronisation, paging, inquiry– Channel Access Code: identifies piconet (derived from master’s ID)
– Device Access Code: For paging (derived from paged unit’s ID)
– Inquiry Access Code: For inquiries (discovery of nearby units)
• Header, 18 bits repeated 3 times for error correction– am_addr : active member address– type : packet type including # of slots used– flow : Xon/Xoff type flow control– arqn : ACK, NAK– seqn : 1b sequence number for ARQ– HEC: header checksum
Access Code Header Payload72 54 0 - 2745
am_addr type flow arqn seqn HEC
11
Controller States
Inquiry procedure: potential master scans for units (inquiry state)
• Broadcast ID packet with Inquiry Access Code in 32 wake-up carriers
• Nodes periodically enter the inquiry scan state and scan at least 18 of the 32 wake-up channels
• Interested nodes reply with packets containing their ID and other parameters (FHS packet)
Standby
Connection
Page Page Scan InquiryScan
Inquiry
masterresponse
slaveresponse
inquiryresponse
Paging procedure:
• Master uses Device Access Code ID packets at freq. hop sequence determined by slave’s ID
• Slave replies with copy packet
• Master sends FHS packet
• Slave acks
• Units move to connection state
12
Security
• Inherently quite secure:– Low power transmission, means short range
– Fast frequency hopping with a pseudo-random hop sequence» much lower likelihood of casual eavesdropping
• Standard defines features operating at the link level
• Supports authentication and encryption
• Security Modes:– Mode 1: no security procedures
– Mode 2: enforces security after link establishment at L2CAP level
– Mode 3: enforces controls such as authentication and encryption at the Baseband level before the connection is set up
• Security Levels– Device level: trusted, untrusted devices
– Service level: authentication, authorisation, open to all
13
Link Keys
• Used for authentication and to generate the encryption key– All are 128 bits long
• Initialisation key – used just to get started– Verifier sends plaintext random number
– Both units use shared secret PIN to generate Kinit
• Unit key – semi permanent link key for basic units– Function of random number and device 48b ID
– Send to other unit encrypted (XORed) with Kinit
• Combination key – semi permanent key for each pair of units– Each unit generates a “unit key” based on a local random number
– The random numbers are exchanged encrypted with Kinit
– Each unit generates locally the other unit’s key based on random number
– The two keys are XORed to generate the combination key
14
Authentication and Encryption
• Authentication uses a challenge-response scheme– Only 32 bits of the response are transmitted
E1au_rand
bd_addr
link key
sres’
E1au_rand
bd_addr
link key
sres
au_rand
sresVerifier ClaimantE1
au_rand
bd_addr
link key
sres’
E1au_rand
bd_addr
link key
sres
au_rand
sresVerifier Claimant
E0
clock
en_rand
bd_addr
encr key
key stream
plaintext
cipher text
• Encryption uses a different payload key for each transmission based on– Encryption key derived from link key
– Random number send to receiver in advance
– Current clock
15
L2CAP : Logical Link Control and Adaptation Protocol
• Provides connection-oriented and connectionless services– Support only for ACL links, not SCO links
• Upper layer protocol multiplexing– needs to be able to distinguish between upper layer protocols such as the Service Discovery Protocol (SDP), RFCOMM, Telephony Control etc.
• Segmentation and reassembly of packets up to 64Kb in length
• Quality of Service– Connection establishment allows the exchange of information about QoS
• Three types of logical channels:– Connectionless
» Unidirectional, only one allowed per master-slave pair
– Connection-oriented» Bidirectional, QoS specification for each direction
– Signalling» Handles connection establishment, configuration, etc.
16
Bluetooth profile specification
• Describe the use of Bluetooth to support various applications– Address the problem of the multiplicity of options and parameter values
– Vertical slice through the protocol stack, defining compulsory options, parameters etc for each protocol
» a minimum recipe for building a particular type of device
» which manufacturers can augment in order to distinguish their product
• Facilitates the interoperability of devices» implementation options are reduced so applications share the same features
» parameters are defined so applications operate in similar ways
» user interface guidelines are defined giving uniformity across devices
• If a device implements an end-user function covered by a profile, it mustimplement that profile, for interoperability
17
Profiles
• Built up in layers, each profile relying upon layers beneath
Headset profile
18
Bluetooth extensions: Enhanced Data Rate
• Addendum to v2 of Bluetooth spec, ratified in Nov 04
• Backwards compatible
• Provides for up to 3Mbps transfer rate– No single bluetooth application can currently saturate the 721Kbps available
– But, taking collisions into consideration the available bandwidth of a piconetwill not be enough for simultaneous use of high-quality audio, a few computer peripherals and telephony
• Two new modulation schemes defined– They are applied only to the payload for backward compatibility
• Ten new packet types– Error correction not enabled
19
Reading list
• Tanenbaum 4.6
• Spec