Transcript Operating Systems - Jazi Eko Istiyanto

Networks: L13
BlueTooth
• Low cost wireless connectivity for Personal Area Networks
– PDAs, mobile phones, laptops, audio headsets, printers, scanners, GPS
navigators, modems, USB adapters etc.
– 10 metre range for typical power class 2 transmitter
– data rate nominally 1Mbps
» less 20% for protocol overheads – headers, handshaking etc.
» 432Kbps for full duplex transmission
- using a Time-Division Duplex master/slave scheme (alternate transmit/receive)
– uses same 2.4GHz ISM radio band as 802.11b
» with 79 1MHz-wide RF channels
– each channel divided into 625µs long time slots
» a frequency hop per time slot i.e. 1600 times per second
» normally one packet per time slot
- but packets can be up to five time slots wide and up to 2745 bits in length
– uses a combination of circuit and packet switching
1
Networks: L13
– up to 8 Bluetooth devices can form a piconet
» one master and up to 7 slaves
» interconnected piconets form a scatternet
» up to 10 piconets can co-exist in same personal area
– simultaneous transmission of voice and data for multiple devices
» SCO : Synchronous Connection Oriented
- full duplex at 64kbps, up to 3 simultaneous channels per piconet
- uses reserved time slots set up by the master to avoid collisions
- errors not recovered
» ACL : Asynchronous Connectionless
- either point-to-point (master to one slave)
- or broadcast to all slaves
- slaves can only transmit when polled by the master
- strong error-recovery to ensure transmissions error-free
– security equivalent to wired network
» up to 128-bit public/private key authentication
» 64-bit streaming cipher based on A5 algorithm used in GSM phones
2
Networks: L13
• Bluetooth Special Interest Group (SIG)
– originated by Ericsson in late 90s
– promoted by Ericsson, Nokia, IBM, Toshiba, Intel, 3Com, Motorola, Lucent
and Microsoft
– over 2000 members of the SIG by 2003
– 500million Bluetooth-enabled devices estimated to be sold in 2005
• Harald Bluetooth
– Danish ruler of Denmark and Norway in late 900AD
» perhaps from `ble’ (blue) meaning dark skinned and `tan’ meaning great
» son of King Gorm the Old
- try www.gorm.com for Viking fun!
3
Networks: L13
– Protocol architecture describes how the technology works :
– Profiles describe how the technology is used
4
Networks: L13
• Radio layer :
– defines the requirements for a Bluetooth transceiver
• Baseband :
– manages physical channels, links, error correction, hop selection, etc.
• LMP : Link Manager Protocol
– used by Link Managers for link set up and control, authentication, encryption
• HCI : Host Controller Interface
– provides a command interface to Baseband Link Controller and Link Manager
• L2CAP : Logical Link Control and Adaptation Protocol
– provides connection-oriented and connectionless data services, protocol
multiplexing, packet segmentation and reassembly, QoS info. etc.
• RFCOMM :
– provides emulation of serial ports over the L2CAP protocol
• SDP : Service Discovery Protocol
– allows applications to discover available services and their characteristics
5
Networks: L13
• Radio
– 79 channels from 2.402GHz to 2.480GHz hopped around
- 1Mhz bands with quard bands top and bottom
» except France, Spain & Japan where only 23 channels are allowed
» transmit rate 1M symbols per sec Transmit Power classes
» 1 : 100mW – designed for long range devices ~100m
» 2 : 2.5mW – ordinary range devices ~10m
» 3 : 1mW – very short range ~10cm
» devices control output power to optimise battery life etc.
- from ~8-30 milliamps when transmitting down to ~30microamps when not
– Modulation
» GFSK : Gaussian Frequency Shift Keying
- ± 115khz from centre frequency
» binary square wave passed through a Gaussian filter before transmission to
reduce the bandwidth used
– Spurious emissions
» tightly controlled, particularly when frequency hopping
– Required receiver sensitivity -70db or better
6
Networks: L13
• Baseband
– a baseband channel is represented by a pseudo-random hopping sequence
» through the 79 (or 23) RF channels
– two or more devices using the same baseband channel form a piconet
» one master and up to 7 slaves in a single piconet
- but more slaves can remain synchronised to a master in a non-active parked state
- any device is capable of being a master
» channel access controlled by the master
– multiple piconets with overlapping coverage form a scatternet
» slaves can participate in different piconets on a time-division multiplex basis
» a master in one piconet can be a slave in another piconet
Master
Slave
piconet
scatternet
7
Networks: L13
– hopping sequence is determined by the device address of the master
» phase determined by the master’s clock
» unique for each piconet
– addresses
» device address : each transceiver has a unique 48-bit address, bd_addr
» active member address : 3-bit number for an piconet slave, am_addr (MAC)
» parked member address : 8-bit number (master local) for a parked slave
» access request address : used by a parked slave to return to active status
– a channel is divided into time slots, each 625µs in length
» a new hop frequency per time slot – 1600 hops per second
» one packet per time slot
» or multi-slot packets, using up to 5 time slots (1, 3 or 5 slots)
- with same hop frequency for entire packet
» time slot numbering 0 to 227-1
– Time Division Duplex (TDD) scheme
» master transmits in even-numbered slots, slaves in odd-numbered slots
8
Networks: L13
f(k)
f(k+1)
f(k+2)
f(k+3)
Master
Slave
625µs
f(k)
f(k+1)
f(k+2)
f(k)
f(k+3)
f(k+3)
f(k)
f(k+4)
f(k+5)
f(k+6)
f(k+4)
f(k+5)
f(k+6)
f(k+5)
f(k+6)
9
Networks: L13
• Links between master and slave
– Synchronous Connection-Oriented (SCO)
» a symmetric point-to-point link
» uses reserved slots
- can be considered as a circuit-switched connection between master and slave
» typically used for time-critical information
- such as voice at a nominal 64kbs (56kbps data)
» a master can support up to 3 links to same or different slaves
- a slave can only support two links if links originate from different masters
» master sends SCO packets at regular intervals of TSCO slots
- each slot reserved for the purpose
» slave always allowed to respond with SCO packet in the following slot
» SCO link established by master sending a setup message via the LMP
- contains timing parameters e.g. TSCO and an offset DSCO from current slot no.
» unreliable transmission with no error detection and correction
- packets never retransmitted
- synchronous transmission considered more important than error-free for voice
10
Networks: L13
– Asynchronous Connectionless (ACL)
» no reserved slots
» master can exchange packets with a slave on a per-slot basis
- provides a packet-switched connection between master and slave
» only one ACL link between a particular master/slave pair allowed
- in addition to any SCO links between the same pair
» packets not addressed to a specific slave are considered as broadcast
- point-to-multipoint
- and read by all slaves
» a slave is permitted to respond to an ACL packet from a master in the
following slot only if it has been specifically addressed in the previous slot
» packet retransmission applied for most packets to assure data integrity
» isochronous services
- time-critical continuous transmission for fast sources e.g. audio/video
- used instead of SCO since ACL has a faster throughput rates
11
Networks: L13
• Packet format :
Access Code
Header
72
Payload
54
0 - 2745
– Access codes
» used for identification and timing synchronisation
» channel access code : identifies a piconet
» device access code : used for paging and responses to paging
» inquiry access code : to discover which Bluetooth devices are in range
– Header
am_addr
type
flow
arqn
seqn
HEC
» am_addr : active member address
» type : various control, data, 1-slot, 3-slot, 5-slot, SCO & ACL packets
» flow : flow control over an ACL link
- header with flow=0 returned when receive buffer is full, to stop transmission
¤ control packets can still be received
- header with flow=1 returned when buffer is empty
12
Networks: L13
» arqn : 1-bit acknowledgment of a transfer
- is piggy-backed in the header of the return packet
- ACK : arqn=1 for success (checked by CRC)
- NAK : arqn=0 for failure
- NAK assumed if no response received
- an unnumbered ARQ scheme so arqn relates to the latest received packet
» seqn : 1 bit sequential numbering
- for each new transmitted packet, the seqn bit is inverted
- this filters out retransmissions at the destination
¤ if a retransmission occurs due to a failed ACK, the destination receives the
same packet twice
¤ already correctly received retransmissions can be discarded
- a modified sequencing method used for broadcast packets
» HEC : Header Error Check
- 8-bit CRC-8 check : x7 + x6 + x4 + x2 + x + 1
– Payload
» different formats for SCO packets (fixed length 240 bits) and ACL packets
- checked with 16-bit CRC-CCIT polynomial : x16 + x12 + x5 + 1
13
Networks: L13
– other FEC codes used on some packet types also
» rate 1/3 : each bit repeated three times
- used for headers and voice data in SCO
» rate 2/3 : a (15, 10) Hamming code
- used in some ACL packets
» depending on the error-freeness of the environment, checked or unchecked
packet types can be used as desired to optimise throughput
• Data Whitening
– before transmission and FEC coding, header and payload are scrambled
» with a data whitening word
» to randomise the data in order to minimise DC bias
– whitening word XORed with packet bits
– generated from a linear feedback register (x7 + x4 + 1)
» initialised with part of the master clock register
14
Networks: L13
• Clocks
– every Bluetooth unit has an internal system clock
» to determine the timing and hopping of the transceiver
» never adjusted and never turned off
– for synchronisation with other units, offsets are used
» provides temporary clocks which are mutually synchronised
- master’s offset is zero
– have a resolution of 312.5µs
» a clock rate of 3.2khz
» wraps around at 228-1, ~ a day
– frequency hopping sequence determined by the master
» when a piconet is established, the master clock is sent to the slaves
– each slave keeps an offset to its own clock for this master
» offsets need to be updated regularly
- to allow for inaccurate clocks
» ±20ppm when active, ±250ppm when inactive and in low power state
15
Networks: L13
• Controller States
– major states : Standby and Connection
– seven substates : page, page scan, inquiry, inquiry scan, master response,
slave response and inquiry response
– Standby state:
» the default state, low-power mode, clock running
» may leave standby state to scan for page or inquiry messages
- or to page or inquire itself
» and enter Connection state as a slave when responding to a page message
– Connection state :
» when connection has been established
- packets can be sent back and forth
» starts with a POLL packet from the master
- to verify the switch to this master’s timing and frequency hopping sequence
» then control packets containing data that characterises the link
» then data packets as required
16
Networks: L13
Standby
Page
master
response
Inquiry
Scan
Page Scan
slave
response
Inquiry
inquiry
response
Connection
17
Networks: L13
• Connection Setup (Inquiry/Paging)
– the Inquiry Procedure used where destination’s device address not known
» enables a unit to discover which units are in range
- and what their device addresses and clocks are
- discovering unit collects device addresses of all units that respond
» a source unit enters Inquiry substate
- broadcasts an inquiry message continuously at different hop frequencies
¤ an inquiry sequence of 32 unique wake-up hop frequencies
- with no device address but can have device class specified
» a unit that allows itself to be discovered enters the Inquiry Scan substate
- scans for the inquiry access code in a packet
¤ staying long enough at a single frequency to scan for 16 inquiry frequencies
¤ using an inquiry response hop sequence corresponding to the inquiry sequence
- responds with an inquiry response message
¤ carrying the unit parameters
- contention may arise when more than one unit responds at same time
¤ unlikely to be in same phase of clock
¤ but, just in case, the unit backs off from responding for a random number of slots
- not obliged to respond
18
Networks: L13
– the Paging Procedure actually sets up a connection
» unit that carries out the page procedure automatically becomes the master
» the Page substate is used by the source (master) to activate and connect to a
slave which periodically wakes up in Page Scan substate
» the master tries to capture the slave by repeatedly transmitting the slave’s
device access code in different hop channels
- according to a page hopping sequence of 32 hop frequencies
¤ determined by the slave’s device address
- since master and slave are not yet synchronised, master does not know exactly
when the slaves wake up and on which hop frequency
¤ uses an estimate of the phase position derived from their last joint encounter or
from the inquiry procedure
¤ but might be completely wrong – follows a scheme to get round this if necessary
¤ transmits a train of identical device access codes at each hop
» a unit in page scan substate looks out for its own device access code
- using the page response hop sequence corresponding to the page hop sequence
- having received its own device address it, enters slave response substate
¤ sends slave response messages back to master
¤ enters Connection state and switches to the master’s channel parameters
19
Networks: L13
• Connection Modes
– Active Mode
» the unit participates on the channel
» the master schedules transmissions based on traffic demands to and from
the different slaves
- also supports regular transmissions to keep slaves synchronised to the channel
» slaves listen in the master-to-slave slots for packets
- if not addressed, it may sleep until the next new master transmission
– plus three power-saving modes with reduced device activity
» but all still synchronised to the piconet
– Sniff Mode
» the slave listens to the piconet at a reduced rate
» the sniff interval is programmable and depends on the application
– Hold Mode
» only an internal timer running
» data transfer restarts instantly when units transition out of Hold mode
20
Networks: L13
– Park Mode
» device does not participate in traffic
» have given up their MAC address
» occasionally listen to master traffic
- to re-synchronise
- to check on broadcast messages
» the most power efficient mode
- Sniff mode saves the least power, Hold mode intermediate
• Scatternets
– different piconets hop with independent sequences
– as more piconets are added, probability of collision increases
» graceful degradation of piconet performance takes place
– a unit can only be a master in one piconet
» but can swap master/slave role with a slave if required
- master and slave can start a new piconet with roles reversed
- then other slaves of the old piconet can transfer to the new piconet
21
Networks: L13
• Bluetooth Security
– inherently quite secure :
» low power transmissions means short range
» fast frequency hopping around a pseudo-random hop sequence
» much less likelihood of being eavesdropped
- than 802.11, for instance
– standard defines features operating at the link level
» i.e. between a master and a slave
– supports authentication and encryption
» based on a secret link key shared by a pair of devices
» this key generated by a pairing procedure invoked when the two devices
communicate for the first time
– each device has a unique address
» not easily spoofed (yet)
» scrambled address sent with each message
» security confidence comes from associating an address with an individual
- initialisation process uses a PIN
¤ can be stored in non-volatile memory of the device
22
Networks: L13
• Security Modes
– Mode 1 : no security procedures
» promiscuous or discovery mode
» allows other devices to initiate connections with it
– Mode 2 : enforces security after link establishment at L2CAP level
» allows setting up flexible security policies involving application layer controls
– Mode 3 : enforces controls such as authentication and encryption at the
Baseband level before the connection is set up
» usually done by a Security Manager
• Security Levels
– device level :
» trusted devices : access to all services for which trust relationship set up
» untrusted devices : restricted access to services
– service level
» services that require both authentication and authorisation
» services that only require authentication
» services open to all devices
23
Networks: L13
• Link Keys
– used in the authentication process
» and as a parameter when deriving the encryption key
– session :
» the time interval for which the unit is a member of a particular piconet
– semi-permanent keys
» can be used after the current session is over to authenticate units that share it
» stored in non-volatile memory
– temporary keys
» last only until current session is terminated and cannot be reused
» typically used for a point-to-multipoint connection where the same information
is to be distributed securely to several recipients
- a common encryption key is useful
– four types of link key used for different types of application
» all 128-bit random numbers
» Unit key : generated in a single device when it is installed
24
Networks: L13
» Combination key : derived from information in two units
- a device has to store such a key for every combination of unit pairs
» Master key : used to temporarily override current key
- when master wants to transmit to several devices at once
» Initialisation key : protects initialisation parameters when they are transmitted
- generated using bd_addr, a random number and a PIN number
– Unit keys and Combination keys functionally indistinguishable
» which key is used depends on the application
- more security using the Combination key but needs more storage memory
– PIN number
» up to 16 bytes long, fixed or selected by the user
» recommended that it be human entered when needed
- but can also be stored in units
» key exchange either by human or by a secure key agreement protocol
- e.g. Diffie-Hellman key agreement – a public-key cryptography standard
» also used to verify access to an application or service
– Encryption
» a new encryption key is generated for every packet
25
Networks: L13
• Authentication
– a challenge-response scheme
» claimant and verifier share the same symmetric secret key
– claimant’s knowledge of the secret key checked by a 2-move protocol
– verifier generates a random number, au_rand
– sends au_rand as the challenge to the claimant
– both verifier and claimant compute a function E1 (a 64-bit block cipher)
» a function of au_rand, device address bd_addr, and the link key
– claimant returns first 32 bits of result of E1 computation, sres, to verifier
– verifier checks sres is the same as its own computation
au_rand
au_rand
Verifier
bd_addr
bd_addr
E1
sres
link key
sres’
=?
sres
au_rand
E1
Claimant
link key
sres
26
Networks: L13
– verifier not necessarily the master
» application indicates who has to be verified by whom
» sometimes only one-way verification needed
» sometimes mutual authentication needed
- two successive authentication procedures, one each way round
– repeated authentication attempts
» a waiting interval must pass before a verifier will initiate a new attempt to the
same claimant
- or before it responds to an authentication attempt initiated by a unit claiming the
same identity as the suspicious unit
» for each subsequent authentication failure with the same Bluetooth address,
the waiting interval in increased exponentially
- e.g. doubled each time up to some maximum
- values depend on the implementation
» intervals decrease exponentially to a minimum when no new failed attempts
are made during a certain time period
» units need to keep a list of waiting intervals for every unit in contact
» prevents an intruder quickly trying lots of different keys
27
Networks: L13
• Encryption
– modes :
» nothing encrypted
» broadcast traffic not encrypted but individually addressed traffic encrypted
» all traffic encrypted
– encrypts the payloads of packets, not access codes or headers
– uses a stream cipher, E0 , re-initialised for every packet
» any notional encryption weakness handled by frequent re-initialisation
- long encrypted sequences typically needed for cryptanalysis
– E0 has three parts :
» initialisation : generation of the payload key
» generation of key stream bits using the payload key
» encryption and decryption using the key steam bits
– initialisation inputs:
» device address bd_addr, clock bits CLK26-1 , an encryption key KC
- clock value different for each new packet
28
Networks: L13
– encryption key KC
» derived from a random number and the current link key (E3 hash algorithm)
» the random number transmitted to the receiver in plain before encryption starts
» possibly reduced in length from 128 bits before use
- if national politics require it
– initialisation algorithm combines inputs
» result used to initialise four linear feedback shift registers
– key stream generator uses a complex summation combiner:
LFSR1
x25 + x20 + x12 + x8 + 1
LFSR2
x32 + x24 + x16 + x12 + 1
LFSR3
x33 + x28 + x24 + x4 + 1
LFSR4
x39 + x36 + x28 + x4 + 1
XOR
+
key stream
blending
function
– key stream XORed with payload data to be encrypted
29
Networks: L13
• Security attacks?
– eavesdropping
» limited scope because of short range
– unit key not as secure as combination key
» all devices paired with a unit keyed device can eavesdrop other packets
- may not be a problem in future with more memory in devices
– authentication much stronger than 802.11
» cannot capture the authentication key by listening to the challenge and response
» cannot use captured data to compute the authentication key
- E1 algorithm not easily invertible
- only 32 bits returned – not whole sres
– initial pairing a possible area of attack
» if attacker can guess or steal the PIN, fast search to derive the link key possible
- long random PINs recommended
- recommended that pairing be done in a private place
– “hopping along” – listening to all hop frequencies in parallel
» might give scope for capturing longer sequences for cryptanalysis
30
Networks: L13
• Link Manager Protocol
– carries out setup, authentication, link configuration and control etc.
– also deals with mode management, quality of service and power control
– discovers other remote Link Managers and communicates with them
– various types of protocol data unit (PDU) sent from one device to another
» some mandatory for all devices and some optional
» single slot packets
» have higher priority than user data
» messages not acknowledged since Baseband provides a reliable link
- but no guarantees over delays due to retransmission
- master only guarantees to communicate with slaves every Tpoll slots
¤ Tpoll a QoS parameter
– some message types :
» general response : LMP_accepted, LMP_not_accepted
» authentication : LMP_au_rand, LMP_res
- the challenge response scheme
31
Networks: L13
» pairing : LMP_in_rand, LMP_sres, LMP_unit-key, etc.
- when two devices do not have a common link key
- an initialisation key created from a PIN and a random number
- link key created from initialisation key and mutual authentication made
» encryption : LMP_encryption_mode_req, LMP_encryption_key_size_req,
LMP_start_encryption_req, LMP_stop_encryption_req
- encryption can be used after authentication if desired – an Optional message type
- if master wants all slaves in the piconet to use the same encryption parameters, it
must issue a temporary key and make this the current link key for all slaves
» clock offset : LMP_clkoffset_req, LMP_clkoffset_res
- clock offset between slaves own clock and master’s clock
- can be requested by the master to speed up paging time next time salve is paged
- also updated each time a packet is received from the master
» supported features : LMP_features_req, LMP_features_res
- a device makes this request in case another device does not support all packet
types and features in Baseband and Radio spec
» switch master/slave role : LMP_switch_req, LMP_slot_offset
- in case a switch from master to slave or vice versa is needed
32
Networks: L13
» modes : LMP_detach, LMP_hold_req, LMP_sniff_req, etc.
- to detach a device, change modes etc.
» power : LMP_incr_power_req, LMP_decr_power_req, etc.
- change transmit power
» quality of service : LMP_quality_of_service, etc.
- to set the poll interval Tpoll
» SCO links : LMP_SCO_link_req, LMP_remove_SCO_link_req
- when a connection between two devices is first established, the connection
consists of an ACL link
- one or more SCO links can then be established
» multi-slot packets : LMP_max_slot, LMP_max_slot_req
- to set the maximum number of slots for a packet
» connection establishment : LMP_host_connection_req, LMP_setup_complete
- after a connection request is accepted, security procedures can be invoked
» plus a whole lot more!
33
Networks: L13
• Host Controller Interface
– provides a command interface to Baseband and Link Manager
– and access to hardware status and control registers
– consists of two parts:
» software that implements the command interface
» physical hardware that connects Bluetooth subsystem to the host
- the software makes the hardware appear transparent to higher-level software
Host Application
HCI Driver
Transport Driver
Host
HCI Transport Bus
Transport Firmware
HCI Firmware
Link Manager
Baseband
RF
Bluetooth
Subsystem
34
Networks: L13
– HCI Software
» Data Plane responsible for data transfer across the link
» Control Plane responsible for link control and management
– HCI Commands and Events
» host controls network interface through commands provided by HCI driver
» spec also defines a set of events generated by HCI firmware
- to indicate state changes in the interface
– HCI Hardware/Transports
» define how to transport three classes of data
- UART Transport Layer
¤ where Bluetooth network interface and host on the same PCB
- RS232 Transport Layer
¤ network interface and host located in different enclosures
- USB Transport Layer
¤ how to map Bluetooth data types onto USB endpoints
- PC Card Transport Layer
¤ not part of spec but implemented to support interoperability
35
Networks: L13
• L2CAP : Logical Link Control and Adaptation Protocol
– provides connection-oriented and connectionless services
» only support for ACL links, not SCO kinks
» upper layer protocol mutiplexing capability
- needs to be able to distinguish between upper layer protocols such as the Service
Discovery Protocol (SDP), RFCOMM, Telephony Control etc.
- since Baseband protocol does not support any upper layer protocol type field
» segmentation and reassembly of packets up to 64Kb in length
- largest Baseband packet payload length is 341 bytes
¤ limits efficient use of bandwidth for protocols designed to use larger packets
- large upper layer packets segmented
- small Baseband packets assembled
» Quality of Service
- connection establishment process allows the exchange of information about QoS
- each L2CAP implementation must monitor resources used by protocols to ensure
QoS contracts are honoured
» group abstractions
- many protocols include concept of a group of addresses
- L2CAP permits such protocols to be mapped efficiently onto piconets
36
Networks: L13
– Channel Identifiers (CIDs)
» local names representing a logical channel end-point on a device
» can be managed locally as device thinks fit
- as long as same CID not reused for something else simultaneously
» some CIDs reserved for special purposes e.g. signalling channel 0x0001
- numerous commands available e.g. connection/disconnection request and
response, information request and response, echo request for testing etc.
– Connection-oriented data channels
» a connection between two devices
- each end represented by a CID
– Connectionless channels
» restricted to data flow in a single direction
» used to support a channel group on one or more remote devices
- in a best-effort manner – no QoS guarantees
– Events : all incoming messages to the L2CAP layer
» indications and confirmations, requests and responses from higher layers,
data from peers, timer expirations etc.
– Group management : creation and deletion of groups of devices etc.
37
Networks: L13
• RFCOMM
– a simple transport protocol providing emulation of RS232 serial ports
– supports up to 60 simultaneous connections between two Bluetooth devices
» to accommodate computers, printers, modems etc.
– its own flow control mechanisms
» in addition to emulated software Xon/Xoff and hardware RTS/CTS etc.
» also a credit-based flow control system
- a sender can only send as many frames per link as it has credits
- if no credits, has to stop sending and wait for more to be assigned
• Service Discovery Protocol (SDP)
– for applications to discover which services are available and their characteristics
» services available change dynamically based on proximity of devices in motion
– each available service has a service record which can be requested
» a collection of service attributes in various service classes
- each assigned an ID, some common to all services, some locally defined
– searching for a specific service or browsing to see what services are available
38
Networks: L13
• Profiles
– address the problem of the multiplicity of options and parameter values
– facilitates the interoperability of devices
– four key approaches :
» implementation options are reduced so applications share the same features
» parameters are defined so applications operate in similar ways
» standard mechanisms are defined for combining different standards
» user interface guidelines are defined giving uniformity across devices
– profiles describe minimum implementations of the Bluetooth protocol stack
» a minimum recipe for building a particular type of device
» which manufacturers can augment in order to distinguish their product
– if a device implements an end-user function covered by a profile, it must
implement that profile, for interoperability
» but can also implement a proprietary method, for flexibility
39
Networks: L13
– profiles are built up in layers, each profile relying upon layers beneath
40
Networks: L13
– the General Access Profile provides a basic level of functionality
» all Bluetooth must implement this
» ensures all devices are capable of making baseband connections
» defines :
-
generic procedures for discovering devices (idle mode procedures)
link management aspects of connecting devices
procedures related to security levels
common formats for user interface-level parameters
¤ e.g. naming conventions
» all described in considerable detail in the Bluetooth specification
– Service Discovery Application profile sits directly on the Generic Access Profile
» defines how an application should use the SDP
- to find the capabilities of other devices in its neighbourhood
– Serial Port Profile Group
» based on RFCOMM
- allows applications to treat links as virtual COM ports
» provides a gateway that provides access to a service
» and a terminal that uses that service
41
Networks: L13
– headset profile :
» terminal is the headset itself
» gateway is a device, e.g. a phone, supplying an audio call to the headset
- signalling for audio call uses modem format AT commands
- audio call uses an SCO link
– LAN access profile :
» gateway provides a link to a local area network
» terminal is anything that might be connected to a LAN e.g. PC, laptop etc.
42
Networks: L13
– Generic Object Exchange profile
» using the Infra Red Data Association’s OBEX object exchange protocol
» allows devices to set a path to a particular directory, create & delete objects
– Synchronisation profile
» a standard way to synchronise personal data - PIM
- such as phonebooks, calendars, email, notes, tasks etc.
» can be triggered at a particular time of day
» or when the devices come within range of one another
» hidden or unconscious computing
- happens without the user being aware of it
43
Networks: L13
– Object Push profile
» to push predefined standard data objects to another device
- can be used to exchange virtual business cards
- or to pass someone your schedule in a virtual calendar
– File Transfer profile
» allows devices to use OBEX for files and folders
44
Networks: L13
– Telephony Control Protocol
» a three-in-one phone has been suggested :
- on the move it’s a mobile phone connected on a cellular network
- at home it’s a cordless phone connected to the PSTN via a base station
¤ uses the Cordless Phone Telephony profile
- in the office it’s an intercom etc.
¤ uses the Intercom profile
– many more profiles expected to be defined as new applications appear
45
Networks: L13
Comparison with 802.11
Bluetooth
802.11
Application
Communication between
personal devices
Network access
Range
10m
100m
Speed
1Mbs
11Mbps/54Mbps
Cost
< $5
> $50
Power
Low
Medium
Security
Good
Poor
Maturity
Improving
Good
Complexity
High
Medium
Volume
Very large
Medium
46
Networks: L13
• Bluetooth and 802.11b Coexistence
– both use 2.4GHz ISM frequency band
– interference can be a substantial problem
– 802.11b throughput can be substantially cut by need for retransmissions etc.
– Bluetooth inherently more robust than 802.11
» frequency hopping moves on rapidly from channels in use by other technologies
» improved specification will allow channels to be skipped entirely
- when interference known to be present
– various companies developing proprietary products to coexist
» Silicon Wave Inc.’s `Ultimate Blue’ technology
- refrain from transmitting low priority packets on channels with known interference
- try anyway with high priority packets
» Intel
- linked devices which intercommunicate with information on channels in use
» Texas Instruments
- combined devices which dynamically allocate bandwidth between the technologies
47