Bluetooth

1
Bluetooth

• Wireless Personal Area Network

2
Learning Outcomes

• You have understood this if you can
• Outline Bluetooth capabilities
• Explain Frequency Hopping Spread Spectrum
• Sketch a piconet a scatternet
• Outline how services are discovered
• List 3 applications of Bluetooth
• Applications
• Profiles
• Summarise Bluetooth security
• See www.bluetooth.com/Bluetooth/Technology/

3
Bluetooth

• Universal radio interface for ad hoc connection
• computer and peripherals, PDAs, phones, head-sets
• replace IrDA - Infrared Data Association
• Short range (1-10-100 m)
• Low power consumption (2.5 mW)
• License-free 2.4 GHz ISM band
• Industrial Scientific Medical
• Voice and data transmission
• approx. 1-3 Mb/s max. data rate

4
Bluetooth dynamic connectivity

• Dynamically discover use services
• Devices can advertise services
• Devices connect to each other automatically
• When they come in range
• Can use Pairing for security
• Uses explicit user authorisation

5
Applications

• Replacement for cables
• Peripherals printers, mice and keyboards
• File (images, mp3s, etc.) transfer
• Bluetooth headsets
• Wireless link between desktops and laptops
• Bluetooth cell phones / PDA
• Unplanned interaction
• Exchanging business cards documents

6
Technology

• 79 RF channels, 1 MHz carrier spacing
• Channel 0 2402 MHz
• Channel 78 2480 MHz
• FHSS and TDD
• Frequency hopping spread spectrum
• Version 2 Adapts to avoid busy frequencies
• Pseudo random hopping sequence,
• Determined by the master device
• Time division duplex for send/receive

7
Frequency Hopping Spread Spectrum
A sort of CDMA code-division multiple access

• Signal repeatedly switches channel
• Uses random number generator with Masters key
• Reduces chance of jamming or detection
• Appears as noise if out of synchronisation
• Jamming a frequency knocks out a few bits

Data
Data
Must be same!
8
Frequency Hopping Spread Spectrum 2

• Each channel 1MHz wide (Narrowband)
• 79 hopping channels split into 3 groups
• Each hopping group consists of 26 blocks
• 1600 Hops per second
• Adaptive FHSS
• Avoid busy channels
• Data Transfer Speeds
• 1Mbps with 2GFSK (2 level Gaussian FSK)
• 2Mbps with 4GFSK

Specially shaped signals to aid processing
9
Data transfer capabilities

• Voice link SCO (Synchronous Connection Oriented)
• FEC (forward error correction), no
  retransmission,
• Version 2 eSCO - retransmission
• 64 kbit/s duplex,
• point-to-point, circuit switched
• Data link ACL (Asynchronous ConnectionLess)
• Asynchronous, fast acknowledge,
  point-to-multipoint
• Packet switched
• Data rate
• up to 433.9 kbit/s symmetric or 723.2/57.6 kbit/s
  asymmetric,
• Version 2 up to 2.1Mbps
• higher power for shorter time

10
Power Classes
11
Piconet
M Master SSlave P Parked SB Standby
P
S
S
P
M
SB
P
SB
S

• ad hoc collection of devices
• One device becomes the Master
• Up to 7 devices can be slaves - synchronise
  clocks with master
• Normally round-robin master-slave conversation
• Can switch among piconets, but can only be master
  of one

12
Forming a Piconet
?
?
P
S
?
S
?
?
M
SB
?
SB
?
S
?
?
P
SB

• Slave time synchronised with Master
• Parked temporarily inactive

13
Forming a Piconet 2

• Master sets the hopping sequence
• based on its Device ID (BD_ADDR)
• 48 bit unique IEEE ID 000FDE830002
• The first 3 bytes are assigned by the IEEE and
  identify a company.
• This is a security weakness
• Reduces search space for brute force attack
• This ID is not an address for packets

14
Piconet Addressing

• Addressing by Active Member Address AMA
• 3 bits
• AMA has 8 combinations
• Only 7 active members are allowed
• the 000 combination is used for broadcasts
• Parked Devices - Parked Member Address
• PMA 8 bits

15
Scatternet
Piconets (each with a capacity of lt 1 Mbit/s)
Linked piconets
P
S
S
S
S
SB
P
P
M
P
SB
S/M
S
M
S
P
SB
SB
S
M Master SSlave P Parked SB Standby
S
FH-CDMA used to separate Piconets
Frequency-Hopping Based on code Will be out of
sinc.
16
Setting up connections

• Device may broadcast to discover other devices
• Response includes
• Device Name
• Device Class (24-bit identifier)
• kind of device (Phone, Computer, Headset, etc)
• List of services including name channel
• Technical information
• Device features, manufacturer, Bluetooth version,
  clock offset
• Use of services may require pairing or permission

17
Pairs Trusted Relationships

• Devices pair by communicating a shared secret
• a passkey obtained from the user.
• Trusted devices may encrypt the data exchanged.
• The Bluetooth address is permanent
• a pairing is kept even if the name is changed.
• Pairs can be deleted at any time by either
  device.
• Some devices freely provide services.
• e.g. phones accepting OBEX business cards
• Printers

18
Bluetooth Profiles

• What is a profile?
• Define possible applications / services
• A protocol
• Rules and procedures to achieve the service
• The following list indicates the range
• Look at them after the lecture
• You dont need to remember the names
• You should be able to outline some services

19
Bluetooth Profiles 1

• Advanced Audio Distribution Profile (A2DP)
• Stereo audio from MP3 player to headset
• Audio/Video Remote Control Profile (AVRCP)
• Basic Imaging Profile (BIP)
• Can modify images to be suitable for the receiver
• Includes remote camera remote display
• Basic Printing Profile (BPP)
• File Transfer Profile (FTP)
• Headset Profile (HSP)

20
Bluetooth Profiles 2

• Hands Free Profile (HFP)
• Uses SCO to carry a mono, PCM audio channel.
• Synchronous Connection-Oriented Link
• killer application?
• Hand-held use of mobile phones is banned in cars
• Cordless Telephony Profile (CTP)
• E.g link mobile phone to landline when at home
• Dial-up Networking Profile (DUN)
• Internet from a laptop via a mobile phone

21
Bluetooth Profiles 3

• Human Interface Device Profile (HID)
• mice, joysticks, keyboards
• a low latency link, with low power requirements
• Personal Area Network
• Mini local area network
• Serial Port Profile (SPP)
• Emulates a serial cable to replace RS232
• Service Discovery Application Profile (SDAP)
• Mandatory to find the profiles a server offers

22
Bluetooth Profiles 4

• Object Push Profile (OPP)
• Sending "objects" e.g. pictures, business cards
• Transfer triggered by sender, not receiver
• Synchronisation Profile (SYNCH)
• Personal Information Manager (PIM) items.
• Video Distribution Profile (VDP)
• E.g. streaming a recorded video from a PC media
  centre to a portable player, or from a digital
  video camera to a TV.

23
Bluetooth Security

• Can support
• Authentication, authorisation, encryption
• Challenge-response authentication
• Link Key two possibilities
• Semi-permanent stored in device (Pairing)
• Temporary generated for one session
• Encryption Key
• Generated from link key for each session
• Changed for each frame

24
Security Modes
25
Bluetooth Security Weaknesses

• Discovery Mode
• Reveals address, which is permanent
• PIN Number
• Up to 16 alphanumeric characters
• But some devices limited to just 4 characters
• The cryptographic algorithm is new (untried)
• Weaknesses in Specification
• Address of sender isnt encoded
• Basic link creation allowed without authorisation
• Weaknesses in Implementation
• Buffer overflow with push profiles

26
Java Bluetooth
Mobile Information Device Profile
MIDLet Application
MIDP
Java APIs For Bluetooth
CLDC
Bluetooth Stack
Connected Limited Device Configuration
Operating System Hardware
27
Classes Interfaces

• Java defines classes interfaces for
• Setting up connections
• Discovering Devices
• Getting setting local device properties
• Getting remote device properties services
• Responding to Bluetooth events
• E.g. new device in range
• Programs may also be able to use Sockets
• If the Bluetooth devices support it

28
Summary

• Bluetooth provides short-range networking
• Replace cables
• Simple networking piconet scatternet
• Profiles define services
• Transmission jumps between frequencies
• Discovery servers announce services
• Bluetooth security
• Negotiated between client and server