Bluetooth Low Energy is a protocol that enter in the big Bluetooth protocol family since 4.0 specification. It became pervesinve on smartphone and IoT device since its simplicity and power usage. In fact, due its simplicity, it requires very few power to be performed.
All bluetooth device can be diveded into 3 categories:
- Bluetooth classic (Bluetooth BR/EDR)
- Bluetooth dual mode (BR/EDR/LE, can communicate with all other Bluetooth devices)
- Blueooth single mode (BLE only)
Bluetooth LE is a stack protocol. All protocol can be grouped into 3 categories:
- Application: Logic, UI, Data Handling
- Host: “Bluetooth things” (GAP, GATT, L2CAP, ATT, SM, HCI)
- Controller: HCI, LL, PHY
This note (and attached slides) cover only the Host and Controller protocols.
In BLE a device can be a master (or, in the case of connectionless mode, an initializer) or a slave (that has advertise ability and accepts connections) or both.
There is no limits on the numbers of connected members, so we can see a network were a master is connected to multiple slaves or a slave is connected to multiple masters.
This is a Physical Layer. It manages analog communication circuitry, trasforms analog signal to digital one and is not so interested from my point of view.
It trasmits a signal with a 2.4GHz radio, using 40 channels from 2.4000 GHZ to 2.4835 GHz. 37 Channales are used for data communication, the remaining (3 channels) are used as advertising channels.
To avoid too many interferences, a tecnique called Frequency Hopping Spread Spectrum is used. It performs a change of channel used to trasmit with an arranged parameter.
In this layer the main bluetooth roles are defined. The possibile roles are:
- Advertiser (when there is not active connections)
- Scanner (w.r.t. advertiser)
- Master (when there is active connections)
- Slave (w.r.t. master)
It provides a reliable data link using a 24-bit CRC and retrasmits packets if errors are detected.
BLE Device Address
In this level a BLE device address is defined. It is a 48 bit number that uniquely identify a device. Two types of device address can be used:
- Public Device Address (fixed, like a standard bluetooth)
- Random Device Address (programmed or dinamically generated)
BLE has only one packet format and two types of packets: advertising or data packets.
Each advertising packet (and only this one) can carry up 31 bytes of payload. They are sent at fixed rate, defined by advertising interval (without any network negotiation).
Each connection has 3 proprieties:
- Connection interval (from 7.5ms up to 4s)
- Slave latency: This parameter gives the slave (peripheral) device the option of skipping a number of connection events.
- Connection supervision timeout
Host Controller Interface
Is a standard protocol that allows for the communication between a host and a controller to take place across a serial interface. Is a “glue” protocol.
Logical Link Control and Adaptation Protocol (L2CAP)
This protocol implements a protocol multiplexer that permits to communicate from the upper layers and encapsulates the packets into standard BLE packet format. It performs fragmentation and recombination, breaks packets up into chucks that fit into 27-byte maximum payload.
Is a stateless client/server protocol based on attributes presented by a device. Each server contains data organized as “attributes”, each of which is assigned a 16-bit attribute handle, a UUID, a set of permissions and a value.
The security manager is used to
- Exchange keys
- Encrypt connections
- Hide a public BLE Address
First of all, to start a pairing alogirthm, the negotiation of a Short Term Key is needed. It can be perform with 3 methods:
- Just works!
- Passekey Display (insert a key in one device generated by other one)
- Out of band
Generic ATTribute (GATT)
It is build on the ATT and adds a hierarchy and data abstraction model on top of ATT. It is a backbone of BLE data trasfer. Data are encapsulated in services, with one or more characteristics.
Each service and characteristic is identify by a UUID. A UUID (Universally Unique ID) is a unique 128-bit number used to identify the services. Some UUID are defined in the Bluetooth Specs and are smaller (16 ore 32 bits).
The smallest data entity are the attributes. Attribute is an abstract concept for storing data. Each attribute has some metadata that specific which ATT operation can be executed with some permissions.
Each attribute has an handle associated with it, used to identify the attribute on a particular GATT server. The maximum length of data is 512 bytes, by the specification. No restriction exists on data types.
Attributes in a GATT server are grouped into services, each of which can contains zero or more characteristics. Characteristic is a data container, with declaration and value.
Below there is a screenshot that shows what is possible to read from a Mi Band with BLE scanning. I hope that after this short post you are able to understand the response.