BLUETOOTH

Bluetooth radio interface basics:

Running in the 2.4 GHz ISM band, Bluetooth employs frequency hopping
techniques with the carrier modulated using Gaussian Frequency Shift Keying
(GFSK). The hopping carrier enables interference to be avoided by Bluetooth
devices. A Bluetooth transmission only remains on a given frequency for a
short time, and if any interference is present the data will be re-sent later
when the signal has changed to a different channel which is likely to be clear
of other interfering signals. The standard uses a hopping rate of 1600 hops
per second, and the system hops over all the available frequencies using a
pre-determined pseudo-random hop sequence based upon the Bluetooth
address of the master node in the network.
adopt the use of frequency hopping system rather than a direct sequence
spread spectrum approach because it is able to operate over a greater
dynamic range. If direct sequence spread spectrum techniques were used
then other transmitters nearer to the receiver would block the required
transmission if it is further away and weaker.

Bluetooth channels and frequencies:

Bluetooth frequencies are all located within the 2.4 GHz ISM band. The ISM
band typically extends from 2 400 MHz to 2 483.5 MHz (i.e. 2.4000 - 2.4835
GHz). The Bluetooth channels are spaced 1 MHz apart, starting at 2 402 MHz
and finishing at 2 480 MHz. This can be calculated as 2401 + n, where n
varies from 1 to 79.

This arrangement of Bluetooth channels gives a guard band of 2 MHz at the

bottom end of the band and 3.5 MHz at the top.

There are also some Bluetooth frequency accuracy requirements for

Bluetooth transmissions. The transmitted initial centre frequency must be
within 75 kHz from the receiver centre frequency. The initial frequency
accuracy is defined as being the frequency accuracy before any information
is transmitted and as such any frequency drift requirement is not included.

In order to enable effective communications to take place in an environment

where a number of devices may receive the signal, each device has its own
identifier. This is provided by having a 48 bit hard wired address identity
giving a total of 2.815 x 10^14 unique identifiers.

Bluetooth modulation:
The format originally chosen for Bluetooth in version 1 was Gaussian frequency shift
keying, GFSK, however with the requirement for higher data rates two forms of
phase shift keying were introduced for Bluetooth 2 to provide the Enhanced Data
Rate, EDR capability.
Gaussian frequency shift keying: When GFSK is used for the chosen form of
Bluetooth modulation, the frequency of the carrier is shifted to carry the
modulation. A binary one is represented by a positive frequency deviation and a
binary zero is represented by a negative frequency deviation. The modulated signal
is then filtered using a filter with a Gaussian response curve to ensure the sidebands
do not extend too far either side of the main carrier. By doing this the Bluetooth
modulation achieves a bandwidth of 1 MHz with stringent filter requirements to
prevent interference on other channels. For correct operation the level of BT is set
to 0.5 and the modulation index must be between 0.28 and 0.35.
Phase shift keying: Phase shift keying is the form of Bluetooth modulation used
to enable the higher data rates achievable with Bluetooth 2 EDR (Enhanced Data
Rate). Two forms of PSK are used:

/4 DQPSK: This is a form of phase shift keying known as /4 differential

phase shift keying. It enables the raw data rate of 2 Mbps to be achieved.

8DPSK: This form of Bluetooth modulation is eight point or 8-ary phase shift
keying. It is used when link conditions are good and it allows raw data rates
of up to 3 Mbps to be achieved.

The enhanced data rate capability for Bluetooth modulation is implemented as an

additional capability so that the system remains backwards compatible.
The Bluetooth modulation schemes and the general format do not lend themselves
to carrying higher data rates. For Bluetooth 3, the higher data rates are not
achieved by changing the format of the Bluetooth modulation, but by working
cooperatively with an IEEE 802.11g physical layer. In this way data rates of up to
around 25 Mbps can be achieved.
Bluetooth power levels
The transmitter powers for Bluetooth are quite low, although there are three
different classes of output dependent upon the anticipated use and the range
required.
Power Class 1 is designed for long range communications up to about 100m
devices, and this has a maximum output power of 20 dBm.
Next is Power Class 2 which is used for what are termed for ordinary range devices
with a range up to about 10m, with a maximum output power of 6 dBm.
Finally there is Power Class 3 for short range devices. Bluetooth class 3 supports
communication only up to distances of about 10cm and it has a maximum output
power of 0 dBm.
Power control is mandatory for Bluetooth Class 1, but optional for the others,
although its use is advisable to conserve battery power. The appropriate power level
can be chosen according to the RSSI, Received Strength Signal Indictor reading.

Bluetooth power level choice and RSSI

In order to conserve battery power, the lowest transmitted power level consistent
with a reliable link should be chosen. Assuming that power level control is available,
the power level is chosen according to an RSSI reading. If the RSSI indication falls
below a given level, the Bluetooth power level can be increased to bring the RSSI
level up to an accepted level.
The value of any RSSI figure is arbitrary as it is simply used to provide an indication
of when the signal level and hence the transmitted power level needs to be
increased or decreased.

The Bluetooth specification does define a maximum bit error rate of 0.1% and this
equates to a minimum requirement for the receive sensitivity of -70dBm. This
figures for sensitivity then lead to the distances achievable for the different power
levels, although today's receivers are generally more sensitive than those that were
used to baseline the specification at its launch.
The Bluetooth radio interface provides rugged physical layer without any
unnecessary complications to carry the required data from one device to the next.
With many devices being physically small and not having large battery capacity
levels, the radio interface has been designed to keep power consumption low, while
still providing the required capabilities.

Bluetooth data file transfer, links &

codec
Bluetooth data transfer can be achieved using a variety of different data packet types
and using different forms of links - asynchronous links and synchronous links
These different Bluetooth data file transfer formats provide flexibility, but they are
invisible to the user who sees a connection being made and Bluetooth data being
transferred.

Bluetooth links
There are two main types of Bluetooth link that are available and can be set up:

ACL Asynchronous Connectionless communications Link

SCO Synchronous Connection Orientated communications link

The choice of the form of Bluetooth link used is dependent upon the type of Bluetooth
data transfer that is required.

Bluetooth ACL
The ACL or Asynchronous Connectionless Communications Link is possible the most
widely used form of Bluetooth link. The ACL Bluetooth link is used for carrying framed
data - i.e. data submitted from an application to logical link control and adaptation
protocol channel. The channel may support either unidirectional or bidirectional
Bluetooth data transfer.

There is a variety of different ACL formats that can be used - most of them incorporate
forward error coding, FEC as well as header error correction to detect and correct errors
that may occur in the radio link.
The Asynchronous Bluetooth link provides connections for most applications within
Bluetooth. Data transfers like this are normally supported by profiles which allow the
data to be incorporated into frames and transferred to the other end of the Bluetooth
link where it is extracted from the frames and passed to the relevant application.
The ACL is enables data to be transferred via Bluetooth 1 at speeds up to the maximum
rate of 732.2 kbps. This occurs when it is operating in an asymmetric mode. This is
commonly used because for most applications there is far more data transferred in one
direction than the other. When a symmetrical mode is needed with data transferred at
the same rate in both directions, the data transfer rate falls to 433.9 kbps. The
synchronous links support two bi-directional connections at a rate of 64 kbps. The data
rates are adequate for audio and most file transfers.
When using Bluetooth 2 enhanced data rate, data rates of 2.1 Mbps may be achieved.
Also asynchronous links can be granted a quality of Service, QoS by setting the
appropriate channel parameters.

Bluetooth SCO
The SCO or Synchronous Connection Orientated communications link is used where data
is to be streamed rather than transferred in a framed format.
The SCO can operate alongside the ACL channels, and in fact needs one ACL to
configure the SCOs.
A Bluetooth master node can support up to three simultaneous SCL channels and these
can be split between up to three slave nodes.
The idea of the SCO is to ensure that audio data can be streamed without suffering
delays waiting for frames or packet slots to become available. The SCO communications
links is assigned guaranteed time slots so that they will be transported at the required
time with a known maximum latency.
A further form of link known as an eSCO or Extended SCO was introduced with version
1.2 of the Bluetooth standard. Originally no acknowledgement had been sent, whereas
using the eSCO greater reliability is provided to the Bluetooth link by sending an
acknowledgement and allowing a limited number of re-transmissions if data is
corrupted. In view of the latency requirements, re-transmissions are only allowable until
the next guaranteed time slot, otherwise new data would be delayed.

Bluetooth codec

Within the core specification, there are a number Bluetooth codec types that are
included. These Bluetooth codecs are relatively basic and are not used for audio,
including stereo music applications which would use the ACL.
Any Bluetooth codec is intended to provide telephone standard audio, limiting the audio
bandwidth to around 4 kHz.
The codecs are often CVSD, Continuously Variable Slope Delta modulation, based and
their advantage is that they provide a minimum latency solution so there are no issues
with synchronisation. As a result they may often be used with applications such as video
phones, etc..

Bluetooth Host - L2CAP, SDP & GAP

The higher layer protocols within the Bluetooth stack are also known as the Bluetooth
Host. This is responsible for the communications between the applications and the
controller.
Unlike the higher layer stack, the lower layers undertake the connections between
devices without need to reference the higher layers or Bluetooth host.

Bluetooth host main elements

There are three main elements that are included in the higher layer stack or Bluetooth
host:

L2CAP - Logical link control and adaptation protocol

SDP - Service discovery protocol

GAP - Generic access protocol

These Bluetooth stack components are fundamental to all the profiles and transports
within the overall Bluetooth system.

Bluetooth L2CAP
The Bluetooth L2CAP or logical link control and adaptation protocol is used to provide an
interface for all the data applications that use the ACL links.

The Bluetooth L2CAP provides multiplexing between the higher layer protocols. This
enables multiple applications to utilise the same lower layer links.
In its basic mode the L2CAP enables the following configurability with the packet
payload:

672 bytes as default.t

48 bytes as minimum supported figure.

64k bytes as maximum figure.

The L2CAP achieves the transmission of the large data packets by segmenting and then
at the receiver, re-assembling the packets so that the data can be fitted into the limits
of the lower layer data packets.
The L2CAP also supports flow control and retransmission, performing CRC checks. The
latest specifications support two L2CAP modes over those originally included:

Streaming Mode, SM : This is a basic L2CAP mode with no re-transmission or

flow control. Its simplicity is its advantage, but it does not provide the reliability
of the other modes.

Enhanced Retransmission Mode, ERTM: This mode is an update to the

original retransmission mode and gives improved performance.

Any error checking and reliability enhancements can be provided by the lower layers.

Bluetooth SDP
The SDP or service discovery protocol is a key element of the Bluetooth ad-hoc
networking capability.
The Bluetooth SDP allows a Bluetooth device to discover and make many connections
during the course of its life. It enables the devices to discover what services other
Bluetooth devices support, and also lists everything that the Bluetooth device is capable
of supporting.
The Bluetooth SDP uses the Universal Unique Identifier, UUID. Services supported by the
Bluetooth Sig are given a short form UUID of 16 bits rather than the complete 128 bits
that would otherwise be required.
A profile known as the Service Discovery Applications Profile, or SDAP, is often confused
with the Bluetooth SDP. This defines how devices can interrogate each other's SDP after
and L2CAP link has been established.

All Bluetooth devices implement the features of an SDP client as well as having and SDP
server database.

Bluetooth GAP
The Bluetooth GAP or generic access protocol defines the way that Bluetooth devices
are able to discover each other and establish connections. It is one of the most basic
Bluetooth profiles, but is used by every other profile as the foundation for establishing a
link
The Bluetooth GAP can set the Bluetooth device into one of three different discovery
modes:

General discovery

Limited discovery

Non-discoverable

The Bluetooth GAP controls the formation of a connection by controlling the inquiry and
paging routines. It also looks after pairing and controls the use of security and
encryption.
Finally the Bluetooth GAP enables the Bluetooth device to be set into connectable or
non-connectable modes.

Bluetooth profiles
In order to enable Bluetooth devices to communicate properly with each other,
Bluetooth profiles are used. A Bluetooth profile is effectively a wireless interface
specification for communication between Bluetooth devices.
In order to be able to operate, a Bluetooth device must be compatible with a subset of
the profiles available sufficient to enable it to utilise the desired Bluetooth services.

Bluetooth profile basics

A Bluetooth profile resides on top of the Bluetooth Core Specification and possibly above
any additional protocols that may be used. While a particular Bluetooth profile may use
certain features of the core specification, specific versions of profiles are rarely linked to
specific versions of the core specification. In this way upgrades are achieved more
easily.

The way a particular Bluetooth device uses Bluetooth technology depends on its
Bluetooth profile capabilities. The Bluetooth profiles provide standards which
manufacturers follow to allow devices to use Bluetooth in the intended manner.
At a minimum, each Bluetooth profile specification contains details of the following
topics:

Dependencies on other formats

Suggested user interface formats

Specific parts of the Bluetooth protocol stack used by the protocol. To perform its
task, each profile uses particular options and parameters at each layer of the
stack. This may include an outline of the required service record, if appropriate.

Bluetooth profiles
Overviews of the different Bluetooth profiles are tabulated below:
BLUETOOTH
PROFILE

DETAILS

Advanced Audio
Distribution
Profile (A2DP)

This Bluetooth profile defines how stereo quality audio can be streamed from a
media source to a sink.
This Bluetooth profile defines two roles of an audio device: source and sink:

Audio/Video
Remote Control
Profile (AVRCP)

1.

Source (SRC): A device is the SRC when it acts as a source of a digital

audio stream that is delivered to the SNK of the piconet.

2.

Sink (SNK): A device is the SNK when it acts as a sink of a digital audio
stream delivered from the SRC on the same piconet.

This Bluetooth profile provides a standard interface to control audio visual

devices including televisions, stereo audio equipment, and the like. It allows a
single remote control (or other device) to control all the equipment to which a
particular individual has access.
The AVRCP Bluetooth profile defines two roles:
1.

Controller: The controller is normally the remote control device

2.

Target: As the name suggests, this si the device that is being

controlled or targeted and whose characteristics are being altered

This Bluetooth profile protocol specifies the scope of the AV/C Digital Interface
Command Set that is to be used. This protocol adopts the AV/C device model
and command format for control messages and those messages are transported
by the Audio/Video Control Transport Protocol (AVCTP).
When using AVRCP, the controller detects the user action, i.e. button presses,
etc and then translates them into the A/V control signal. This control signal is
transmitted it to the remote Bluetooth enabled device. In this way, the functions
available for a conventional infrared remote controller can be realized over

BLUETOOTH
PROFILE

DETAILS
Bluetooth, thereby providing a mode robust form of communications.

Basic Imaging
Profile (BIP)

This Bluetooth profile details how an imaging device can be remotely controlled,
how it may print, and how it can transfer images to a storage device. This
Bluetooth profile is naturally intended for cameras and other devices that can
take pictures, including mobile phones now.
The Basic Image Profile, BIP defines two roles:
1.

Imaging Initiator: This is the device that initiates this feature.

2.

Imaging Responder: As the name implies, this si the device that

responds to the initiator.

The overall profile may be considered to have the following actions:

Basic Printing
Profile (BPP)

1.

Image Push: This function allows the sending of an image from a

device controlled by the user.

2.

Image Pull: This function within the Bluetooth profile allows browsing
nd retrieval of images from a remote device, i.e. pulling images from a
remote source.

3.

Advanced Image Printing: This provides for the printing of images

using a number of advanced options.

4.

Automatic Archive: This function enables the automatic backup of all

new images from a target.

5.

Remote Camera: This function allows the remote control of a camera

by an initiator.

6.

Remote Display: This allows for the Imaging Initiator to push images to
another device for display.

This Bluetooth profile allows devices to send text, e-mails, v-cards, images or
other information to printers based on print jobs.
As would be expected te Basic Printing Profile, BPP defines two roles:
1.

Printer: This is the device that manipulates the data to be printed.

Typically this would be a physical printer.

2.

Sender: This is a device, possible a mobile phone or other form of user

equipment, UE, that needs to print some data, but without wanting the
full overhead of a print driver.

The advantage of using the Basic Print Profile, BPP rather than the HCRP is that
it does not need any printer-specific drivers. This makes it particularly applicable
for use with embedded devices such as mobile phones and digital cameras.
Common ISDN
Access Profile
(CIP)

This Bluetooth profile details the way in which ISDN traffic can be transferred via
a Bluetooth wireless connection. It is typically used in Bluetooth enabled office
equipment that is ISDN enabled.
The CIP defines two roles within the Bluetooth profile:
1.

Access Point (AP): This node is connected to the external network and

BLUETOOTH
PROFILE

DETAILS

acts as an endpoint for it. It handles all the interworking associated with
the external ISDN
2.

Cordless
Telephony Profile
(CTP)

Dial-Up Network
Profile (DUN)

Fax Profile (FAX)

File Transfer
Profile (FTP)

ISDN Client (IC): This is the remote node accessing the Access Point via
the Bluetooth wireless network or link

This Bluetooth profile defines how a cordless phone can be implemented using
Bluetooth. This Bluetooth profile is aimed at use for either a dedicated cordless
phone or a mobile phone acting as a cordless phone when close to a CTP
enabled base station. The aim of this Bluetooth profile was to allow a mobile
phone to use a Bluetooth CTP gateway connected to a landline when within the
home or office, and then use the mobile phone network when elsewhere.
Two roles are defined within this Bluetooth profile:
1.

Terminal (TL): This is the user equipment, and may be a cordless

phone or a mobile phone, etc.

2.

Gateway (GW): The gateway acts as the access point for the terminal
to the landline or other network.

This Bluetooth profile details a standard for accessing the Internet and other
dial-up services via a Bluetooth system. This may be required when accessing
the Internet from a laptop by when using a mobile phone, PDA, etc as a wireless
dial-up modem.
This user Bluetooth profile defines two roles for the Bluetooth nodes:
1.

Gateway (GW): This is the Bluetooth node or device that provides the
access to the public network and ultimately the Internet.

2.

Data Terminal (DT): This is the remote node that interfaces with the
Gateway via the Bluetooth wireless link.

This Bluetooth profile defines how a FAX gateway device can be used. This
Bluetooth profile may be needed when a personal computer uses a mobile
phone as a FAX gateway to send a FAX.
There are two roles for this Bluetooth profile
1.

Gateway (GW): This is the Bluetooth enabled device that provides

facsimile services.

2.

Data Terminal (DT): This device connects via the Bluetooth wireless
link to be able to send its FAX.

This Bluetooth profile details the way in which folders and files on a server can
be browsed by a client device. This Bluetooth profile may be used for
transferring files wirelessly between two PCs or laptops, or browsing and
retrieving files on a server.
Two roles are defined for this Bluetooth profile:
1.

Client: This is the device that initiates the operation and pushes or
pulls the files to or from the server.

BLUETOOTH
PROFILE

DETAILS

2.

General
Audio/Video
Distribution
Profile (GAVDP)

Generic Object
Exchange Profile
(GOEP)

Hands-Free
Profile (HFP)

Server: This is the target device and it is remote from the device that
pushes or pulls the files.

This Bluetooth profile provides the basis for the A2DP and VDP Bluetooth
profiles. These are used for systems designed for distributing video and audio
streams using Bluetooth technology. This may be used in a variety of scenarios,
e.g. with a set of wireless stereo headphones and a music player - the music
player sends messages to the headphones to establish a connection or adjust
the stream of music, or vise versa.
Two roles are defined within this Bluetooth profile:
1.

Initiator (INT): This device initiates the signalling procedure.

2.

Acceptor (ACP): This device responds to the incoming requests from

the initiator.

This Bluetooth profile is used to transfer an object from one device to another.
One example may be in the exchange of vCards between devices such as
mobile phones, PDAs, etc.
Two roles are defined within this Bluetooth profile:
1.

Server: For this Bluetooth profile, this is the device that provides an
object exchange server for which data objects can be pushed or pulled.

2.

Client: This is the device that can pushes or pulls data to and from the
server.

The HFP Bluetooth profile details the way in which a gateway device may be
used to place and receive calls for a hands-free device. This profile adds
considerable additional functionality over the original Headset Profile, HSP,
allowing remote control, etc. The Bluetooth profile defines two roles:
1.

Audio Gateway (AG): The audio gateway is normally the mobile phone
of car kit and it provides connectivity to the source of the voice data.

2.

Hands-Free Unit (HF): This is the device which acts as the remote
audio input and output mechanism for the Audio Gateway. It also
provides some remote control means.

The Handsfree Bluetooth profile uses a CVSD codec for voice transmission cross
the Bluetooth link and it also defines a number of voice control features
including volume.
Hard Copy Cable
Replacement
Profile (HCRP)

This Bluetooth profile defines how driver-based printing is achieved over a

Bluetooth link. As might be expected, it is used for wireless links for printing and
scanning.
Two roles are defined within this Bluetooth profile:
1.

Server: This is the server device that offers the HRCP service - typically
it is a printer.

2.

Client: The client is a device containing a print driver on which the

client device wishes to print - typically this may be a laptop or other

BLUETOOTH
PROFILE

DETAILS

computer wishing to print documents.

Headset Profile
(HSP)

Human Interface
Device Profile
(HID)

The Bluetooth Headset Profile details how a Bluetooth enabled headset

communicates with a Bluetooth enabled device. As might be anticipated the
Bluetooth Headset Profile was aimed at defining how Bluetooth headsets may
connect to a mobile phone or installed car kit. It defines two roles:
1.

Audio Gateway: The device that is the gateway of the audio both for
input and output. This would typically be a mobile phone, car kit, or a
PC.

2.

Headset: The Headset is defined within the Bluetooth Headset Profile

as the device acting as the remote audio input and output connected to
the gateway via the Bluetooth link.

This Bluetooth profile details the protocols, procedures and features to be used
by Bluetooth keyboards, mice, pointing and gaming devices and remote
monitoring devices.
Two roles are defined within this Bluetooth profile:
1.

Human Interface Device (HID): The device providing the human data
input and output to and from the host. Typical examples may be a
keyboard or a mouse.

2.

Host: The device using the services of a Human Interface Device. This
may typically be a computer or laptop, etc

Intercom Profile
(ICP)

This profile details the way in which two Bluetooth enabled mobile phones in the
same network can communicate directly with each other, i.e. acting as an
intercom. As the intercom usage is completely symmetrical, there are no
specific roles defined for this Bluetooth profile. However when using the
Intercom Profile, the devices at either end of the link will be denoted as a
Terminal (TL).

Object Push
Profile (OPP)

This Bluetooth profile details the roles of a push server and a push client. These
roles need to interoperate with the server and client device roles defined within
the GOEP Bluetooth profile.
The OPP defines two roles:

Personal Area
Networking
Profile (PAN)

1.

Push Server: This is the device within this Bluetooth profile that
provides an object exchange server

2.

Push Client: This device pushes and pulls objects to and from the Push
Server and initiates the actions.

This Bluetooth profile details the way in which two or more Bluetooth enabled
devices can form an ad-hoc network. It also details how the same mechanism
can be used to access a remote network through a network access point.
The PAN is somewhat more complicated than other Bluetooth profiles and
requires the definition of three roles:
1.

Network Access Point (NAP) and NAP Service: In view of the similarities
with Ethernet networks, the NAP can be considered as being equivalent

BLUETOOTH
PROFILE

DETAILS

an Ethernet bridge to support network services.

Service
Discovery
Application
Profile (SDAP)

Service Port
Profile (SPP)

Synchronization
Profile (SYNC)

Video
Distribution
Profile (VDP)

2.

Group Ad-hoc Network (GN) and GN Service: - A Bluetooth device that

supports the GN service is able to forward Ethernet packets to each of
the Bluetooth devices that are connected within the PAN.

3.

PAN User (PANU) and PANU Service: As the name indicates the PANU is
the Bluetooth device that uses either the NAP or the GN service

The SDAP is a Bluetooth profile that describes how an application should use the
Service Discovery Procedure, SDP to discover services on a remote device. SDAP
can adopt a variety of approaches to managing the device discovery via Inquiry
and Inquiry Scan and service discovery via SDP. The ideas contained in the SDAP
specification augment the basic specifications provided in GAP, SDP, and the
basic processes of device discovery.
The SDAP defines two roles as given below:
1.

Local Device (LocDev): This is the Bluetooth deveice that initiates the
service discovery procedure.

2.

Remote Device (RemDev): There may be one or more RemDevs and

these are any device that participates in the service discovery process
by responding to the service inquiries it may receive from a LocDev.

This Bluetooth profile details the way in which virtual serial ports may be set up
and how two Bluetooth enabled devices may connect.
This Bluetooth profile defines two roles for communication to proceed:
1.

Device A: The Device A is recognised as the device that initiates the

formation of a connection to another device. It may also be thought of
as the Initiator.

2.

Device B: This may be thought of as the Acceptor and it is the device

that responds to an Initiation process.

This Bluetooth profile is used in conjunction with GOEP to enable

synchronization of calendar and address information (personal information
manager (PIM) items) between Bluetooth enabled devices.
There are two main roles within this Bluetooth profile:
1.

IrMC Server: The device that takes on the role of object exchange
server will become the IrMC Server. Typically this device will be the
mobile phone, PDA, etc.

2.

IrMC Client: This device is typically a PC, and it is the device that
contains the sync engine and pulls and pushes the PIM data to and from
the IrMC server.

This Bluetooth profile details how a Bluetooth enabled device is able to stream
video over a Bluetooth link. It could be used in a variety of scenarios such as
streaming video data from a storage areas such as on a PC to a mobile player,
or from a video camera to a television, etc.

BLUETOOTH
PROFILE

DETAILS
There are two roles defined within this Bluetooth profile:
1.

Source (SRC): As the name suggests the SRC is the origination point of
the streamed video on the piconet.

2.

Sink (SNK): Within this Bluetooth profile, the SNK is the destination for
the digital video stream on the same piconet as the SRC.

There are over twenty different Bluetooth profiles, each having their own function.
Naturally some of these Bluetooth profiles are used more than others, but each one may
be used in a variety of different places and applications.

Bluetooth network connection &

pairing
Bluetooth networks often operate as a single connection, or a Bluetooth network may
involve many devices. Bluetooth also allows for a scheme known as Bluetooth pairing
where devices can quickly associate.
The Bluetooth specification defines a variety of forms of Bluetooth network connection
that may be set up. In this way Bluetooth networking is a particularly flexible form of
wireless system for use in a variety of short range applications.

Bluetooth network connection basics

There are a variety of ways in which Bluetooth networks can be set up. In essence
Bluetooth networks adopt what is termed a piconet topology. In this form of network,
one device acts as the master and it is able to talk to a maximum of seven slave nodes
or devices.
The limit of seven slave nodes in a Bluetooth network arises from the three bit address
that is used. This number relates to the number of active nodes in the Bluetooth
network at any given time.

Bluetooth scatternets
Bluetooth network connections are also able to support scatternets, although because
of timing and memory constraints this form of Bluetooth network has rarely been

implemented. For a Bluetooth scatternet, a slave node or slave device is able to share
its time between two different piconets. This enables large star networks to be built up.

Bluetooth connection basics

The way in which Bluetooth devices make connections is more complicated than that
associated with many other types of wireless device. The reason for this is the
frequency hopping nature of the devices. While the frequency hopping reduces the
effects of interference, it makes connecting devices a little more complicated.
Bluetooth is a system in which connections are made between a master and a slave.
These connections are maintained until they are broken, either by deliberately
disconnecting the two, or by the link radio link becoming so poor that communications
cannot be maintained - typically this occurs as the devices go out of range of each
other.
Within the connection process, there are four types of Bluetooth connection channel:

Basic piconet channel: This Bluetooth connection channel is used only when
all 79 channels are used within the hop-set - it is now rarely used as the Adaptive
piconet channel is more often used as it provides greater flexibility.

Adapted piconet channel: This Bluetooth connection channel is used more

widely and allows the system to use a reduced hop-set, i.e. between 20 and 79
channels. Piconet channels are the only channels that can be used to transfer
user data.

Inquiry channel: Theis Bluetooth connection channel is sued when a master

device finds a slave device or devices within range.

Paging channel: This Bluetooth connection channel is sued where a master

and a slave device make a physical connection.

Bluetooth pairing
In order that devices can connect easily and quickly, a scheme known as Bluetooth
pairing may be used. Once Bluetooth pairing has occurred two devices may
communicate with each other.

Bluetooth pairing is generally initiated manually by a device user. The Bluetooth link for
the device is made visible to other devices. They may then be paired.
The Bluetooth pairing process is typically triggered automatically the first time a device
receives a connection request from a device with which it is not yet paired. In order that
Bluetooth pairing may occur, a password has to be exchanged between the two devices.
This password or "Passkey" as it is more correctly termed is a code shared by both
Bluetooth devices. It is used to ensure that both users have agreed to pair with each
other.
The process of Bluetooth pairing is summarised below:

Bluetooth device looks for other Bluetooth devices in range: To be found by

other Bluetooth devices, the first device, Device 1 must be set to discoverable
mode - this will allow other Bluetooth devices in the vicinity to detect its
presence and attempt to establish a connection.

Two Bluetooth devices find each other: When the two devices: Device 1 and
device 2 find each other it is possible to detect what they are. Normally the
discoverable device will indicate what type of device it is - cellphone, headset,
etc., along with its Bluetooth device name. The Bluetooth device name is the can
be allocated by the user, or it will be the one allocated during manufacture.

Prompt for Passkey: Often the default passkey is set to "0000", but it is
advisable to use something else as hackers will assume most people will not
change this.
However many more sophisticated devices - smartphones and computers - both
users must agree on a code which must obviously be the same for both.

Device 1 sends passkey: The initiating device, Device 1 sends the passkey that
has been entered to Device 2.

Device 2 sends passkey: The passkeys are compared and if they are both the
same, a trusted pair is formed, Bluetooth pairing is established.

Communication is established: Once the Bluetooth pairing has occurred, data

can be exchanged between the devices.

Once the Bluetooth pairing has been established it is remembered by the devices, which
can then connect to each without user intervention.
If necessary, the Bluetooth pairing relationship may be removed by the user at a later
time if required.

Bluetooth Security
Bluetooth security issues are an important factor with any Bluetooth device or system.
As with any device these days that provide connectivity, security is an important issue.
There are a number of Bluetooth security measures that can be incorporated into
Bluetooth devices to prevent various security threats that can be posed.
One of the main requirements for Bluetooth is that it should be easy to connect to other
devices. However Bluetooth security needs to be balanced against the ease of use and
the anticipated Bluetooth security threats.
Much work has been undertaken regarding Bluetooth security, however it remains high
on the agenda so that users can use their Bluetooth devices with ease while keeping the
security threats to a minimum.

Bluetooth security basics

Bluetooth security is of paramount importance as devices are susceptible to a variety of
wireless and networking attacking including denial of service attacks, eavesdropping,
man-in-the-middle attacks, message modification, and resource misappropriation.
Bluetooth security must also address more specific Bluetooth related attacks that target
known vulnerabilities in Bluetooth implementations and specifications. These may
include attacks against improperly secured Bluetooth implementations which can
provide attackers with unauthorized access.
Many users may not believe there is an issue with Bluetooth security, but hackers may
be able to gain access to information from phone lists to more sensitive information that
others may hold on Bluetooth enabled phones and other devices.
There are three basic means of providing Bluetooth security:

Authentication: In this process the identity of the communicating devices are

verified. User authentication is not part of the main Bluetooth security elements
of the specification.

Confidentiality: This process prevents information being eavesdropped by

ensuring that only authorised devices can access and view the data.

Authorisation: This process prevents access by ensuring that a device is

authorised to use a service before enabling it to do so.

Security measures provided by the Bluetooth

specifications

The various versions of the specifications detail four Bluetooth security modes. Each
Bluetooth device must operate in one of four modes:

Bluetooth Security Mode 1: This mode is non-secure. The authentication and

encryption functionality is bypassed and the device is susceptible to hacking.
Bluetooth devices operation in Bluetooth Security Mode 1. Devices operating like
this do not employ any mechanisms to prevent other Bluetooth-enabled devices
from establishing connections. While it is easy to make connections, security is
an issue. It may be applicable to short range devices operating in an area where
other devices may not be present. Security Mode 1 is only supported up to
Bluetooth 2.0 + EDR and not beyond.

Bluetooth Security Mode 2: For this Bluetooth security mode, a centralised

security manager controls access to specific services and devices. The Bluetooth
security manager maintains policies for access control and interfaces with other
protocols and device users.
It is possible to apply varying trust levels and policies to restrict access for
applications with different security requirements, even when they operate in
parallel. It is possible to grant access to some services without providing access
to other services. The concept of authorisation is introduced in Bluetooth security
mode 2. Using this it is possible to determine if a specific device is allowed to
have access to a specific service.
Although authentication and encryption mechanisms are applicable to Bluetooth
Security Mode 2, they are implemented at the LMP layer (below L2CAP).
All Bluetooth devices can support Bluetooth Security Mode 2; however, v2.1 +
EDR devices can only support it for backward compatibility for earlier devices.

Bluetooth Security Mode 3: In Bluetooth Security Mode 3, the Bluetooth

device initiates security procedures before any physical link is established. In this
mode, authentication and encryption are used for all connections to and from the
device.
The authentication and encryption processes use a separate secret link key that
is shared by paired devices, once the pairing has been established.
Bluetooth Security Mode 3 is only supported in devices that conform to Bluetooth
2.0 + EDR or earlier.

Bluetooth Security Mode 4: Bluetooth Security Mode 4 was introduced at

Bluetooth v2.1 + EDR.

In Bluetooth Security Mode 4 the security procedures are initiated after link
setup. Secure Simple Pairing uses what are termed Elliptic Curve Diffie Hellman
(ECDH) techniques for key exchange and link key generation.
The algorithms for device authentication and encryption algorithms are the same
as those defined in Bluetooth v2.0 + EDR.
The security requirements for services protected by Security Mode 4 are as
follows:

Authenticated link key required

Unauthenticated link key required

No security required

Whether or not a link key is authenticated depends on the Secure Simple Pairing
association model used. Bluetooth Security Mode 4 is mandatory for
communication between v2.1 + EDR devices.

Common Bluetooth security issues

There are a number of ways in which Bluetooth security can be penetrated, often
because there is little security in place. The major forms of Bluetooth security problems
fall into the following categories:

Bluejacking: Bluejacking is often not a major malicious security problem,

although there can be issues with it, especially as it enables someone to get their
data onto another person's phone, etc. Bluejacking involves the sending of a
vCard message via Bluetooth to other Bluetooth users within the locality typically 10 metres. The aim is that the recipient will not realise what the
message is and allow it into their address book. Thereafter messages might be
automatically opened because they have come from a supposedly known contact

Bluebugging: This more of an issue. This form of Bluetooth security issue

allows hackers to remotely access a phone and use its features. This may include
placing calls and sending text messages while the owner does not realise that
the phone has been taken over.

Car Whispering: This involves the use of software that allows hackers to send
and receive audio to and from a Bluetooth enabled car stereo system

In order to protect against these and other forms of vulnerability, the manufacturers of
Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth
security lapses do not arise with their products.