Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CCM 4300 Lecture 5 Computer Networks: Wireless and Mobile Communication Systems Dr E. Ever School of Computing Science 1 Lesson objectives To acquire a basic understanding of GSM, GPRS, EDGE, Satellite systems, UMTS and Bluetooth and you will be able: - to make informative decision regarding which technology to use and why - explore the history and architecture of such technologies - identify some of the advantages and disadvantages of using these technologies. 2 Session Content Introduction – what is GSM? GSM and GPRS Components Why the interest in 2G, 3G and 4G technologies? UMTS Bluetooth Satellites: HEO, MEO, LEO 3 Wide Area mobile connectivity-GSM • Circuit-switched • Second generation (2G): • digital • GSM (2G): • digital • secure (?) • international roaming • 13Kb/s voice • 2.4kb/s - 9.6Kb/s data (uses FEC) • SMS: • up to 160 chars of text • GSM flavours: • GSM900 – vanilla GSM • GSM1800, PCN, (Europe) • GSM1900, PCS (US) • GPRS (2.5G) • UMTS (3G) • 4G systems: • 20Mb/s – 100Mb/s 4 GSM: An overview I GSM formerly: now: Groupe Spéciale Mobile (founded 1982) Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European telecommunication administrations (Germany: D1 and D2) seamless roaming within Europe possible today many providers all over the world use GSM (more than 214 countries in Asia, Africa, Europe, Australia, America) more than 2 billion subscribers more than 70% of all digital mobile phones use GSM Countries which are using GSM networks on larger scales are Russia, china Pakistan, United States, India. over 360 billion SMS per year worldwide 5 What happens within the network? GSM Network ? GSM Subscriber fixed network Fixed network subscribers Other mobile subscribers 6 GSM Physical layer • Phy: • 900MHz (1.8GHz, 1.9GHz) • 2x25Mhz bands 890-915MHz uplink 935-960MHz downlink • 124 carriers per band • 200KHz bandwidth per carrier • Channel allocation: • TDMA/FDMA • multiple frequency channels • TDMA in each channel • (slow FH possible) S indicates user or network control data 0 tail bits 0 data bits 7 frame (8 bursts) (~4.615ms) stealing bit (S) training sequence Stealing bits data bits guard bits Tail bits 25 multi-frame (26 frames) (120ms) frame 12 for signalling frame 25 unused tail: 3 bits stealing: 1 bit data: 57 bits training: 26 bits guard: 8.25 bits 7 GSM Physical layer 8 GSM coding overhead • 114 bits every 4.615ms ~31Kb/s • So why do we only get 13Kb/s speech and 9.6Kb/s data? • Error coding! • plus other overhead • Large amount of error correction coding: • speech uses CRC + 1/2 rate convolutional coding for Forward Error Correction • need better FEC for data • 260 bits of speech produces 456 bits for transmission! • 13Kbs ~23Kb/s • “high-speed” data available now - HSCSD: • 14.4Kb/s or 28.8Kb/s on 2 channels • May be able to improve on this with 3G CDMA: • less overhead required? 9 FEC (simple example) A simple example would be an analog to digital converter that samples three bits of signal strength data for every bit of transmitted data. The simplest example of error correction is for the receiver to assume the correct output is given by the most frequently occurring value in each group of three. Triplet received Interpreted as 000 0 001 0 010 0 100 0 111 1 110 1 101 1 011 1 10 GSM Network Structure I • Digital mobile service: • data/voice • extendable network • allows international roaming • Network topology: • cells • base-transceiver station (BTS) • GSM cell clusters: • 4, 7, 12, 21 cells • pattern repeats to cover area base-transceiver station (BTS) • BTS network: • interconnected by a terrestrial network 11 GSM network structure II d f3 f5 f4 f2 f6 f1 r f3 f5 f4 f7 Handoff region f1 f2 • d/r > 2.5 • Network scaling: • reduce cell-size • increase number of cells 12 Handoff for Wireless Systems (cont`d) • Handoff!! • The process of transferring a mobile user from one channel or base station to another. Performability Modelling for Wireless and Mobile Communication Systems 13 Equations • The average number of calls in the systems, NS • However, since only i channels operative at any time, the MQL can now be represented by Ni where i is the S number of operative channel. So overall MQL is as N qi N i follows: S iS i S i S M i S! p0 N S i i 0 i! i S 1 [S ( j S ) cd ] j S 1 i 0 Performability Modelling for Wireless and Mobile Communication Systems Performability Modelling of Handoff (cont`d) Why does no hand-off has the worst performance? Performability Modelling for Wireless and Mobile Communication Systems GSM Network Structure III OMC, EIR, AUC HLR NSS with OSS VLR MSC GMSC VLR fixed network MSC BSC BSC RSS AuC authentication centre BSC base-station controller BTS base-transceiver station EIR equipment identity register HLR home location register MSC mobile switching centre VLR visitor location register OMC Operation and maintenance systems 16 GSM network structure IV •MS: • sends beacon to BTS • BSC: • talks to all BTS in an area • assigns channels • performs authentication • sends updates for VLR • communicates with other BSCs and a single MSC • Roaming: • updates to VLR via MSC BSC base-station controller BTS base-transceiver station HLR home location register MSC mobile switching centre VLR visitor location register OMC Operation and maintenance systems MS Mobile station • Hand-off: • BTS BTS (same BSC) • BSC BSC (same MSC) • MSC MSC • Location information: • mobile is tracked • location registers kept updated 17 GSM cell types Hot spots: • cell-within-a-cell fast-moving MS, • Macro-cells: many-hand-offs • large, sparsely populated areas e.g. car, train, etc • Micro-cells: • densely populated areas. By splitting the existing areas into smaller cells, the number of channels available is increased as well as the capacity of the cells. The power level of the transmitters used in these cells is then decreased, reducing the possibility of interference between neighbouring cells. • Selective cells: • not-360° coverage • special antenna give “shape” . e.g.Cells that may be located at the entrances of tunnels where a selective cell with a coverage of 120 degrees is used. • Umbrella cells: •covers several micro-cells • used for “high-speed” MS Umbrella cell Umbrella cell 18 Power Management Hand-off • Quality vs. power • Maintain quality: • mobile increases transmit power • maintains quality • hand-off when quality is low • Conserve power: • set transmit power threshold • hand-off when threshold reached Silence suppression • DTX (Discontinuous transmission a method of momentarily powering-down) • No “speech” for ~40% of call duration: • perhaps more for data • Background noise at MS: • not easy to detect … • detect “no speech” • Switch off transmission: • when “no speech”detected • saves power • Receiver: • comfort noise 19 Security Terminal • SIM: • subscriber identity module • IMSI: • subscriber identity (on SIM) • IMEI: • MS identity (in MS) • Stream cipher used: • key+algorithm from SIM • random number XOR’d with data/voice bits Network • EIR: • stores known IMEI numbers • AuC: • uses IMSI and IMEI (plus interaction with EIR) • authenticates user • checks service subscription • (updates VLR and other location information) 20 • Security in GSM Security services – access control/authentication • • user SIM (Subscriber Identity Module): secret PIN (personal identification number) Security services – access control/authentication • user SIM (Subscriber Identity Module): secret PIN (personal identification number) • SIM network: challenge response method one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated. • • SIM network: challenge response method “between you and I”: • A3 and A8 available via the Internet • network providers can use stronger mechanisms – confidentiality • voice and signaling encrypted on the wireless link (after successful authentication) – anonymity • temporary identity TMSI (Temporary Mobile Subscriber Identity) • newly assigned at each new location update (LUP) • encrypted transmission 3 algorithms specified in GSM – A3 for authentication (“secret”, open interface) – A5 for encryption (standardised) – A8 for key generation (“secret”, open interface) GSM - authentication SIM mobile network Ki RAND 128 bit AC RAND 128 bit RAND Ki 128 bit 128 bit A3 A3 SIM SRES* 32 bit MSC SRES* =? SRES SRES SRES 32 bit Ki: individual subscriber authentication key 32 bit SRES SRES: signed response 22 GSM - key generation and encryption MS with SIM mobile network (BTS) Ki AC RAND 128 bit RAND 128 bit RAND 128 bit A8 cipher key BSS Ki 128 bit SIM A8 Kc 64 bit Kc 64 bit data A5 encrypted data SRES data MS A5 23 Beyond 2G systems: GPRS I •Uses existing GSM infrastructure: • requires some changes to • Packet radio service: support new signalling • “always on” • Same RF spectrum as GSM • shared media access • multiple bursts per user • one frame could carry voice Point-to-point (PTP) service: and data internetworking with the Internet (IP • On demand allocation: protocols) and X.25 networks. • user signals network for channel/burst(s) allocation Point-to-multipoint (PT2MP) service: point-to-multipoint multicast and point- • Requires new terminal: • mobile phones may need to be to-multipoint group calls upgraded or replaced (done) General Packet Radio Service (GPRS) 24 GPRS II • Better network utilisation • Good for general data: • suits bursty applications • GPRS + IP integration: • How to charge? • volume – per packet? • flat rate? • QoS: • may not be suitable for real-time applications • “real-time extensions” in 3G 25 EDGE Enhanced Data-rates for Global Evolution: • builds on GPRS mechanism • packet interface • Available now in North America and some parts of Europe • “Peak rates” of 384Kb/s: • “pedestrian” rate • “Normal rate” of 144Kb/s: • “high mobility” rate Requires new RF spectrum: • 2x50MHz • 1.9GHz and 2.1GHz bands being used in some parts of the world High-Speed Packet Access (HSPA). Peak bit-rates of up to 1Mbit/s and typical bit-rates of 400kbit/s can be expected. 26 UMTS: universal mobile telecommunications services 3G –• Voice: • 2G GSM-like services • Data: • 64Kb/s – ~2Mb/s • ISDN-like services • WCDMA(Wideband Code Division Multiple Access) 10Mb/s • Packet and circuit services • International roaming Needs new RF spectrum! W-CDMA a pair of 5MHz frequency band, for the uplink, 19000 MHz range, for the downlink, 2100 MHz range. • Requires new or upgraded infrastructure • Potential for broadband wireless services Since 2006, UMTS networks in many countries have been or are in the process of being upgraded with High Speed Downlink Packet Access (HSDPA), sometimes known as 3.5G. 27 Up to 21 Mbit/s. IMT-2000 • ITU’s approach to 3G wireless • “Umbrella” activity from ITU: • mainly European interest, though international in theory • Intended to provide: • coordination between different 2.5/3G systems • harmonisation of services to allow use efficient of Spectrum • http://www.umts-forum.org/imt2000.html IMT: international Mobile Communications 28 Simplified Roadmap – one to another 2G 2.5G GSM only (+SMS) GSM GSM + GPRS 3G (IMT-2000) EDGE UMTS GSM only (+SMS) 29 CT0/1 AMPS NMT CT2 IMT-FT DECT IS-136 TDMA D-AMPS TDMA FDMA Development of mobile telecommunication systems GSM PDC EDGE GPRS IMT-SC IS-136HS UWC-136 IMT-DS UTRA FDD / W-CDMA CDMA IMT-TC UTRA TDD / TD-CDMA IMT-TC TD-SCDMA 1G IS-95 cdmaOne cdma2000 1X 2G 2.5G IMT-MC cdma2000 1X EV-DO 1X EV-DV (3X) 3G 30 GLOBAL EVOLUTION TO 3G MULTIRADIO NETWORKS UMTS Multiradio Network TDMA GSM WCDMA(Wideband Code Division Multiple Access) Internet, multimedia, video and other capacity-demanding applications. PDC cdmaOne GSM/GPRS/EDGE GSM/GPRS ? cdma2000 1x 2G cdma2000 1xEV-DV cdma2000 1xEV-DO First Steps to 3G 3G Phase 1 Evolved 3G Networks Performance characteristics of GSM (wrt. analog sys.) Communication mobile, wireless communication; support for voice and data services Total mobility international access, chip-card enables use of access points of different providers Worldwide connectivity one number, the network handles localization High capacity better frequency efficiency, smaller cells, more customers per cell High transmission quality high audio quality and reliability for wireless, uninterrupted phone calls at higher speeds (e.g., from cars, trains) Security functions access control, authentication via chip-card and PIN 32 Disadvantages of GSM There is no perfect system!! no end-to-end encryption of user data no full ISDN bandwidth of 64 kbit/s to the user, no transparent B-channel reduced concentration while driving electromagnetic abuse of private data possible roaming high radiation profiles accessible complexity of the system several incompatibilities within the GSM standards 33 GSM and 3G – more information can be found at ... •http://www.gsmworld.com/ • http://www.umts-forum.org/ • http://www.uwcc.org/ Universal Wireless Communications Consortium • http://www.3gpp.org/ Third Generation Partnership Project • Not covered in these notes, however, … http://www.wapforum.org/ Wireless Application Protocol Forum 34 Satellite systems •LEO and MEO: • satellite constellations • no terrestrial network support • “total” area coverage • Very expensive: • to construct and maintain to use • Complex: • hand-off between satellites • routing •Service providers finding it hard to break into the market • Safety concerns: • MS power output • Voice only systems • Voice and data systems • Broadband systems • Will they succeed? 35 4G Systems Totally packet-based: • IPv6 • Higher data rates: • up to 100Mb/s • Better security • Totally digital 36 Classical satellite systems Inter Satellite Link (ISL) Mobile User Link (MUL) Gateway Link (GWL) MUL GWL small cells (spotbeams) base station or gateway footprint ISDN PSTN: Public Switched Telephone Network PSTN GSM User data 37 Orbits I Four different types of satellite orbits can be identified depending on the shape and diameter of the orbit: GEO: geostationary orbit, ca. 36000 km above earth surface LEO (Low Earth Orbit): ca. 500 - 1500 km MEO (Medium Earth Orbit) or ICO (Intermediate Circular Orbit): ca. 6000 - 20000 km HEO (Highly Elliptical Orbit) elliptical orbits 38 Geostationary satellites Orbit 35,786 km distance to earth surface, orbit in equatorial plane (inclination 0°) complete rotation exactly one day, satellite is synchronous to earth rotation fix antenna positions, no adjusting necessary satellites typically have a large footprint (up to 34% of earth surface!), therefore difficult to reuse frequencies bad elevations in areas with latitude above 60° due to fixed position above the equator high transmit power needed high latency due to long distance (ca. 275 ms) not useful for global coverage for small mobile phones and data transmission, typically used for radio and TV transmission 39 LEO systems Orbit ca. 500 - 1500 km above earth surface visibility of a satellite ca. 10 - 40 minutes global radio coverage possible latency comparable with terrestrial long distance connections, ca. 5 - 10 ms smaller footprints, better frequency reuse but now handover necessary from one satellite to another many satellites necessary for global coverage more complex systems due to moving satellites Examples: Iridium (start 1998, 66 satellites) Bankruptcy in 2000, deal with US DoD (free use, saving from “deorbiting”) Globalstar (start 1999, 48 satellites) Not many customers (2001: 44000), low stand-by times for mobiles 40 MEO systems Orbit ca. 5000 - 12000 km above earth surface comparison with LEO systems: slower less moving satellites satellites needed simpler for system design many connections no hand-over needed higher latency, ca. 70 - 80 ms higher sending power needed special antennas for small footprints needed Example: ICO (Intermediate Circular Orbit, Inmarsat) start ca. 2000 Bankruptcy, planned joint ventures with Teledesic, Ellipso – cancelled again 41 Routing (Passing Information Between satellites) • One solution: inter satellite links (ISL) • reduced number of gateways needed • forward connections or data packets within the satellite network as long as possible • only one uplink and one downlink per direction needed for the connection of two mobile phones • Problems: • more complex focusing of antennas between satellites • high system complexity due to moving routers • higher fuel consumption thus shorter lifetime • Iridium and Teledesic planned with ISL • Other systems use gateways and additionally terrestrial networks 42 Localisation of Mobile Stations • Mechanisms similar to GSM • Gateways maintain registers with user data – HLR (Home Location Register): static user data – VLR (Visitor Location Register): (last known) location of the mobile station – SUMR (Satellite User Mapping Register): • satellite assigned to a mobile station • positions of all satellites • Registration of mobile stations – Localisation of the mobile station via the satellite’s position – requesting user data from HLR – updating VLR and SUMR • Calling a mobile station – localization using HLR/VLR similar to GSM – connection setup using the appropriate satellite 43 Handover in Satellite Systems • Several additional situations for handover in satellite systems compared to cellular terrestrial mobile phone networks caused by the movement of the satellites – Intra satellite handover • handover from one spot beam to another Spot beams are used so that only earth stations in a particular intended reception area can properly receive the satellite signal. • mobile station still in the footprint of the satellite, but in another cell – Inter satellite handover • handover from one satellite to another satellite • mobile station leaves the footprint of one satellite – Gateway handover • Handover from one gateway to another • mobile station still in the footprint of a satellite, but gateway leaves the footprint – Inter system handover (VERTICAL?) • Handover from the satellite network to a terrestrial cellular network • mobile station can reach a terrestrial network again which might be 44 cheaper, has a lower latency etc. Bluetooth: “Personal Area” wireless connectivity •Universal radio interface for ad-hoc wireless connectivity •Interconnecting computer and peripherals, handheld devices, PDAs, cell phones – replacement of IrDA •Embedded in other devices, goal: £5/device (2002: £50/USB bluetooth), (Mini Bluetooth Network adapter USB £6) •Short range (10m), low power consumption, license-free 2.45 GHz ISM •Voice and data transmission, approx. 1 Mbit/s gross data rate •Bluetooth 2.0 Enhanced Data Rate (EDR) 2.1 Mbit/s 45 Inter-device connections Scenario 1: • PDA, mobile phone, laptop • PDA mobile phone: 1 cable • PDA laptop: another (different) cable • mobile phone laptop: yet another (different) cable Scenario 2: • desktop computer, PDA, laptop all need to use printer • again, more cables, hard to configure • standard wireless inter-device communication? 46 Bluetooth: The Rational • Standard, convenient device inter-connectivity • Mobile phones, headsets, PDAs, laptops: • coffee machines, utility meters, hi-fi equipment, etc. • Simple, low-cost, radio-based system: • simple, “wire-replacement” system, re-use existing standards • aiming for cost of ~£5 to build into a device • uses ISM radio band (2.4000-2.4835GHz) • http://www.bluetooth.com/ • Named after a Viking called Harald Bluetooth 47 Bluetooth: Characteristics • 2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier spacing – Channel 0: 2402 MHz … channel 78: 2480 MHz – G-FSK modulation, 1-100 mW transmit power • FHSS and TDD – Frequency hopping with 1600 hops/s – Hopping sequence in a pseudo random fashion, determined by a master – Time division duplex for send/receive separation • Voice link – SCO (Synchronous Connection Oriented) – FEC (forward error correction), no retransmission, 64 kbit/s duplex, point-to-point, circuit switched • Data link – ACL (Asynchronous Connectionless) – Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9 kbit/s symmetric or 723.2/57.6 kbit/s asymmetric, packet switched • Topology - Overlapping piconets (stars) forming a scatternet 48 Bluetooth Architecture: An overview •Two link types: • synchronous, connection oriented (SCO) • asynchronous, connection-less (ACL) • Bi-directional link (symmetric and asymmetric data rates) • Can use existing protocols, e.g. IP • Several profiles defined: • e.g. dial-up networking, headset, fax, LAN access • Products now becoming available in all almost all new mobile phones and some laptops 49 Bluetooth: Basic Components Four basic components to architecture: 1. RF component: for receiving and transmitting 2. Link control: for processing information to/from RF component 3. Link management: manages transmission process (media access) 4. Supporting applications: uses other three components through a well-defined interface 50 Bluetooth: Link Types SCO ACL • Packet-based • For data • Mainly for voice • Asymmetric: • Up to 3 simultaneous • 721Kb/s (either direction) channels supported + 57.6Kb/s reverse (64Kb/s each) direction • Can be used in parallel • Symmetric: with an ACL channel • 432.6Kb/s 51 Basic Communication Characteristics • Antenna power of 0dBm (1mW): • ~10m range • Optionally, 20dBm (100mW):100m range 1Mb/s max: • 721Kb/s available to user after protocol overhead Radio • 2.402-2.480GHz: • minor change in ES, FR, JP • FH-SS: • 79 channels • (23 channels, ES, FR, JP) • 1MHz spacing • Hop rate – 1600 hops/s: • 625ms timeslot • TDM slots • Possible interference: • 2.4GHz band used by IEEE802.11 wireless LANs 52 Basic Communication •Master-slave relationship • master initiates communication using PAGE or INQUIRY message • odd timeslots for master • even timeslots for slave(s) • Master-slave set-up: • 255 slaves, 8-bit address • 7 active slaves, 3-bit addresses •TDM timeslots are numbered: • use clock from master • 227 slots • Transmission in packets • Packet normally uses one timeslot: • one packet per freq. hop • can use up to 5 timeslots • Master-slave sync: • use of clocks, slaves sync with master 53 Basic Communication •Every device has a unique 48-bit •Piconet (single pico-cell): address. • single master •Instead, friendly Bluetooth names P • up to 255 slaves areS used, which can be set by the • only 7 active slaves at any S user. time M •If address P of another device • At power on: known: SB • in standby (sniff mode) S • send PAGE message • listen every 1.28s P SB • If address not known: • check one of 32 hop • send INQUIRY message frequencies for other • SDP is used to discover devices device capabilities SDP- service discovery protocol 54 Basic Communication … continues… General packet format • Header: • AM_ADDR (3) • type (4) • flow control (1) • ARQN (1) • SEQN (1) • HEC (8) 68(72) 54 access code packet header AM_ADDR active member address ARQN automatic repeat request number HEC head error correction SEQN sequence number 0-2745 payload Access code: • provides receiver sync • Payload: • indicates length and number of timeslots that will be used • contains CRC • if FEC used used, 5 parity bits added after each 10 bits, including CRC bits • padding may be required for FEC usage access code header payload 72bits 54bits 0-2745 bits 55 Forming a piconet • All devices in a piconet hop together – Master gives slaves its clock and device ID • Hopping pattern: determined by device ID (48 bit, unique worldwide) • Phase in hopping pattern determined by clock • Addressing – Active Member Address (AMA, 3 bit) – Parked Member Address (PMA, 8 bit) P S SB SB S SB M P SB SB SB S SB SB P SB SB StandBy SB 56 SB Error Correction 3 options: • 1/3 rate FEC • 2/3 rate FEC • CRC + ARQ • Packet header: • always uses 1/3 rate FEC • Data: • 2/3 rate FEC • (15,10) shortened Hamming code •Corrects all 1-bit errors in 10 bits and detects all 2-bit errors •may need 0-9 bits of padding • CRC + ARQ: • (not always used) • ACK or NAK for each pkt • Un-numbered scheme, i.e. stop-wait scheme ARQ: automatic repeat request 57 Power Saving Modes •Different power modes: • conserve battery life • Active mode: • normal operation • Sniff mode: • less power than active mode • listen to network • e.g. standby Hold mode: • less power than sniff mode • clock remains sync’d • e.g. inactive slave, retains 8-bit piconet address • Park mode: • less power than hold mode • no contact with master • does not retain piconet addr 58 Interface Support • Can emulate different interface protocols, e.g.: • USB (universal serial bus) • RS232 • PC card (for laptops) • Uses a serial cable emulation protocol: • allows use of PPP etc. (point-to-point protocol) • Allows use of telephony protocols: • TCS binary (telephony control protocol) • Hayes AT commands 59 Bluetooth Protocol Stack TCP/UDP AT modem commands IP TCS BIN SDP BNEP PPP Audio RFCOMM (serial line interface) Logical Link Control and Adaptation Protocol (L2CAP) Link Manager Protocol Baseband Bluetooth Radio AT: attention sequence TCS BIN: telephony control protocol specification – binary BNEP: Bluetooth network encapsulation protocol SDP: service discovery protocol RFCOMM: radio frequency comm. 60 Protocol Architecture •Bluetooth radio: • transmit and receive • Baseband: • physical RF control • LMP(Link Manager Protocol): • link setup • authentication • power mode control • connection states in piconet (master or slave) L2CAP(logical link control and adaptation): • SCO and ACL link types • segmentation and reassembly (max SDU size is 64Kbytes) • SDP(Service Discovery): • selects usage model or profile • exchange of device capability information • RFCOMM(Radio Freq. Communications: • serial line “emulation”61 Protocol Architecture Addressing Transmission control • 48-bit IEEE address (similar to Ethernet address) BD_ADDR • Within a piconet: • one master • many slaves • members of piconet • 8-bit piconet PM_ADDR • 3-bit AM_ADDR • Freq. hopping sequence: • derived from BD_ADDR of master • Access codes used for signalling: • derived from BD_ADDR • access codes used as part of the every packet • allows sync of receiver clock BD-ADDR - Bluetooth device address 62 Example usage methods Modern emulator or driver PPP AT modem commands Modern emulator or driver SDP RFCOMM (L2CAP) IP SDP PPP RFCOMM (L2CAP) •Dial-up networking: • serial line emulation • e.g. wireless modem for access • LAN access: • dial-up server emulation • e.g. wireless access point for multiple users 63 Security •Easy wireless connectivity for roaming devices • Bluetooth security modes 1, 2, 3 • Mode 1: insecure • Mode 2: servicelevel security (not required at link setup) • Mode 3: link-level security (required at link set-up) •Authentication: • challenge-response • device authentication • Link-level encryption: • Bluetooth specific algorithms • Key generation mechanism: • private user key (128bits) used to generate session encryption key (8-128bits) • Random number generation 64 Security … continues User input (initialization) PIN (1-16 byte) Pairing PIN (1-16 byte) E2 Authentication key generation (possibly permanent storage) E2 link key (128 bit) Authentication link key (128 bit) E3 Encryption key generation (temporary storage) E3 encryption key (128 bit) Encryption encryption key (128 bit) Keystream generator Keystream generator payload key Ciphering payload key Cipher data Data Data 65 Networking Piconet: • a single Bluetooth cell • multiple cells could overlap • devices in overlap of cells can form an ad hoc piconet P scatternet • Scatternet – a single device: • is in multiple piconets • has more than one master • still maturing – may be used in IEEE802.15 WPANs S P S M P Scatternet S S S P SB M M=Master SB S=Slave P=Parked SB=Standby P P M SB S Piconets (each with a capacity of < 1 Mbit/s) S P SB SB S Piconet 1 Piconet 2 66 Summary •Inter-device communication: • many standards • many different cables • Bluetooth provides: • common wireless connectivity (not really mobility) • cheap • potentially, standard connectivity for any device, including consumer electronics • primitive networking - scatternet 67