Seminar Report

on

Table of Contents
Page | 1
 S. Topic Covered Page
No. No.
1. Introduction 2

2. History 3

3. Implementation 3

4. Why Bluetooth? 5

5. Bluetooth vs. Wi-Fi 5

6. Bluetooth vs. IrDA 6

7. Bluetooth Classes 8

8. Bluetooth Version 8
Specification
9. Bluetooth Protocol Stack 13

10. Bluetooth Networking 18

11. Bluetooth Profiles 24

12. Bluetooth Security Threats 30

13. Bluetooth Applications 31

14. Advantages of Bluetooth 33

15. Conclusion 35

16. Bibliography 36

1. INTRODUCTION:

Page | 2
 Bluetooth is a standard for a small, low-cost, power efficient radio chip that can be
used by computers, printers, mobile phones, headsets, headphones, and numerous other
consumer electronics. This technology allows multiple devices to communicate with each
other, or one device can control and manage several other devices.

Bluetooth is a proprietary open wireless protocol for

exchanging data over short distances (using short length radio
waves) from fixed and mobile devices, creating personal area
networks (PANs). It was originally conceived as a wireless
alternative to RS-232data cables. It can connect several devices,
overcoming problems of synchronization.

2. HISTORY:

The word "Bluetooth" is taken from the 10th Century Danish King Harald
Bluetooth. King Bluetooth had been influential in uniting Scandinavian Europe i.e. Denmark
& Norway during an era when the region was torn apart by wars and feuding clans. The
founders of the Bluetooth SIG felt the name was fitting because: Bluetooth technology was
first developed in Scandinavia, and is able to unite differing industries such as the cell phone,
computing, and automotive markets.

The name “Bluetooth” and its logo are trademarked by the privately held trade
association named the Bluetooth Special Interest Group (SIG), founded in September 1998
by a group of 5 electronics manufacturers (Ericsson, IBM, Intel, Nokia, and Toshiba) who
joined forces to form a private trade association. The Bluetooth SIG is a unification of leaders
in the telecommunications, computing, network, industrial automation, and automotive
industries. Today, The Bluetooth SIG includes Promoter Member Companies such as
Microsoft, Ericsson, IBM, Intel, Agere, Motorola, Nokia and Toshiba, plus thousands of
associate & adopter member companies.

By 1999 – the year when Bluetooth Spec 1.0 was introduced - 850 companies had
joined the SIG. A year later, when spec 1.1 was accepted, the Group boasted well over 1,000
members and a full 2000 companies had become involved by 2003 when Bluetooth Spec 1.2
was announced. Today, the Bluetooth SIG counts among its members 3,400 companies.

3. Implementation:

Page | 3
 Bluetooth uses a radio technology called frequency-hopping spread spectrum,
which chops up the data being sent and transmits chunks of it on up to 79 bands of 1 MHz
width in the range 2402-2480 MHz. This is in the globally unlicensed Industrial, Scientific
and Medical (ISM) 2.4 GHz short-range radio frequency band. In its basic rate (BR) mode,
the modulation is Gaussian frequency-shift keying (GFSK). It can achieve a gross data
rate of 1 Mbit/s. In extended data rate (EDR) π/4-DQPSK and 8DPSK are used, giving 2, and
3 Mbit/s respectively.

Bluetooth is a packet-based protocol with a master-slave structure. One master may

communicate with up to 7 slaves in a Piconet; all devices share the master's clock. Packet
exchange is based on the basic clock, defined by the master, which ticks at 312.5 µs intervals.
Two clock ticks make up a slot of 625 µs; two slots make up a slot pair of 1250 µs. In the
simple case of single-slot packets the master transmits in even slots and receives in odd slots;
the slave, conversely, receives in even slots and transmits in odd slots. Packets may be 1, 3 or
5 slots long but in all cases the master transmission will begin in even slots and the slave
transmit in odd slots.

Frequency band and RF channels:

 Works in ISM band: 2.4~2.4835 GHz (US, Europe and most other countries)

 Carrier frequency: f=2402+k MHz k=0...78

 Hopping rate: 1 hop/packet. 1600 hop/s for 1 slot packet

 Channel bandwidth: 1MHz(-20dB) - 220KHz(-3dB)

Bluetooth uses 2.4GHz ISM band because it is an unlicensed band, and available in
most countries. At this frequency (λ=12.3cm), a very small antenna is possible. And higher
frequency band may cause high cost on RF.

For some countries with different bandwidth allocations, a reduced hop (23 hops)
system is defined. According to current version of Bluetooth specs, 79/23 hops system can’t
communicate to each other. France and Japan recently released the full ISM band. Spain is
also working on it. It is very likely to use the same band globally in the future.

In the 2.4GHz ISM band, the use of spread spectrum is mandatory. Although DSSS
can achieve higher data rate (11Mbps for 802.11b standard), FHSS has its advantage of low

Page | 4
cost, low power, better security. FHSS also handles near-far problem better, since it will
effectively block out-of-band signals. Considering the possible applications of Bluetooth,
FHSS is a better solution.

The hopping sequence is calculated using the master’s Bluetooth Device Address. It
hops to every 1MHz channel with equal probability. Its 1600hops/sec fast hopping rate
is enough to overcome slow fading in most indoor environment, which has Doppler spread of
0.1~6Hz. The RMS delay spread usually ranges from 100ns to 10µs [30]. A typical 0.25µs
RMS delay spread corresponds to 640 KHz coherent bandwidth. So different 1MHz channels
will have different radio characteristics, and the FHSS will effectively solve the multipath
and fading problem.

For 1MHz channel, the 1Msps symbol rate is already fully exploiting the bandwidth.
The 1MHz channel bandwidth was the requirement of FCC, but recent decision from FCC
changed that to 5MHz. This will probably enable the future version protocol to get higher
data rate. HomeRF is already taking advantage of this 5MHz channel to get 10Mbps
throughput.

2.4GHz ISM band is free to all, so many applications now are using this band. These
applications include digital cordless phone, WLAN (802.11b), HomeRF, RFID, microwave
oven and many other proprietary technologies.

4. Why Bluetooth?
 Bluetooth was designed for consumers and small office/ home office users as an easy-
to-use, inexpensive way to transmit data without wires.

 Bluetooth uses minimal electricity so it may extend the life of battery-powered

devices such as notebook computers.

 Built-in encryption and authentication assure safe, secure wireless communication

 Bluetooth is perfectly suited for computers, mouse, phones, pens, laptops, PDAs,
cameras and any small battery-powered device.

5. Bluetooth vs. Wi-Fi:

 Bluetooth and Wi-Fi have many common applications such as: setting up networks,
printing, or transferring files.

Page | 5
  Wi-Fi is intended for resident equipment and its applications. The category of
applications is outlined as WLAN, the wireless local area networks. Wi-Fi is intended
as a replacement for cabling for general local area network access in work areas.

 Bluetooth is intended for non-resident equipment and its applications. The category of
applications is outlined as the wireless personal area network (WPAN). Bluetooth is a
replacement for cabling in a variety of personally carried applications in any
ambience.

 Wi-Fi is a traditional Ethernet network, and requires configuration to set up shared

resources, transmit files, and to set up audio links (for example, headsets and hands-
free devices).

 Wi-Fi uses the same radio frequencies as Bluetooth, but with higher power, resulting
in a stronger connection.

 Bluetooth is a short range device but it does not need any additional setup for use. It
just needs to be used as a plug & play device.

 Wi-Fi is sometimes called "wireless Ethernet". Wi-Fi requires more setup but is better
suited for operating full-scale networks; it enables a faster connection and better range
from the base station.

S.
Factor Bluetooth Wi-Fi
No.
1. IEEE Standard IEEE 802.16 IEEE 802.11
Data Transfer Up to 732
2. up to 11 mbps
Rate kbps
3. Range 10m - 100 m 100 m
Frequency
4. 2.4 GHz FHSS 2.4 GHz DSSS
Band
5. Technology TDMA CSMA/CA
6. Costing Cheaper($5) Expensive($50)
7. Power Efficient Yes (20mA) No (200mA)
6. Bluetooth vs. IrDA:

The Infrared Data Association (IrDA) has 2 standards: IrDA-Data and IrDA-Control,
the latter one is used for lower speed communications like wireless keyboard, joystick and
etc. Here, we are only interested with the IrDA-Data.

Page | 6
 IrDA is used for high-speed, short-range, line-of-sight and point-to-point data
transfer. The range of IrDA is larger than 1 meter. It requires a narrow angle (30degree)
point-and-shoot operation. The maximum data transfer speed is 4Mbps and 16Mbps is under
development. It doesn’t interfere with other wireless communications and also it’s immune to
interference from others.

IrDA gained great acceptance worldwide. Currently over 150 million units are
installed worldwide and this number is growing 40% annually. Its major applications are
laptop computers, printers and LAN access among others.

The biggest advantage of IrDA over Bluetooth is its high throughput, which makes it
suitable for high-speed applications. The IrDA is also cheaper. One manufacturer can get a
whole solution with cost of about $1.

S. No. Factor Bluetooth IrDA

2.4GHz FHSS Infrared, PPM
1. Technology
Point to point/multipoint Point to point
4Mbps, 16Mbps
2. Data Rate 1Mbps
underway
3. Range 100m(class 1) 1m, line of sight
4. Directionality Omni-directional 30 degree
5. Cost $5(long term) $1
Global
6. Most countries Yes
Standard
7. Security Very good Good

Bluetooth provides users more mobility. For class 2 Bluetooth devices, its range can
reach 10 meters, and it is Omni-Directional. It can effectively penetrate clothes and soft
partitions. For examples, the user can leave his cellular phone in his pocket while using dial-
up networking. This is impossible for IrDA.

Page | 7
 Both of them have their advantages and disadvantages, and neither can fully replace
the other. In Bluetooth specifications, IrOBEX is defined to enable applications to work on
both RF and IR media.

7. Bluetooth Classes:

Bluetooth devices are categorized in 3 main Classes by the SIG & these classes are
known as Class 1, Class 2 & Class 3.

POWER
CLASSE
RANGE CONSUMPTI APPLICATIONS
S
ON

Typically used by devices that requires

Greater
Class 1 330 ft (100m) extended range, such as Bluetooth to USB
(100 mW)
Adapters (IOGEAR GBU311) and more.

Typically used by devices which do not

require great range and should conserve
notebook battery power, such as Bluetooth
Lesser
Class 2 66 ft (20m) MiniMice (IOGEAR GME225B),
(2.5 mW)
Bluetooth GPS (IOGEAR GBGPS201),
Printer Adapters (IOGEAR GBP201) and
more.

Least Used by devices require very short range,

Class 3 33ft (10m)
(1 mW) such as cell phones, PDAs

8. Bluetooth Version Specification:

8.1. Bluetooth 1.0 and 1.0B:

Versions 1.0 and 1.0B had many problems, and manufacturers had difficulty
making their products interoperable. Versions 1.0 and 1.0B also included mandatory

Page | 8
 Bluetooth hardware device address (BD_ADDR) transmission in
the Connecting process (rendering anonymity impossible at the protocol level), which
was a major setback for certain services planned for use in Bluetooth environments.

8.2. Bluetooth 1.1:

 Ratified as IEEE Standard 802.15.1-2002

 Many errors found in the 1.0B specifications were fixed.

 Added support for non-encrypted channels.

 Received Signal Strength Indicator (RSSI).

8.3. Bluetooth 1.2:

This version is backward compatible with 1.1 and the major enhancements
include the following:

 Faster Connection and Discovery

 Adaptive frequency-hopping spread spectrum (AFH), which improves resistance

to radio frequency interference by avoiding the use of crowded frequencies in the
hopping sequence.

 Higher transmission speeds in practice, Up to 721 Kbit/s.

 Extended Synchronous Connections (eSCO), which improve voice quality of

audio links by allowing retransmissions of corrupted packets, and may optionally
increase audio latency to provide better support for concurrent data transfer.

 Host Controller Interface (HCI) support for three-wire UART.

 Ratified as IEEE Standard 802.15.1-2005

 Introduced Flow Control and Retransmission Modes for L2CAP.

8.4. Bluetooth 2.0 + EDR:

This version of the Bluetooth specification was released on November 10,
2004. It is backward compatible with the previous version 1.2. The main difference is
the introduction of an Enhanced Data Rate (EDR) for faster data transfer. The

Page | 9
 nominal rate of EDR is about 3 megabits per second, although the practical data
transfer rate is 2.1 megabits per second.

The additional throughput is obtained by using a different radio technology for

transmission of the data. Standard, or Basic Rate, transmission uses Gaussian
Frequency Shift Keying (GFSK) modulation of the radio signal with a gross air data
rate of 1 Mbit/s. EDR uses a combination of GFSK and Phase Shift
Keying modulation (PSK) with two variants, π/4-DQPSK and 8DPSK. These have
gross air data rates of 2, and 3 Mbit/s respectively.

According to the 2.0 + EDR specification, EDR provides the following benefits:

 Reduced complexity of multiple simultaneous connections due to additional

bandwidth.
 Three times the transmission speed (2.1 Mbit/s) in some cases.
 Lower power consumption through a reduced duty cycle.

The Bluetooth Special Interest Group (SIG) published the specification as

"Bluetooth 2.0 + EDR" which implies that EDR is an optional feature. Aside from
EDR, there are other minor improvements to the 2.0 specification, and products may
claim compliance to "Bluetooth 2.0" without supporting the higher data rate.

8.5. Bluetooth 2.1 + EDR:

Bluetooth Core Specification Version 2.1 + EDR is fully backward compatible
with 1.2, and was adopted by the Bluetooth SIG on July 26, 2007. It supports
theoretical data transfer speeds of up to 3 Mbit/s.

This specification includes the following features:

 Extended Inquiry Response (EIR)

Provides more information during the inquiry procedure to allow better

filtering of devices before connection. This information may include the name of the
device, a list of services the device supports, the transmission power level used for
inquiry responses, and manufacturer defined data.

 Sniff SubRating

Reduces the power consumption when devices are in the sniff low-power
mode, especially on links with asymmetric data flows. Human interface
devices (HID) are expected to benefit the most, with mouse and keyboard devices

Page | 10
increasing their battery life by a factor of 3 to 10. It lets devices decide how long they
will wait before sending keepalive messages to one another. Previous Bluetooth
implementations featured keep alive message frequencies of up to several times per
second. In contrast, the 2.1 + EDR specification allows pairs of devices to negotiate
this value between them to as infrequently as once every 10 seconds.

 Encryption pause/resume (EPR)

Enables an encryption key to be changed with less management required by

the Bluetooth host. Changing an encryption key must be done for a role switch of an
encrypted ACL link, or every 23.3 hours (one Bluetooth day) encryption is enabled on
an ACL link. Before this feature was introduced, when an encryption key is refreshed
the Bluetooth host would be notified of a brief gap in encryption while the new key
was generated; so the Bluetooth host was required to handle pausing data transfer
(however data requiring encryption may already have been sent before the notification
that encryption is disabled has been received). With EPR, the Bluetooth host is not
notified of the gap, and the Bluetooth controller ensures that no unencrypted data is
transferred while they key is refreshed.

 Secure simple pairing (SSP)

Radically improves the pairing experience for Bluetooth devices, while

increasing the use and strength of security. See the section on Pairing below for more
details. It is expected that this feature will significantly increase the use of Bluetooth.

 Near field communication (NFC) cooperation

Automatic creation of secure Bluetooth connections when NFC radio interface

is also available. This functionality is part of SSP where NFC is one way of
exchanging pairing information. For example, a headset should be paired with a
Bluetooth 2.1 + EDR phone including NFC just by bringing the two devices close to
each other (a few centimeters). Another example is automatic uploading of photos
from a mobile phone or camera to a digital picture frame just by bringing the phone or
camera close to the frame.

 Non-Automatically-Flushable Packet Boundary Flag (PBF)

Using this feature L2CAP may support both isochronous (A2DP media
streaming) and asynchronous data flows (AVRCP Commands) over the same
logical link by marking packets as automatically-flushable or non-automatically-

Page | 11
 flushable by setting the appropriate value for the “Packet_Boundary_Flag” in the
HCI ACL Data Packet.

8.6. Bluetooth 3.0 + HS:

The 3.0 + HS specification was adopted by the Bluetooth SIG on April 21,
2009. It supports theoretical data transfer speeds of up to 24 Mbit/s, though not over
the Bluetooth link itself. Instead, the Bluetooth link is used for negotiation and
establishment, and the high data rate traffic is carried over a collocated Wi-Fi link.

Its main new feature is AMP (Alternate MAC/PHY), the addition of 802.11
as a high speed transport. Two technologies had been anticipated for AMP: 802.11
and UWB, but UWB is missing from the specification.

 Alternate MAC/PHY

Enables the use of alternative MAC and PHYs for transporting Bluetooth
profile data. The Bluetooth Radio is still used for device discovery, initial connection
and profile configuration, however when large quantities of data need to be sent, the
high speed alternate MAC PHY (802.11, typically associated with Wi-Fi) will be used
to transport the data.

 Unicast connectionless data

Permits service data to be sent without establishing an explicit L2CAP

channel. It is intended for use by applications that require low latency between user
action and reconnection/transmission of data. This is only appropriate for small
amounts of data.

 Read encryption key size

Introduces a standard HCI command for a Bluetooth host to query the

encryption key size on an encrypted ACL link. The encryption key size used on a link
is required for the SIM Access Profile, so generally Bluetooth controllers provided
this feature in a proprietary manner. Now the information is available over the
standard HCI interface.

 Enhanced Power Control

Updates the power control feature to remove the open loop power control, and
also to clarify ambiguities in power control introduced by the new modulation

Page | 12
 schemes added for EDR. Enhanced power control removes the ambiguities by
specifying the behavior that is expected. The feature also adds closed loop power
control, meaning RSSI filtering can start as the response is received. Additionally, a
"go straight to maximum power" request has been introduced; this is expected to deal
with the headset link loss issue typically observed when a user puts their phone into a
pocket on the opposite side to the headset.

8.7. Bluetooth V4.0 (BLE; Low Energy Protocol):

On December 17, 2009, the Bluetooth SIG adopted Bluetooth Low Energy
(Ble) as the hallmark feature of the version 4.0. The provisional
names Wibree and Bluetooth ULP (Ultra Low Power) are abandoned.

On June 12, 2007, Nokia and Bluetooth SIG had announced that Wibree will
be a part of the Bluetooth specification, as an ultra-low power Bluetooth
technology. Expected use cases include watches displaying Caller ID information,
sports sensors monitoring the wearer's heart rate during exercise, and medical devices.
The Medical Devices Working Group is also creating a medical devices profile and
associated protocols to enable this market. Bluetooth low energy technology is
designed for devices to have a battery life of up to one year.

8.8. Future
 Broadcast channel

Enables Bluetooth information points. This will drive the adoption of

Bluetooth into mobile phones, and enable advertising models based on users pulling
information from the information points, and not based on the object push model that
is used in a limited way today.

 Topology management

Enables the automatic configuration of the Piconet topologies especially in

Scatternet situations that are becoming more common today. This should all be
invisible to users of the technology, while also making the technology "just work."

9. Bluetooth Protocol Stack:

vCard WAE
Page | 13
 OBEX WAP

UDP AT- TCS SDP

comma
IP

PPP Audio

RFCOMM

L2CAP

Host Controller LMP

Interface
Baseband

Bluetooth Radio

LMP (Link Management Protocol):

 Used for control of the radio link between two devices.

 Implemented on the controller.

The LMP will now establish a link with the access point. As the application in this
case is email, an ACL link will be used. Various setup steps will be carried out as described
below.

L2CAP (Logical Link Control & Adaptation Protocol):

Used to multiplex multiple logical connections between two devices using different
higher level protocols. Provides segmentation and reassembly of on-air packets.

Page | 14
 In Basic mode, L2CAP provides packets with a payload configurable up to 64kB,
with 672 bytes as the default MTU, and 48 bytes as the minimum mandatory supported
MTU.

In Retransmission & Flow Control modes, L2CAP can be configured for reliable or
isochronous data per channel by performing retransmissions and CRC checks.

Bluetooth Core Specification Addendum 1 adds two additional L2CAP modes to the
core specification. These modes effectively deprecate original Retransmission and Flow
Control modes:

 Enhanced Retransmission Mode (ERTM): This mode is an improved version of the

original retransmission mode. This mode provides a reliable L2CAP channel.

 Streaming Mode (SM): This is a very simple mode, with no retransmission or flow
control. This mode provides an unreliable L2CAP channel.

Reliability in any of these modes is optionally and/or additionally guaranteed by the

lower layer Bluetooth BDR/EDR air interface by configuring the number of retransmissions
and flush timeout (time after which the radio will flush packets). In-order sequencing is
guaranteed by the lower layer.

Only L2CAP channels configured in ERTM or SM may be operated over AMP

logical links.

SDP (Service discovery protocol):

Allows a device to discover services support by other devices, and their associated
parameters. For Example: when connecting a mobile phone to a Bluetooth headset, SDP will
be used for determining which Bluetooth profiles are supported by the headset (Headset
Profile, Hands Free Profile, Advanced Audio Distribution Profile (A2DP) etc.) and the
protocol multiplexer settings needed to connect to each of them. Each service is identified by
a Universally Unique Identifier (UUID), with official services (Bluetooth profiles) assigned a
short form UUID (16 bits rather than the full 128)

HCI (Host/Controller Interface):

Page | 15
 Standardized communication between the host stack (e.g., a PC or mobile phone OS)
and the controller (the Bluetooth IC). This standard allows the host stack or controller IC to
be swapped with minimal adaptation.

There are several HCI transport layer standards, each using a different hardware
interface to transfer the same command, event and data packets. The most commonly used
are USB (in PCs) and UART (in mobile phones and PDAs).

In Bluetooth devices with simple functionality (e.g., headsets) the host stack and
controller can be implemented on the same microprocessor. In this case the HCI is optional,
although often implemented as an internal software interface.

RFCOMM (Cable replacement protocol):

Radio frequency communications (RFCOMM) is the cable replacement protocol used

to create a virtual serial data stream. RFCOMM provides for binary data transport and
emulates EIA-232 (formerly RS-232) control signals over the Bluetooth baseband layer.

RFCOMM provides a simple reliable data stream to the user, similar to TCP. It is
used directly by many telephony related profiles as a carrier for AT commands, as well as
being a transport layer for OBEX over Bluetooth.

Many Bluetooth applications use RFCOMM because of its widespread support and
publicly available API on most operating systems. Additionally, applications that used a
serial port to communicate can be quickly ported to use RFCOMM.

BNEP (Bluetooth Network Encapsulation Protocol):

BNEP is used for transferring another protocol stack's data via an L2CAP channel. It's
main purpose is the transmission of IP packets in the Personal Area Networking Profile.
BNEP performs a similar function to SNAP in Wireless LAN.

AVCTP (Audio/Visual Control Transport Protocol):

Used by the remote control profile to transfer AV/C commands over an L2CAP
channel. The music control buttons on a stereo headset use this protocol to control the music
player

AVDTP (Audio/Visual Data Transport Protocol):

Page | 16
 Used by the advanced audio distribution profile to stream music to stereo headsets
over an L2CAP channel. Intended to be used by video distribution profile.

Telephone Control Protocol:

Telephony control protocol-binary (TCS BIN) is the bit-oriented protocol that defines
the call control signaling for the establishment of voice and data calls between Bluetooth
devices. Additionally, "TCS BIN defines mobility management procedures for handling
groups of Bluetooth TCS devices."

TCS-BIN is only used by the cordless telephony profile, which failed to attract
implementers. As such it is only of historical interest.

Adopted Protocols:

Adopted protocols are defined by other standards-making organizations and

incorporated into Bluetooth’s protocol stack, allowing Bluetooth to create protocols only
when necessary. The adopted protocols include:

 Point-to-Point Protocol (PPP)

Internet Standard Protocol for transporting IP Datagrams over a point-to-point link.

 TCP/IP/UDP

Foundation Protocols for TCP/IP protocol suite

 Object Exchange Protocol (OBEX)

Session-layer protocol for the exchange of objects, providing a model for object and
operation representation

 Wireless Application Environment/Wireless Application Protocol

(WAE/WAP)

WAE specifies an application framework for wireless devices and WAP is an open
standard to provide mobile users access to telephony and information services.

Page | 17
10. Bluetooth Networking:

10.1. Communication and Connection:

A Master Bluetooth device can communicate with up to seven devices in a Wireless

User Group. This network group of up to Eight Devices is called a Piconet. The devices can
switch roles, by agreement, and the slave can become the master at any time. At any given
time, data can be transferred between the master and one other device.

The Master switches rapidly from one device to another in a round-robin fashion.
Simultaneous transmission from the master to multiple other devices is possible via broadcast
mode, but not used much.

The Bluetooth specification allows connecting two or more Piconets together to form
a Scatternet, with some devices acting as a Bridge by simultaneously playing the Master
role in one Piconet and the Slave role in another.

Bluetoot
h
Bluetoot Headset
h
Enabled Bluetoot
Cell h
Phone Enabled
PDA

Bluetoot
h
Bluetoot
Enabled
h
Printer
Embedd Bluetoot
ed h
Laptop Enabled
Mouse

Page | 18
10.2. Setting up Connections:

Any Bluetooth device in discoverable mode will transmit the following

information on demand:

 Device name
 Device class
 List of services
 Technical information (For Example: Device Features, Manufacturer,
Bluetooth Specification Used, Clock Offset)

Any device may perform an inquiry to find other devices to connect to, and
any device can be configured to respond to such inquiries. However, if the device
trying to connect knows the address of the device, it always responds to direct
connection requests and transmits the information shown in the list above if
requested. Use of a device's services may require pairing or acceptance by its owner,
but the connection itself can be initiated by any device and held until it goes out of
range. Some devices can be connected to only one device at a time, and connecting to
them prevents them from connecting to other devices and appearing in inquiries until
they disconnect from the other device.

Every device has a unique 48-bit address. However, these addresses are
generally not shown in inquiries. Instead, friendly Bluetooth names are used, which
can be set by the user. This name appears when another user scans for devices and in
lists of paired devices. Most phones have the Bluetooth name set to the manufacturer
and model of the phone by default. Most phones and laptops show only the Bluetooth
names and special programs are required to get additional information about remote
devices.

10.3. Bluetooth Pairing:

 Motivation:
Many of the services offered over Bluetooth can expose private data or allow
the connecting party to control the Bluetooth device. For security reasons it is
therefore necessary to control which devices are allowed to connect to a given
Bluetooth device. At the same time, it is useful for Bluetooth devices to automatically
establish a connection without user intervention as soon as they are in range.

Page | 19
 To resolve this conflict, Bluetooth uses a process called Pairing. Two devices
need to be paired once to communicate with each other; the pairing process is
typically triggered automatically the first time a device receives a connection request
from a device it is not yet paired with. Once a pairing has been established, it is
remembered by the devices, which can then connect to each without user intervention.
When desired, the pairing relationship can later be removed by the user.

 Implementation:

During the pairing process, the two devices involved establish a relationship
by creating a shared secret known as a link key. If a link key is stored by both
devices they are said to be bonded. A device that wants to communicate only with a
bonded device can cryptographically authenticate the identity of the other device, and
so be sure that it is the same device it previously paired with. Once a link key has
been generated, an authenticated ACL link between the devices may be encrypted so
that the data that they exchange protected against eavesdropping.

Page | 20
 Link keys can be deleted at any time by either device. If done by either device
this will implicitly remove the bonding between the devices; so it is possible for one
of the devices to have a link key stored but not be aware that it is no longer bonded to
the device associated with the given link key.

Bluetooth services generally require either encryption or authentication, and as

such require pairing before they allow a remote device to use the given service. Some
services, such as the Object Push Profile, elect not to explicitly require authentication
or encryption so that pairing does not interfere with the user experience associated
with the service use-cases.

 Pairing Mechanisms:

Pairing mechanisms have changed significantly with the introduction of

Secure Simple Pairing in Bluetooth 2.1. The following summarizes the pairing
mechanisms:

1. Legacy Pairing: This is the only method available before Bluetooth 2.1.
Each device must enter a PIN code; pairing is only successful if both devices enter
the same PIN code. Any 16-byte UTF-8 string may be used as a PIN code,
however not all devices may be capable of entering all possible PIN codes.

 Limited input devices: The obvious example of this class of device is a

Bluetooth Hands-free headset, which generally have few inputs. These devices
usually have a fixed PIN, for example "0000" or "1234", that are hard-coded
into the device.

 Numeric input devices: Mobile phones are classic examples of these devices.
They allow a user to enter a numeric value up to 16 digits in length.

 Alpha-numeric input devices: PCs and SmartPhones are examples of these

devices. They allow a user to enter full UTF-8 text as a PIN code. If pairing
with a less capable device the user needs to be aware of the input limitations
on the other device, there is no mechanism available for a capable device to
determine how it should limit the available input a user may use.

Page | 21
2. Secure Simple Pairing (SSP):

This is required by Bluetooth 2.1. A Bluetooth 2.1 device may only use
legacy pairing to interoperate with a 2.0 or earlier device. Secure Simple Pairing
uses a form of public key cryptography, and has the following modes of operation:

 Just works: As implied by the name, this method just works. No user
interaction is required; however, a device may prompt the user to confirm the
pairing process. This method is typically used by headsets with very limited
IO capabilities, and is more secure than the fixed PIN mechanism which is
typically used for legacy pairing by this set of limited devices. This method
provides no “Man in the Middle (MITM)” protection.

 Numeric comparison: If both devices have a display and at least one can
accept a binary Yes/No user input, they may use Numeric Comparison. This
method displays a 6-digit numeric code on each device. The user should
compare the numbers to ensure they are identical. If the comparison succeeds,
the user(s) should confirm pairing on the device(s) that can accept an input.
This method provides MITM protection, assuming the user confirms on both
devices and actually performs the comparison properly.

 Passkey Entry: This method may be used between a device with a display
and a device with numeric keypad entry (such as a keyboard), or two devices
with numeric keypad entry. In the first case, the display is used to show a 6-
digit numeric code to the user, who then enters the code on the keypad. In the
second case, the user of each device enters the same 6-digit number. Both
cases provide MITM protection.

 Out of band (OOB): This method uses an external means of communication

(such as NFC) to exchange some information used in the pairing process.
Pairing is completed using the Bluetooth radio, but requires information from
the OOB mechanism. This provides only the level of MITM protection that is
present in the OOB mechanism.

Page | 22
Advantages of Secure Simple Pairing:

Secure Simple Pairing is considered simple for the following reasons:

• In most cases, it does not require a user to generate a passkey.

• For use-cases not requiring MITM protection, user interaction has been
eliminated.
• For numeric comparison, MITM protection can be achieved with a simple
equality comparison by the user.
• Using OOB with NFC will enable pairing when devices simply get close, rather
than requiring a lengthy discovery process.

A
Simple
Bluetooth
Network

Page | 23
  Connection Modes:

1. Sniff Mode: In the sniff mode, the slave reduces its activity by listening only
to slots of interval Tsniff, which is mutually agreed by both the slave and the
master. Sniff mode has the highest duty cycle among 3 power saving modes.

2. Hold Mode: In the hold mode, the slave sleeps for some preset period, and
then restarts data transfers instantly. Also, the time of the hold mode is negotiated
between the slave and the master.

3. Park Mode: In the park mode, the slave gives up its active-member-address
and gets a new 8-bit parked-member-address. The parked slave has very little
activity. It only listens to the beacon channel to synchronize and checks for
broadcast messages. The unit in park mode has the lowest power consumption
among all connected states.

One Piconet has up to 256 parked members. By switching between active and
park mode, a Piconet can accommodate much more units than 8. Also, one unit can
participate in multiple Piconets by putting itself into park mode in some Piconets.

Bluetooth uses different hopping sequences for inquiring, paging and active
channel. Both inquiring and paging processes use a 32 chip hopping sequence, which
lasts 10ms. It changes the phase of hopping every 1.28S. The unit in the inquiry scans
or page scan mode will listen only to 1 frequency. Usually the connection
establishment will take several seconds.

Minimu Average Maximum

Operation Type
m Time Time Time
Inquiry 0.00125s 5.12s 15.36s
Paging 0.0025s 0.64s 7.68s
Total (paging +
0.00375s 5.78s 23.04s
inquiry)

11. Bluetooth Profiles:

Page | 24
11.1. Advanced Audio Distribution Profile (A2DP):

This profile defines how high quality audio (stereo or mono) can be streamed
from one device to another over a Bluetooth connection. For example, music can be
streamed from a mobile phone to a wireless headset or car audio or from a
laptop/desktop to a wireless headset.

A2DP is designed to transfer a Uni-Directional 2-channel stereo audio stream,

like music from an MP3 player, to a headset or car radio. This profile relies
on AVDTP and GAVDP.

11.2. Audio/Video Remote Control Profile (AVRCP)

This profile is designed to provide a standard interface to control TVs, Hi-fi

equipment, etc. to allow a single remote control (or other device) to control all of the
A/V equipment to which a user has access. It may be used in concert with A2DP or
VDP.

11.3. Basic Imaging Profile (BIP)

This profile is designed for sending images between devices and includes the
ability to resize, and convert images to make them suitable for the receiving device. It
may be broken down into smaller pieces:

 Image Push
Allows the sending of images from a device the user controls.

 Image Pull
Allows the browsing and retrieval of images from a remote device.

 Advanced Image Printing

Print images with advanced options using the DPOF format developed by
Canon, Kodak, Fujifilm & Matsushita.

 Automatic Archive
Allows the automatic backup of all the new images from a target device. For
Example: a laptop could download all of the new pictures from a camera
whenever it is within range.

 Remote Camera

Page | 25
 Allows the initiator to remotely use a digital camera. For Example, a
user could place a camera on a tripod for a group photo, use their phone handset
to check that everyone is in frame, and activate the shutter with the user in the
photo.

 Remote Display
Allows the initiator to push images to be displayed on another device.
For Example: a user could give a presentation by sending the slides to a video
projector.

11.4. Basic Printing Profile (BPP)

This allows devices to send text, e-mails, vCards, or other items

to printers based on print jobs. It differs from HCRP in that it needs no printer-
specific drivers. This makes it more suitable for embedded devices such as mobile
phones and digital cameras which cannot easily be updated with drivers dependent
upon printer vendors.

11.5. Common ISDN Access Profile (CIP)

This provides unrestricted access to the services, data and signaling

that ISDN offers.

11.6. Cordless Telephony Profile (CTP)

This is designed for cordless phones to work using Bluetooth. It is hoped

that mobile phones could use a Bluetooth CTP gateway connected to
a landline when within the home, and the mobile phone network when out of range.
It is central to the Bluetooth SIG's '3-in-1 phone' use case.

11.7. Device ID Profile (DID)

This profile allows a device to be identified above and beyond the

limitations of the Device Class already available in Bluetooth. It enables
identification of the manufacturer, product id, product version, and the version of
the Device ID specification being met. It is useful in allowing a PC to identify a
connecting device and download appropriate drivers. It enables similar applications
to those the Plug-and-play specification allows.

Page | 26
11.8. Dial-up Networking Profile (DUN)

This profile provides a standard to access the Internet and other dial-
up services over Bluetooth. The most common scenario is accessing the Internet
from a laptop by dialing up on a mobile phone, wirelessly.

It is based on Serial Port Profile (SPP), and provides for relatively easy
conversion of existing products, through the many features that it has in common
with the existing wired serial protocols for the same task. These include the AT
command set specified in European Telecommunications Standards Institute (ETSI)
07.07, and Point-to-Point Protocol (PPP).

11.9. Fax Profile (FAX)

This profile is intended to provide a well defined interface between a mobile

phone or fixed-line phone and a PC with Fax software installed. Support must be
provided for ITU T.31 and / or ITU T.32 AT command sets as defined by ITU-T.
Data and voice calls are not covered by this profile.

11.10. File Transfer Profile (FTP)

Provides the capability to browse, manipulate and transfer objects (files and
folders) in an object store (file system) of another system. Uses GOEP as a basis.

11.11. Generic Object Exchange Profile (GOEP)

Provides a basis for other data profiles. Based on OBEX.

11.12. Headset Profile (HSP)

This is the most commonly used profile, providing support for the popular
Bluetooth Headsets to be used with mobile phones. It relies on SCO for audio
encoded in 64 Kbit/s CVSD or PCM and a subset of AT commands from GSM
07.07 for minimal controls including the ability to ring, answer a call, hang up and
adjust the volume.

Page | 27
11.13. Intercom Profile (ICP)

This is often referred to as the walkie-talkie profile. It is another TCS

(Telephone Control protocol Specification) based profile, relying on SCO to carry
the audio. It is proposed to allow voice calls between two Bluetooth capable
handsets, over Bluetooth.

11.14. LAN Access Profile (LAP)

LAN Access profile makes it possible for a Bluetooth device to

access LAN, WAN or Internet via another device that has a physical connection to
the network. LAP also allows the device to join an ad-hoc Bluetooth network. The
LAN Access Profile has been replaced by the PAN profile in the Bluetooth
specification.

11.15. Personal Area Networking Profile (PAN)

This profile is intended to allow the use of Bluetooth Network Encapsulation

Protocol on Layer 3 protocols for transport over a Bluetooth link.

11.16. Object Push Profile (OPP)

A basic profile for sending "objects" such as pictures, virtual business cards,
or appointment details. It is called push because the transfers are always instigated
by the sender (client), not the receiver (server). OPP uses the APIs of OBEX profile
and the OBEX operations which are used in OPP are connect, disconnect, put, get
and abort. By using these APIs the OPP layer reside over OBEX and hence follow
the specifications of the Bluetooth stack.

11.17. Phone Book Access Profile (PBAP, PBA)

Phone Book Access (PBA)[2] or Phone Book Access Profile (PBAP) is a

profile that allows exchange of Phone Book Objects between devices. It is likely to
be used between a car kit and a mobile phone to:

 Allow the car kit to display the name of the incoming caller;
 Allow the car kit to download the phone book so the user can initiate a
call from the car display.

Page | 28
11.18. Serial Port Profile (SPP)

This profile is based on the ETSI TS 07.10 specification and uses

the RFCOMM protocol. It emulates a serial cable to provide a simply implemented
wireless replacement for existing RS-232 based serial communications applications,
including familiar control signals. It provides the basis for DUN, FAX, HSP and
AVRCP profiles.

11.19. Service Discovery Application Profile (SDAP)

SDAP describes how an application should use SDP to discover services on

a remote device. SDAP requires that any application be able to find out what
services are available on any Bluetooth enabled device it connects to.

11.20. SIM Access Profile (SAP, SIM, rSAP)

This allows devices such as car phones with built in GSM transceivers to
connect to a SIM card in a phone with Bluetooth, thus the car phone itself doesn't
require a separate SIM card. This profile is also known as rSAP (remote-SIM-
Access-Profile).

11.21. Synchronization Profile (SYNCH)

This profile allows synchronization of Personal Information Manager (PIM)

items. As this profile originated as part of the infrared specifications but has been
adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is
also commonly referred to as IrMC Synchronization.

11.22. Video Distribution Profile (VDP)

This profile allows the transport of a video stream. It could be used for
streaming a recorded video from a PC media center to a portable player, or a live
video from a digital video camera to a TV. Support for the H.263 baseline is
mandatory. The MPEG-4 Visual Simple Profile, and H.263 profiles 3 and 8 are
optionally supported, and covered in the specification.

Page | 29
12. Bluetooth Security Threats:

The recent Bluetooth security threats have been isolated to Bluetooth cell phones.
The issues were due to specific problems with the cell phone’s platforms. In order to
solve, and prevent against further security problems, the Bluetooth SIG and all of its
members work together to discover, inspect and solve reported problems.

If there is something wrong with the actual Bluetooth specification, then the
Bluetooth SIG will confront the problem directly. However, if the problem is a
result of the implementation of Bluetooth technology, then the SIG will work with
the specific members in order to release patches and prevent future problems from
occurring.

 BlueJacking: Bluejacking allows phone users to send business cards anonymously

to one another using Bluetooth technology. Bluejacking does not involve any
altercations to your phone's data. These business cards usually consist of some clever
message or joke. Bluejackers are simply looking for a reaction from the recipient. To
ignore bluejackers, simply reject the business card, or if you want to avoid them entirely,
set your phone to non-discoverable mode.

 BlueSnarfing: Bluesnarfing refers to a hacker who has gained access to data, which
is stored on a Bluetooth enabled phone. Bluesnarfing allows the hacker to make phone
calls, send and receive text messages, read and write phonebook contacts, eavesdrop on
phone conversations, and connect to the Internet. The good news is, bluesnarfing requires
advanced equipment and expertise or requires the hacker to be within a 30 ft. range. If
your phone is in non-discoverable mode, it becomes significantly more difficult for
hackers to bluesnarf your phone. According to the Bluetooth SIG, only some
older Bluetooth enabled phones are vunerable to bluesnarfing.

 BlueBugging: Bluebugging refers to a skilled hacker who has accessed a cell

phone’s commands using Bluetooth technology without the owner's permission or
knowledge. Bluebugging allows the hacker to make phone calls, send messages, read and
write contacts and calendar events, eavesdrop on phone conversations, and connect to the
Internet. Just like all Bluetooth attacks, the hacker must be within a 30 ft. range.
Bluebugging and bluesnarfing are separate security issues, and phones that are vulnerable
to one are not necessarily vulnerable to the other.

Page | 30
13. Applications of Bluetooth:

1. Laptop:

The Bluetooth Technology is embedded in

the laptops & it resides as an inbuilt device
in the laptop circuit & widely use for data
transfer, creating Local Bluetooth Network
Etc.

2. PDA Device:

The PDA’s are already embedded with a

Bluetooth chip inside & this can be use for
data transfer or creating a network for
internet access, send/receive e-mails etc.

3. Printer:

A Bluetooth-enabled printer is a great way

to get rid of some messy cables in your
office, and gives you the freedom to
position your printer across the room or
across the hallway.

4. Mobile Phones:

Bluetooth Enabled phones can connect a

computer or PDA to the Internet, Send e-
mails or surf the web; or synchronize
phone numbers, transfer data and print
pictures to a Bluetooth printer.

Page | 31
5. Headsets:
Make a call on your Bluetooth headset
while your mobile phone is in your pocket,
purse or briefcase!
Ideal for use in your car or for making
VOIP calls from your Bluetooth-enabled
computer.

6. Stereo Headphones:
Enjoy full stereo audio without being
tethered to your stereo or MP3 player!
Bluetooth headphones deliver complete
freedom from wires. You can even control
the volume and skip from track to track, &
easily make calls from your cell phone.

7. Keyboard – Mouse:

Using a Bluetooth keyboard and mouse

offers the freedom of wireless
connectivity. No more worries about
positioning your computer within range of
your keyboard or mouse cables!

8. GPS System:

The Bluetooth GPS receiver allows you to

receive positioning data from satellites and
deliver the data to mobile computing
devices wirelessly via Bluetooth.

Page | 32
14. The Advantages of Bluetooth:

1. Bluetooth Devices are Wireless: In addition to improving safety as a result of

eliminating the clutter of wires and associated hazardous connections, wireless
technology also offers many convenient advantages. For example, when you are
traveling with your laptop, PDA, MP3 player and other devices, you no longer have to
worry about bringing along all of your connecting cables.

2. Bluetooth Technology is Inexpensive: Bluetooth technology is cheap for companies

to implement, which results in lower over-all manufacturing Costs. These savings are
then passed on to you, the consumer. The end result: Bluetooth devices are relatively
inexpensive.

3. Bluetooth is Automatic: Bluetooth doesn't require you to think about setting up a

connection or to push any buttons. When two or more Bluetooth devices enter a range
(Up to 30 feet) of one another, they automatically begin to communicate without you
having to do anything. Once the communicating begins, Bluetooth devices will setup
Personal Area Networks or Piconets. The best part is: The devices take care of the
entire setup process, and you can go about your business.

4. Standardized Protocol = Interoperability: Since Bluetooth is a standardized

wireless specification, a high level of compatibility among devices is guaranteed. The
Bluetooth specification uses and defines various profiles. Every Bluetooth profile is
specific to a particular function. For instance, when a Bluetooth enabled cell phone
and a Bluetooth headset (Both with the same profile) are communicating with one
another, both will understand each other without the user having to do anything, even
if the devices are of different models/makes.

5. Low Interference (If Any): Bluetooth devices avoid interference with other wireless
devices by:
(a) Using a technique known as Spread-Spectrum Frequency Hopping, and
(b) Using low power wireless signals.

6. Low Energy Consumption: As stated above, Bluetooth uses low power signals. As a
result, the technology requires little energy and will therefore use less battery or
electrical power. Obviously, this is a great benefit for mobile devices because
Bluetooth won't drain the life of your device's battery.

Page | 33
7. Share Voice and Data: The Bluetooth standard allows compatible devices to share
both voice and data communications. For example, it is probably no surprise that a
Bluetooth enabled cell phone is capable of sharing voice communications with a
compatible Bluetooth headset; however, the same cell phone may also be capable of
establishing a GPRS connection to the Internet. Then, using Bluetooth, the phone can
connect to a laptop. The result: The laptop is capable of surfing the web or sending
and receiving email.

8. Instant Personal Area Network (PAN): Up to seven compatible Bluetooth devices

can connect to one another within proximity of up to 30 feet, forming a PAN or
Piconet. Multiple Piconets can be automatically setup for a single room.

9. Upgradeable: The Bluetooth standard is upgradeable. A development group at the

Bluetooth Special Interest Group (SIG) has been given the task of working on the
new Bluetooth version 2, which offers several new advantages and is backward
compatible with the older versions.

10. Bluetooth is a Universal: It is a world-wide, wireless standard. Therefore,

you can count on it being around for years to come. As more devices begin to use
Bluetooth technology, electronics manufacturers will be increasingly eager to make
their products compatible, using Bluetooth. A chain reaction is inevitable, in fact, it
has already begun.

Page | 34
 Conclusion

Bluetooth wireless is constantly growing in popularity because of the

convenience of exchanging information between mobile devices. As Bluetooth
usage rises, so do the security risks associated with the technology. Advantages to
Bluetooth include .the ability to simultaneously handle both data and voice
transmissions which enables users to enjoy a variety of innovation solutions such
as a hands-free headset for voice calls, printing and fax capabilities, and
synchronizing PDA, laptop, and mobile phone applications.

Bluetooth users should familiarize themselves with Bluetooth security issues

before using Bluetooth devices, and especially before they bring these devices into
the work place.

Bluetooth Technology is becoming the world fasted growing

communication medium for organizations, establishments, homes and even
on the streets whose quest is to share data, information, pictures, music at
a reduced cost. I employ everyone the next time you shopping for a device in your
home, offices look for a Bluetooth enabled device. You don’t always have to be at
your desk to listen to music or carry your phone(s) around in your house just to
receive a call.

Page | 35
 Bibliography

 www.wikipedia.org
 www.4shared.com
 www.google.com
 www.scribd.com
 www.freebsd.org
 www.about.com
 Bluetooth Tutorials & E-Books

Page | 36