Bluetooth LowEnergy (BLE) 5... · Bluetooth vs BLE -a quick comparison Traditional Bluetooth...
Transcript of Bluetooth LowEnergy (BLE) 5... · Bluetooth vs BLE -a quick comparison Traditional Bluetooth...
Bluetooth Low Energy(BLE)Dariusz Bursztynowski – Warsaw University of Technology
Reminder
802.15.4
802.15.5 6loWPAN
CoAP/MQTT
(physical & link layers)
802.15.1
ANT
BLEWirelessH
ART… ZigBee
Why BLE?
� Need for connectivity of mobile devices with outside world
� What is „outside world”? � small , task-specific products, innovative, that are are sill to come� low-cost, low bandwidth, extremely low power, low complexity
� Idea – a framework to exchange data, so focus on a set of relatively low-level APIs
� to give developers freedom to use BLE the way they want and� hide technological complexity(in contrast to Bluetooth which is oriented towards applications)
� No barriers for adoption� easy-to-understand data model� no licensing� no fees for accessing the specs
Bluetooth vs BLE - a quickcomparison
� Traditional Bluetooth� connection-oriented (device „connected” means that a link is
maintained all the time, even if there is no data to be sent)� streaming support provided
� power reduction is possible due to sniff modes (devices can go asleep)� months of battery life-time.� although the power is lower than for other radio standards, it is still too
much for coin cells and very energy-efficient applications
� BLE – from Bluetooth 4.0 spec.� data transfer, no support for a real streaming (rate limit ~125kbit/s)� a new radio, new protocol stack, new profile (i.e., application)
architecture � designed to run from coin cells and support an Apps Store mode� range 150 meters LOS, but in reality is closer to a couple of meters� radio standard for a new decade, enabling the Internet of Things
� Note: since specification 4.1, L2CAP can create high throughput data channels
BLE – key facts
� Data throughput on a single channel ~125kbit/s in theory, less in practice
� designed for sending small chunks of data (exposing state)� not optimised for file transfer� does not support streaming
� Since Bluetooth 4.1, high-throughput user data channels at L2CAP
� Operating range even 150 meters LOS, but in reality is closer to justseveral meters
� Network topologies allowed, type of communication� broadcasting & observing
� connections (devices are coupled, i.e., associated – a state is needed)
Broadcaster
observer
observerobserver
Central device
peripheraldevice
peripheraldevice
peripheraldevice
BLE – keyfactsheet
� Range: below 150m (typically much less)
� Output Power: ~ 10mW (10dBm)
� Max Current: ~ 15mA
� Latency: 3 ms
� Topology: Star
� Connections: > 2 billion
� Modulation: GFSK @ 2.4 GHz
� Robustness: Adaptive Frequency Hopping, 24 bit CRC
� Security: 128bit AES CCM
� Sleep current ~ 1 μA
� Modes: Broadcast, Connection, Event Data Models Reads, Writes
Network topologies
� Broadcasting & observing
� Broadcaster: sends advertising packets to any observer willing to receivethem
� Observer – scans the preset frequencies to receive advertising packes� Broadcast packet contains: broadcaster capabilities + custom
information (data); larger payload can be sent in two consecutivepackets
� No security nor privacy of data
� Connections (devices are coupled, i.e., associated – a state is needed)� To send data in both directions or when there are more than two
payloads to send, encryption used� Periodical exchange of data between peers so is prive� Signalling procedure is used for setting up connections
Broadcaster
observer
observerobserver
Central device
peripheraldevice
peripheraldevice
peripheraldevice
Protocol stack(single-modedevice*)
Generic Access Profile(GAP)
Generic Attribute Profile(GATT)
Security Manager Protocol (GAP)
Attribute Profile(ATT)
Logical Link Control and Adaptation Protocol (L2CAP)
Link Layer (LL)
Low Energy Physical Layer (PHY)
Application (App)Application
Host
Controller
Host Controller Interface (HCI)
BLE device
* In a dual-mode device, protocol stacks for BLE and classical Bluetooth are present. We do not consider classical Bluetooth here.
Hardware configurations(physicalarchitectures)
Application
Host
Controller
System on chip (SoC)
Application
Host
Controller
Dual IC over HCI
Main CPU
HCI overUSB/UART*
Application
Host
Controller
Dual IC (Connectivity device)
Main CPU
Proprietaryprotocol
Three generic configuration of the HW• Simple sensors opt for SoC for low complexity reasons• Smartphones/tablets opt for Dual IC over HCI• Dual IC with Connectivity device is for special scenarios
*) Universal Asynchronous Receiver/Transmitter
Physical layer
� Contains analog communications circurity
� Radio uses the 2.4GHz ISM (Industrial, Scientific, and Medical) band
� 40 channels on ~2MHz spacing, 1MBit GFSK (larger range thanBluetooth BR)
� Channel layout is shown in the drawing; out of the 40 channels� 37 channels are for connection data and� three channels are advertising channels to setup connections and
broadcast data
� Frequency hopping spread spectrum used on each connection event
Link Layer (LL)
Link Layer (LL) - general
� Directly interfaces with PHY , isolates higher layers from PHY� Isolated itself from the rest of the layers by HCI (Host Control Interface)
� Carries main computational tasks (typically implemented in HW)� Preamble generation, access address handling, air protocol framing� CRC generation and computation� Random number generation , encryption (imposed by higher layers)
� Defines the following roles� Advertiser (sends advertising packets)� Scanner (listens for advertising packets)� Master (initiates a connection and manages it)� Slave (accepts a connection request and follows master’s timing)
� Logical tasks (typically software)� advertising, scanning� establishing/tearing down connections, changing connection
parameters� handling white lists
no connection
connection
SMP
ATT
SMP
ATT
L2CAPL2CAP LL connection
LL connection betweendevicesL2CAP flow between upperprotocol entities
HCI (Host Control Interface)
Link Layer –Bluetooth device address
� Bluetooth device address – fundamental identifier of Bluetooth appliance (like Ethernet MAC address)
� Two types of address� Public device address – factory-programmend address, set
according to registration IEEE procedure� Random device address – either pre-programmed or dynamically
generated� e.g., when a device manufacturer wants to avoid IEEE registration
� if dynamic, set by by the GAP layer
Link Layer -advertisingmode
• Peripherals (broadcasters) advertise their presence or requestconnections (broadcast data) to the master (observers).• potential receivers do periodical scanning
• Device can have a variety of reasons to advertise:• broadcast promiscuously• transmit signed data to a previously connected device• advertise their presence to a device wanting to connect• reconnect asynchronously due to a local event
• Two modes of scanning operation• passive scanning (listen for advertisements, never feedbacks
to the advertiser)• Active scanning – the scanner sends Scan request packet in
response to advertising packet and the advertiser respondswith Scan response packet (only ONCE)
See the example on the next page
Link Layer -advertisingmode -example
Example: peripheral advertising packets sniffed(here: passive)
Example sequence
passive active passive
Link Layer -advertisingpacket(example)
Link Layer –connectionsetup and data exchange
� Connection needed for information exchanges longer that two packets or for bidirectional data exchange
� always takes place between a specific pair of devices (a „pipe”)� typically the slave announces the need for a connection (by sending specific
advertisements)� Actual establishement initiated by the Master (CONNECT_REQ packet)
� Device address is used only during connection establishement
� within a connection, data packets are marked using unique conncetion identifier (set by the Master)
� Features� Exclusive – one for a peripheral; peripheral stops senting adverts after
establishing a connection (becomes invisible to other centrals)
� A series of bi-directional data exchange (Master-> Slave + Slave->Master)
� A bunch of exchanges is called Connection event, one per Connection Interval (see next slide)
� both determined by Master per connection, can be changed by Master during conn. lifetime
� Reliable
� error detection via CRC, repetition until confirmation based on a stop-and wait acknowledgementmechanism
� Encrypted
Link Layer –connectionsetup and data exchange -example
Example: CONNECT_REQ packet sniffed
duration of Connection Interval [ms]
max time between consecutive packets to consider the connection to be broken
Empty message(invite to send data)
User data message(27 byte payload)
could also be ADV_DIRECT_IND(Directed connectable mode)
Unirectedconnectable mode
Used as ack, invitenext data if positiveack
Connection Interval
Logical Link Control and Adaptation Protocol (L2CAP)
� Main functionality� Multiplexing protocols from upper layers (as for now, ATT and SMP)� No segmentation/reassembly needed (higher layers take care of their
payload size, e.g. see ATT – queued writes)
� Example: packet formats across BLE stack for ATT
L2CAP -general
SMP
ATT
SMP
ATT
L2CAPL2CAP LL connection
LL connection betweendevicesL2CAP flow between upperprotocol entities
LL
L2CAP
ATT
L2CAP - more
� Routes (multiplexes) two protocols� Attribute Protocol , ATT(the basis for data exchange of BLE
applications)� Security Manager Protocol , SMP (provides framework to generate
and distribute security keys between peers)� Muxing achieved using a 2-byte channel ID (CID) in L2CAP packets
� Since version 4.1 of Bluetooth specification� Can create its own user-defined channels for high-throughput data
transfer (new format, additional signalling procedures for flowcontrol - we do not expand on it here)
23 = 27-4
Attribute Protocol(ATT)
ATT – introATT vs GATT
Generic AttributeProfile (GATT)
Attribute Profile(ATT)
Logical Link Control and Adaptation Protocol(L2CAP)
Application
Generic AttributeProfile (GATT)
Attribute Profile(ATT)
Logical Link Control and Adaptation Protocol(L2CAP)
Application
Structured data at the appl level
APPS: discoverservices, echange
service-relateddata
� Intro� GATT/APPLs see structures� ATT sees ordered attributes
GATT – translatestructures intoattributes
ATT – find and sendelementary data pieces
APPL: provide the service, decidewhat/when, talk using structured data
AttributeProtocol (ATT) – intro, ATT vsGATT
� Generic Attribute Profile (GATT) framework that uses the ATT for� the discovery of services, and � the exchange of characteristics from one device to another.
� A characteristic is a set of data which includes a value and properties. At the ATT level, they all are stored in attributes.
� ATT vs GATT� GATT/Applications see structured information, for example:� a server runs a ‘temperature sensor’ service that� provides a ‘temperature’ characteristic that uses
� an attribute for describing the sensor (i.e., the device)
� attribute for storing a value of temperature measurement� yet another attribute for specifying the measurement units
Structureddata
ATT - overview
� ATT perspective: services and characteristics together with their valuesare available as attributes
� e.g., GATT gives structure to attributes in the form of services, characteristics, values (descriptors), etc.
� ATT operates on attributes
� Simple client-server stateless protocol� Based on attributes presented by a device� Client (central) can access server (peripheral) for attributes� Works on top of a dedicated L2CAP channel
� Attribute - elementary data structure� stores the information managed by the GATT� universally unique identifier (UUID) – global „worldwide”
� specifies the type and nature of data contained in the value� Length: 128 bit for customised, and 16 bit for Bluetooth SIG defined ones
� 16 bit handle, unique to a given device for a given UUID (attr. instance id)� value represents named information� attribute values can be accessed by either UUID or by handle, depending
on the application
ATT – overviewcntd
� Mode of operation� any device can be a client, server or both (regardless of their
Master/Slave roles)� the client or server role of a device is determined by the GATT (appl)� multiple types of operations are allowed (e.g., read , write)� strict in sequencing
� no request can be sent until the response is received and processed
ATT –operations
� Set of categories, several operations in each category� Each peration has its parameters� Most of them are of type request/response (transactional)
Categories/operations
� Error handling� Error response
� Server configuration� Exchange MTU Request/Response
� Find information� Find information Request/Response� Find by Type/Value (returns handle range for UUID and value)
� Read operations� Read by type Request/Response (by UUID)� Read Request/Response (by handle)� Read blob Request/Response (read a part of a value by handle) � Read multiple Request/Response� Read by group type Request/Response
ATT –operationscntd
� Write operations� Write Request/Response� Write command (without response)� Signed write command (like write command, but using a signature)
� Queued writes� Prepare write Request/Response� Execute write Request/Response
� Server initiated (asynchronous push operations to the client initiatedby the server)
� Handle value indication/confirmation (by handle, expectsconfirmation)
� Handle value notification (as above, no confirmation required)
Generic AttributeProfile (GATT)services & characteristics
GATT – service example (HRT case)
� Heart rate monitor (HRT)
GATT server
1
23
4
GATT client
12
34
Read multiplereq/resp
Read
Read multiple
Read
Generic Access Profile (GAP)advertising & connections
Generic Access Profile (GAP) -scope
� Framework all devices must follow to:� discover each other � broadcast data� establish secure connections � and perform many other operations …
Generic Access Profile(GAP)
Security Manager (SM)
Logical Link Control and Adaptation Protocol(L2CAP)
Application
Generic Access Profile(GAP)
Security Manager (SM)
Logical Link Control and Adaptation Protocol(L2CAP)
Application
DEVICES: learnabout each other,
establishconnections
GAP - scope
� Framework all devices must follow to:� discover each other � broadcast data� establish secure connections � and perform many other operations …
� Distinguishes� Roles
� to be adopted by a device to join a network
� Modes� state of the device in which defined procedures can be performed� mode results from the role adopted
� Procedures� sequences of actions that enable devices to perform their tasks� Procedure results from the mode (and role), and possibly events
GAP – roles, modes, procedures
� Roles� Broadcaster - uses LL advertiser role� Observer - uses LL scanner role� Central - corresp. to LL (link-layer) master (initiates a connection)� Peripheral - corresp. to LL (link-layer) slave (accepts the connection)Note: GAP roles typically stay constant thoughout the lifetime of a device (in GAPP, each device can perform as GAPP client and server, depending of the sender of the request)
� Modes/procedures
Procedure Applicablerole(s)
Applicable peer mode(s)
Observation Observer Broadcast
Limited discovery Central Limited discoverable
General discovery Central Limited and General discoverable
Name discovery Peripheral, central N/A
Connection establishement Central Connectable
Connection parameter update Peripheral, central N/A
Terminate connection Peripheral, central N/A
Thank you J
Quiz questions
� What is(are) the main difference(s) between classical Bluetooth and Bluetooth Low Energy (BLE, aka Bluetooth Smart)?
� When the advertising mode of communication is sufficient and when connections are necessary?
� What is the main role (domain) of GAT (Generic Access Profile)?
� What is the main role (domain) of GATT (Generic AttributeProfile)?
� What is the role of ATT (Attribute protocol) wrt GATT?
� Can a Central be GATT server, GATT client, or both?
� Security manager (SM) provides the ability to generate and exchange security keys to communicate over encrypted links. Question: which one of the topologies, broadcast or connected, isthe one targeted by SM?