PROTOCOLS AND TOOLS

OE-II
UNIT V: PROTOCOLS AND TOOLS
• Bluetooth
• user scenarios
• Architecture
• Radio layer
• Baseband layer
• Link manager protocol
• L2CAP
• Security
• SDA
• Profiles
• Wireless application protocol
• Architecture
• wireless datagram protocol
• wireless transport layer security
• wireless session protocol
• wireless application environment
• wireless mark-up language
Bluetooth
• User scenarios
• Architecture
• Radio layer
• Baseband layer
• Link manager protocol
• L2CAP
• Security
• SDA
• Profiles
Introduction
• Bluetooth technology aims at so-called ad-hoc piconets
• which are local area networks with very limited coverage
• without the need for an infrastructure
• This network is needed to connect
• different small devices in close proximity (about 10 m)
• without expensive wiring or need for wireless infrastructure
• Gross data rate is 1 Mbit/s
• asynchronous (data)
• synchronous (voice) services should be available
• Necessary transceiver components should be cheap
Piconet
• One unit acts as master of Piconet
• whereas others acts as slaves
• Up to seven slaves can be active

• More slaves can be synchronized & locked

• to master in parked state

• Channel access for all slaves in a piconet is controlled by

• master
Infra red
• Many devices offer infra red data association (IrDA) interface
• with transmission rates of, e.g., 115 kbit/s or 4 Mbit/s
• There are various problems with IrDA:
• its very limited range (typically 2 m for built-in interfaces)
• need for line-of-sight between interfaces
• it is usually limited to two participants
• i.e., only point-to-point connections are supported
• IrDA has no internet working function
• has no media access
• or any other enhanced communication mechanisms
• Big advantage of IrDA is its low cost
• it can be found in almost any mobile device
User scenarios
• Connection of peripheral devices:
• Most devices are connected to desktop computer via wires
• e.g., keyboard, mouse, joystick, headset, speakers
• This type of connection has several disadvantages:
• each device has its own type of cable
• different plugs are needed
• wires block the space
• In wireless network
• no wires are needed for data transmission
• batteries now have to replace power supply
• as wires not only transfer data but also supply peripheral devices with power
Support of ad-hoc networking
• Imagine several people coming together
• discussing issues
• exchanging data (schedules, sales figures etc.)

• Students might join lecture

• with teacher distributing data to their personal digital assistants (PDAs)

• Wireless networks can support this type of interaction

• small devices might not have WLAN adapters following IEEE 802.11 standard
• but cheaper Bluetooth chips built in
Bridging of networks - 1
• Using wireless piconets
• mobile phone can be connected to
PDA or laptop in simple way

• Mobile phones will not have full

WLAN adapters built in
• but could have Bluetooth chip

• Mobile phone can then act as

• bridge between local piconet
• global GSM network
Bridging of networks - 2
• On arrival at airport
• person’s mobile phone could
receive e-mail via GSM
• forward it to laptop

• Via piconet
• fileserver could update
• local information stored on
laptop or PDA
• while person is walking into office
Architecture - 1
• Bluetooth operates on 79 channels in 2.4 GHz band
• with 1 MHz carrier spacing

• Each device performs frequency hopping

• with 1,600 hops/s in pseudo random fashion
• Bluetooth applies FHSS for interference mitigation

• Very important term in the context of Bluetooth is piconet

• it is collection of Bluetooth devices
• which are synchronized to same hopping sequence
Architecture - 2
• Figure shows collection of devices
• with different roles

• One device in piconet act as master (M)

• all other devices connected to master
• must act as slaves (S)

• Master determines hopping pattern in

piconet
• slaves have to synchronize to this pattern
Architecture - 3
• Each piconet has
• unique hopping pattern

• If device wants to participate

• it has to synchronize to this

• parked devices (P)

• can not actively participate in piconet
• they do not have connection
• but can be reactivated
• within some milliseconds
Architecture - 4
• Devices in stand-by (SB)
• do not participate in piconet
• Each piconet has exactly one master
• up to seven simultaneous slaves
• more than 200 devices can be parked
• Reason for limit of eight active devices
• 3-bit address used in Bluetooth
• If parked device wants to communicate
• there are already seven active slaves
• one slave has to switch to park mode
• to allow parked device to switch
• to active mode
Protocol stack or Architecture - 1
• Figure shows
• Bluetooth specification
• comprises protocols and
components
Protocol stack or Architecture - 2
• Starting as simple idea
• it now covers over 2,000
pages dealing with
• not only Bluetooth
protocols
• but many adaptation
functions and
enhancements
Protocol stack or Architecture - 3
• Bluetooth protocol stack
• can be divided into core
specification
• which describes the
protocols from physical
layer to the data link
control
• together with
management functions
• Profile specifications
Protocol stack or Architecture - 4
• Core protocols of
Bluetooth comprise
following elements:
• Radio
• Baseband
• Link manager protocol
• Logical link control and
adaptation protocol
• Service discovery
protocol
Protocol stack or Architecture - 5
• Radio
• Specification of air
interface
• i.e., frequencies,
modulation, and
transmit power
• Baseband
• Description of basic
connection
establishment, packet
formats, timing, and
basic QoS parameters
Protocol stack or Architecture - 6
• Link manager protocol
• Link set-up and
management between
devices including security
functions and parameter
negotiation
• Logical link control and
adaptation protocol
(L2CAP)
• adaptation of higher layers
to baseband
• Service discovery protocol
• Device discovery in close
proximity plus querying of
service characteristics
Radio
Applications
IP
SDP RFCOMM

Data

L2CAP
Audio
Link Manager
Baseband
RF
Radio layer - 1
• Radio specification is rather short document (less than ten pages)
• only defines carrier frequencies and output power

• Several limitations had to be taken into account

• when Bluetooth’s radio layer was designed

• Bluetooth devices will be integrated into mobile devices

• rely on battery power

• This requires small

• low power chips which can be built into handheld devices
Radio layer - 2
• Worldwide operation also requires
• frequency which is available worldwide

• Combined use for data and voice transmission

• has to be reflected in design
• i.e., Bluetooth has to support multi-media data

• Bluetooth uses license-free frequency band at 2.4 GHz

• allowing for worldwide operation
• with some minor adaptations to national restrictions
Radio layer - 3
• Frequency-hopping/time-division duplex scheme is used for
transmission
• with fast hopping rate of 1,600 hops per second

• Time between two hops is called a slot

• which is an interval of 625 µs
• each slot uses a different frequency

• Bluetooth uses 79 hop carriers equally spaced with 1 MHz

• after worldwide harmonization
• Bluetooth devices can be used (almost) anywhere
Radio layer - 4
• Bluetooth transceivers use Gaussian FSK for modulation and are
available in three classes:
• Power class 1: Maximum power is 100 mW and minimum is 1 mW
• typ. 100 m range without obstacles
• Power control is mandatory
• Power class 2: Maximum power is 2.5 mW
• nominal power is 1 mW
• minimum power is 0.25 mW
• typ. 10 m range without obstacles
• Power control is optional
• Power class 3: Maximum power is 1 mW
Baseband
Applications
IP
SDP RFCOMM

Data

L2CAP
Audio
Link Manager
Baseband
RF
Baseband layer - 1
• Functions of baseband layer are
quite complex
• as it not only performs frequency
hopping
• for interference mitigation and
medium access
• but also defines physical links and
many packet formats
• Figure shows examples of
frequency selection
• during data transmission
Baseband layer - 2
• Each device participating in
certain piconet
• hops at same time
• to same carrier frequency (fi)

• If master sends data at fk

• then slave may answer at fk+1

• TDD is used for separation of

• transmission directions
Baseband layer - 3
• Upper part of Figure shows
• so-called 1-slot packets
• as data transmission uses one
625 µs slot

• Within each slot master or one

out of seven slaves
• may transmit data in alternating
fashion
Baseband layer - 4
• Bluetooth also defines
• 3-slot and 5-slot packets
• for higher data rates (multi-slot
packets)
• If master or slave sends
• packet covering three or five slots
• radio transmitter remains on same
frequency
• No frequency hopping is performed
• within packets
• After transmitting the packet
• radio returns to the frequency
required for its hopping sequence
Link Manager

Applications Setup and Management

of Baseband connections
IP
SDP RFCOMM
• Piconet Management
Data • Link Configuration
• Security
L2CAP
Audio LMP
Link Manager
Baseband
RF
Link Manager Protocol - 1
• Piconet Management
• Attach and detach slaves
• Master-slave switch
• Establishing SCO (Synchronous connection-oriented) and
ACL (Asynchronous connectionless) links
• Handling of low power modes ( Sniff, Hold, Park)
• Link Configuration
• packet type negotiation
• power control
• Security functions
• Authentication
• Encryption
Link Manager Protocol - 2
• To save battery power
• Bluetooth device can go into one of three low power states

• Sniff state
• sniff state has highest power consumption of low power states
• device listens to piconet at reduced rate (not on every other slot as is the case in
active state)
• interval for listening into medium can be programed and is application dependent
• master designates reduced number of slots for transmission to slaves in sniff state
• device keeps its active member address (AMA)
Link Manager Protocol - 3
• Hold state
• device does not release its AMA but stops ACL transmission
• slave may still exchange SCO packets
• If there is no activity in piconet
• slave may either reduce power consumption or participate in another piconet
• Park state
• In this state device has lowest duty cycle and lowest power consumption
• device releases its AMA and receives parked member address (PMA)
• device is still a member of piconet
• but gives room for another device to become active (AMA is only 3 bit, PMA 8 bit)
• Parked devices are still FH synchronized
• wake up at certain beacon intervals for re-synchronization
• All PDUs sent to parked slaves are broadcast
L2CAP - 1
Applications Logical Link Control and
IP Adaptation Protocol
SDP RFCOMM

Data
• L2CAP provides
L2CAP • Protocol multiplexing
Audio
Link Manager • Segmentation and Re-assembly
• Quality of service negotiation
Baseband • Group abstraction
RF
Link Manager Protocol - 2
• Logical link control and adaptation protocol (L2CAP)
• data link control protocol on top of baseband layer
• offering logical channels between Bluetooth devices with QoS properties
• L2CAP is available for ACLs only
• Audio applications using SCOs have to use the baseband layer directly
• L2CAP provides three different types of logical channels that are transported via
ACL between master and slave:
• Connectionless: unidirectional channels are used for broadcasts from master to its slave(s)
• Connection-oriented: bi-directional and supports QoS flow specifications for each direction
• Signalling: used to exchanging signalling messages between L2CAP entities
L2CAP Packet Format (CO)
15 bits 16 bits 0 - 64K bytes

Length DCID Payload

channel identifier (CID)

Baseband packets Minimum MTU is 48 bytes !

default is 672 bytes !
L2CAP Packet Format (CL)
15 bits 16 bits 0 - 64K bytes

Length DCID PSM Payload

protocol/service
multiplexor (PSM)

Baseband packets
 Security - 1
• Radio interface is by nature easy to access
• Bluetooth devices can transmit private data
• e.g., schedules between PDA and mobile phone
• User clearly does not want another person to eavesdrop data transfer

• Bluetooth offers authentication and encryption on MAC layer

• which must be implemented in same way within each device

• Main security features offered by Bluetooth include

• challenge-response routine for authentication
• stream cipher for encryption and session key generation
 Security - 2
• Each connection may require one-way, two-way, or no authentication
• using challenge-response routine

• Security features included in Bluetooth only help to set up

• local domain of trust between devices

• For each transaction

• new random number is generated on Bluetooth chip
• Key management is left to higher layer software
 Security - 3
• Figure shows several steps in security architecture of Bluetooth
 Security - 4
• First step
• called pairing
• necessary if two Bluetooth devices
• have never met before

• To set up trust between two devices

• user can enter secret PIN into both
devices

• This PIN can have

• length of up to 16 byte
 Security - 5
• Based on the PIN
• device address
• random numbers
• several keys can be computed
• which can be used as link key
• for authentication

• Link keys are stored in

• persistent storage
 Security - 6
• Authentication is challenge-response
process based on link key
• random number generated by verifier
• device that requests authentication
• and device that is authenticated

• Based on link key

• values generated during authentication
• and again random number encryption
key is generated
• during encryption stage of security
architecture
 Security - 7
• This key has maximum size of 128 bits
• can be individually generated for each
transmission

• Based on encryption key

• device address and current clock payload
key is generated
• for ciphering user data
• Payload key is stream of pseudo-random
bits
• Ciphering process is simple XOR of user
data and payload key
 Security - 8
• Bluetooth has some weaknesses
• when it comes to real implementations

• PINs are quite often fixed

• Some of keys are permanently stored on
devices
• quality of random number generators
has not been specified
 SDP - 1
• Bluetooth devices should work together with other devices
• in unknown environments in ad-hoc fashion
• It is essential to know what devices
• are available in radio proximity
• To find new services
• Bluetooth defined the service discovery protocol (SDP)
• SDP defines only discovery of services
• not their usage
• Discovered services can be cached and gradual discovery is possible
• Devices that want to offer service have to install SDP server
• For all other devices SDP client is sufficient
 SDP - 2
• All information SDP server has about service
• is contained in service record

• This consists of list of service attributes

• is identified by 32-bit service record handle
• SDP does not inform clients of any added or removed services
• There is no service access control or service brokerage
• service attribute consists of attribute ID and attribute value

• 16-bit attribute ID distinguishes each service attribute

• from other service attributes within service record
 SDP - 3
• Attribute ID also identifies
• semantics of associated
attribute value
• Attribute value can be
• integer
• UUID (universally unique
identifier)
• String
• Boolean
• URL (uniform resource locator)
• Table gives some example
attributes
 SDP - 4
• Service handle as well as ID list must be present
• ID list contains UUIDs of service classes in increasing generality

• Protocol descriptor list comprises

• protocols needed to access this service

• URLs for service documentation

• icon for service and service name
• which can be displayed together with icon are stored in example service
record
 Profiles - 1
• Bluetooth started as very simple architecture for ad-hoc communication
• many different protocols, components and mechanisms have been developed
• Application designers and vendors can implement
• similar services in many different ways
• using different components and protocols from Bluetooth core standard
• To provide compatibility among devices offering same services
• Bluetooth specified many profiles in addition to the core protocols
• Without profiles too many parameters in Bluetooth
• would make interoperation between devices from different manufacturers
• almost impossible
 Profiles - 2
• Profiles represent
• default solutions for certain usage model
• They use selection of protocols and parameter
• set to form basis for interoperability
• Protocols can be seen as horizontal layers
• while profiles are vertical slices
• Following basic profiles have been specified:
• generic access, service discovery
• cordless telephony, intercom, serial port, headset
• dial-up networking, fax, LAN access
• generic object exchange, object push
• file transfer and synchronization
 Profiles - 3
• Additional profiles are:
• advanced audio distribution
• PAN
• audio video remote control
• basic printing
• basic imaging
• extended service discovery
• generic audio video distribution
• hands-free
• hardcopy cable replacement
 Profiles - 4
• Each profile selects set of protocols
• serial port profile needs RFCOMM, SDP, LMP,
L2CAP
• Baseband and radio are always required

• Profile further defines all interoperability

requirements
• such as RS232 control signals for RFCOMM
• or configuration options for L2CAP
Scatternet
 Scatternet is formed by multiple Piconets
with overlapping coverage areas.
 Each Piconet can only have a single
master
 Slaves can participate in different
Piconets on a time-division multiplex
basis
 A master in one Piconet can be a slave in
another Piconet.
 Each Piconet has its own hopping channel
in a Scatternet.
Scatternet (2)
Thank you