Bluetooth Low Energy

really god tutorial

http://www.imd.uni-rostock.de/ma/gol/lectures/embedded/Literatur/Low%20Energy%20Training.pdf

http://www.artechhouse.com/static/sample/Gupta-579_CH11.pdf

http://www.seekdl.org/nm.php?id=368

the BLE protocol stack differentiates between public and random device addresses. GAP extends the concept of random device addresses by classifying them into three different  cate‐gories:
1. Static address
Static addresses are typically used as a replacement for public ones whenever the manufacturer does not want or need the overhead of IEEE registration. A static
address is simply a random number that can either be generated every time the device boots up or can stay the same for the lifetime of the device. However, it cannot
be changed during a power cycle of the device.  (MSB 11)

2. Non-resolvable private address
This type of address is not commonly used. Also a randomly generated number, it represents a temporary address used for a certain amount of time. (MSB 00) 

3. Resolvable private address
Resolvable private addresses form the basis of the privacy feature. They are gener‐ated from an identity resolving key (IRK) and a random number, and they can be
changed often (even during the lifetime of a connection) to avoid the device beingidentified and tracked by an unknown scanning device. Only devices that possess
the IRK distributed by the device using a private resolvable address can actually resolve that address, allowing them to identify the device. (MSB 10)
Advertising Packet Type Connectable Scannable Directed GAP Name
ADV_IND                       Yes               Yes           No           Connectable Undirected Advertising
ADV_DIRECT_IND          Yes                No           Yes          Connectable Directed Advertising
ADV_NONCONN_IND       No                No           No           Non-connectable Undirected Advertising
ADV_SCAN_IND              No                Yes          No           Scannable Undirected Advertising
GAP roles: peripheral  vs central. A device may support various roles, but only one role can be adopted at a given time.

GAAT roles: client/server: direction of data
Link Layer roles: for a created connection: the master and the slave.

Many developers mistakenly try to associate the BLE GATT client and server roles with
GAP roles. There is no connection between those at all, and any device can be a GATT
client, server, or both, depending on the application and situation.

Consider, for example, a fitness tracker paired with a smartphone. The fitness tracker’s
GAP role is peripheral, and it acts as a GATT server when the phone requests data from
its sensors. It can also sometimes act as a GATT client when it requests accurate time
data from the smartphone to update its internal clock for data timestamping. The GATT
client/server roles depend exclusively on the direction in which the data requests and
responses transactions flow, whereas GAP roles stay constant as  peripheral for the fitness
tracker and central for the smartphone.

what about master/slave? master /slave depends on who makes the connection. the concept should be like GAP's central(master) , peripheral (slave)
BLE defines two device roles at the Link Layer for a created connection: the master and the slave.

A master can manage multiple simultaneous connections with different slaves, whereas each slave can
only be connected to one master. Thus, the network composed by a master and its slaves, which is
called a piconet, follows a star topology. Currently, a BLE device can only belong to one piconet.

In order to save energy, slaves are in sleep mode by default and wake up periodically to listen for 
possible packet receptions from the master. 
1) The master determines the instants in which slaves are 
required to listen, and thus coordinates the medium access by using a Time Division Multiple Access 
(TDMA) scheme. 

2)The master also provides the slave with the information needed for the frequency 
hopping algorithm (including the map of data channels to be used) and for the connection supervision. 

The parameters related with the management of a connection are transmitted in the Connection 
Request message and can be updated during the connection for various reasons (e.g.,  using a new data 
channel map due to a change of the interference pattern). 

Once a connection between a master and a slave is created, the physical channel is divided into 
non-overlapping time units called connection events. Within a connection event, all packets are 
transmitted using the same data channel frequency. 

Every connection event starts with the transmission of a packet by the master. If the slave receives a packet, the slave must send a packet to the master in 
response. However, the master is not required to send a packet upon receipt of a packet from the slave. 
At least, an  Inter Frame Space (IFS) of 150  µ s must pass between the end of the transmission of a 
packet  and the start of the next one. While master and slave continue to alternate in sending packets, 
the connection event is considered to be open. Data channel packets include a More Data (MD) bit 
which signals whether the sender has more information to transmit. If none of the devices has more 
data to transmit, the connection event will be closed and the slave will not be required to listen until
In BLE, the main goal of L2CAP is to multiplex the data of three higher layer protocols, ATT, 
SMP and Link Layer control signaling, on top of a Link Layer connection.
Pairing comprises three phases. 
1) In the first phase, the two  connected  devices announce their input/output capabilities and, based on these, they choose a suitable method for the second phase. 

2)The second phase has the purpose of generating the Short-Term Key (STK), which  will be used  in 
the third phase  to secure the distribution of key material.  In the second  phase,  the pairing devices  first 
agree on  a Temporary Key  (TK). Based on the TK, and on random values generated by each pairing device, the STK is 
obtained by both devices, which leads to the end of the second phase. 

3) In the third phase,  each endpoint of the connection may distribute to  the other endpoint up to three 
128-bit keys called the Long-Term Key (LTK), the Connection Signature Resolving Key (CSRK) and 
the Identity Resolving Key (IRK).
bluefig2.gif

Access Address /Access Code/ synchronization word(4 bytes)

The Access Address for all advertising channel packets shall be
10001110100010011011111011010110b (0x8E89BED6).

The Access Address in data channel packets shall be different for each Link
Layer connection between any two devices with certain restrictions. The Access Address shall be a random 32-bit value, generated by the
device in the Initiating State and sent in a connection request as defined in
Section 2.3.3.1. The initiator shall ensure that the Access Address meets the
following requirements:

math

Mconfirm = fc1 (TK, Mrand, SlaveADDR)
Sconfirm = fc1 (TK, Srand, MasterADDR)
fc1 = AESTK (padding || ADDR || random)

STK = fs1 (TK, Srand, Mrand)
fs1 = AESTK (Srand, Mrand)

LTK = f (EDIV, Rand) // LTK can be derived from EDIV /Rand. NIST special publication 900-108 could be used.

hash = AESIRK (random)

SNiff

http://processors.wiki.ti.com/index.php/BLE_sniffer_guide

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License