2 Background
2.2 Bluetooth Low Energy
Bluetooth is a wireless technology allowing electronic devices to perform short range wireless communication between each other. The classic Bluetooth is originally designed for continuous, streaming data applications like voice and has successfully eliminated wires in many consumer as well as industrial and medical applications. The usage and development of Bluetooth technology are regulated by the Bluetooth Special Interest Group (SIG). The group, which has over 20000 member companies, is responsible for defining the Bluetooth specification as well as to certify that the developed products conform to these specified standards. It operates between 2400 MHz to 2485 MHz, which lies within the globally unlicensed ISM band.
Bluetooth Low Energy (BLE), also known as Bluetooth Smart, is the new generation standard designed by the Bluetooth SIG to support new applications in the healthcare, fitness, security and home entertainment fields in June 2010. The latest specification v4.2 was released on December 2014, which is currently supported by company development kit. BLE is the evolution of current so-called “classic Bluetooth”
standard. It focuses on ultra-low power consumption, which is very suitable for coin cell batteries or energy-harvesting devices. More detailed information about this section can be found in Bluetooth specification v4.2 [1].
2.2.2 Classic Bluetooth vs BLE
The BLE standard is not back-compatible with the classic Bluetooth. Although it reuses existing radio architecture and Host Controller Interface (HCI) transports and Logical Link Control and Adaptation (L2CAP) packets, many new features are introduced such as efficient discovery / connection procedures, very short packets, asymmetric design for peripherals and client server architecture, etc. Table 2.2 lists the main difference between these two Bluetooth standards.
15
Feature Classic Bluetooth BLE Notes
RF Channels 79 40 Less channels
Channel Bandwidth 1MHz 2MHz Double bandwidth
Modulation GFSK GFSK Simple and effective
Modulation Index 0.25 to 0.35 0.45 to 0.55 Wider signal – more robust Max TX Power +20 dBm (class 1)
+4 dBm (class 2) +10 dBm No “class” structure +10 dBm regulatory limit Rx Sensitivity
(typical) -85 dBm -85 dBm Pathloss = 90 dB for classic
Pathloss = 95 dB for BLE
Range (typical) 30 meters 50 meters Modulation Index,
increased power for class 2
Packet Format 6 2 Advertising / Data for BLE
Max Packet Length 2875 μs 328 μs BLE very short
Max Throughput
Data Rate 2178.1 kb/s 305 kb/s BLE is slower
Encryption Safer+ AES-128 BLE stronger
Discoverable +
Connectable Inquiry + Page Scan
22.5 ms / 1.25 s Advertising
1.25 ms / 1.25 s 20x lower energy Connection time 20 ms (R0 Page Scan) 2.5 ms 8x quicker
Table 2.2 Main difference between BLE and classic Bluetooth 2.2.3 Protocol Stack Architecture
The Bluetooth Core system is shown in Figure 2.6 [19], consisting of a Host, a Primary Controller and zero or more Secondary Controllers. A minimal implementation of a BLE-only core system covers the four lowest layers and associated protocols defined by the Bluetooth specification as well as two common service layer protocols: the Security Manager (SM) and Attribute Protocol (ATT). The overall profile requirements are specified in the Generic Attribute Profile (GATT) and Generic Access Profile (GAP). In this project, we mainly focus on Link Layer in the BLE controller which handles advertising, scanning, creating and maintaining connections.
16 Figure 2.6 BLE protocol stack architecture [19]
2.2.4 Operation States & Roles
In BLE systems, there are five operating states in the link layer state machine: Standby, Advertising, Scanning, Initiating and Connection. The description is shown in Table 2.3.
State State Description
Standby Does not transmit or receive packets Advertising Broadcasts advertisements in
advertising channels
Scanning Looks for advertisers
Initiating Initiates connection to advertiser
Connection
Master
Role Communicates with device in the Slave role, defines timings of transmissions Slave
Role Communicates with single device in Master Role
Table 2.3 BLE operating states
The Link Layer may have more than one instance of the state machine at any time. However, the Link Layer state machine allows only one state to be active at a time and a BLE device cannot be master and slave at the same time. The state diagram of the Link Layer state machine is shown in Figure 2.7.
17 Figure 2.7 State diagram of the Link Layer state machine
BLE GAP layer defines four profile roles: Broadcaster, Observer, Peripheral and Central. Here we only introduce Peripheral and Central roles which are most relevant to our project. A peripheral device is assumed to be a low-power device that exposes information and is able to make connections. It uses connectable advertising packets to broadcast information that any other BLE device within range can hear.
The state machine is shown in Figure 2.8 with valid states blue.
Figure 2.8 State machine of peripheral role
A central device is usually a powered device, including a rechargeable battery and with a greater processing power with respect to peripheral ones (e.g., a smartphone or a tablet). Central devices implement a scanner modality, in which they listen for the advertisements and initiating connection request. The state machine is shown in Figure 2.9 with valid states blue.
18 Figure 2.9 State machine of central role
Differently from classic Bluetooth, peripheral and central devices are very asymmetric in their resource requirements. This technology has been projected having in mind to minimize complexity, power requirements and costs mainly on the peripheral side. This results in the fact that a peripheral device spends the majority of its life asleep, limiting its consumptions. It only wakes up when it needs to send data or interact with central devices.
2.2.5 Advertising & Scanning
The whole 2.4GHz Bluetooth band is allocated for 40 2MHz channels as is shown in Figure 2.10 [19]. 37 of these channels are reserved for data, only used by devices that have paired with each other. The remaining 3 channels are used for advertisements. These three channels were specifically chosen to avoid the main channels used by Wi-Fi access points, to minimize interferences.
Figure 2.10 Channel allocation for BLE and Wi-Fi [19]
19 When a peripheral wants to broadcast, it starts an advertising event, where the same packet is transmitted sequentially on each of the three advertising channels. Devices operating as scanners will detect one of these, and pass the information it contains to the higher level protocol stack and application.
Although the primary aim of advertising packets within the specification is to allow for the discovery of devices and make a secure connection, they also permit small amounts of data to be transmitted for other devices to hear. The advertising and active scanning procedure is shown in Figure 2.11 [19].
Figure 2.11 BLE advertising and active scanning procedure [19]
For advertising event, there are totally 7 air interface packets defined, which is shown in Table 2.4.
Type Packet Usage
0000 ADV_IND Connectable undirected advertising event 0001 ADV_DIRECT_IND Connectable directed advertising event 0010 ADV_NONCONN_IND Non-connectable undirected advertising event 0011 SCAN_REQ Scan request for further information from advertiser 0100 SCAN_RSP Response to scan request from scanner
0101 CONNECT_REQ Connect request by Initiator
0110 ADV_DISCOVER_IND Discoverable undirected advertising event Table 2.4 Advertising packets
The format of advertising packets is shown in Figure 2.12 [19]. The whole packet is defined as Preamble, Access Address, Packet Data Unit (PDU) and Cyclic Redundancy Check (CRC) field. The Preamble (0xaa) is used for frequency synchronization and Automatic Gain Control (AGC) training. The Access Address (0x8e89bedd6) is designed for packet detection. CRC is computed over PDU for error check.
20 Figure 2.12 Advertising packet format [19]
The PDU is composed of payload and header. In the header, packet type, TX/RX address type, payload length and field reserved for future use are defined.
All of our three ranging solutions are based on advertisement & scanning activity for the purpose of convenience. In the next chapters, there are more elaborative descriptions of how these features facilitate our solutions.
2.2.6 Frequency Hopping
Due to the unrestricted nature of the ISM band, BLE must overcome interference from other systems (e.g., Wi-Fi) and minimize its interference on other systems. BLE does this by using a Frequency Hopping Spread Spectrum (FHSS) technique. This spreads the RF power across the spectrum which reduces interference and the spectral power density. FHSS occurs while in a connection. The frequency hops among 37 data channels according to the channel selection algorithms.
The master’s Link Layer shall classify data channels into used channels and unused channels which are called the channel map. The slave shall receive the channel map from the master in connection request.
The channel map can be updated by the master using a channel update message.
The channel selection algorithm consists of two stages: calculation of the unused channel index and then mapping this index to a data channel index from the set of used channels. The complete procedure is shown in Figure 2.13 [1]. The unmappedChannel is the unmapped channel index for the current connection event. The lastUnmappedChannel is the unmapped channel index of the previous connection event which is 0 for the first connection event. At the start of a connection event, unmappedChannel shall be calculated using the following basic algorithm in Eq. (2.4) [1]:
unmappedChannel = (lastUnmappedChannel + hopIncrement) mod 37 (2.4) [1]
The algorithm then checks if the unmapped channel is used according to the channel map. If it is used, the algorithm will use the unmapped channel. Otherwise the channel is remapped to one of the used channels.
21 Figure 2.13 Block diagram of data channel selection algorithm [1]
2.2.7 Direct Test Mode
Direct Test Mode is used to control the Device-Under-Test (DUT) and provides a report back to the tester.
The BLE Test packet format shall be as shown in Figure 2.12 [1].
Figure 2.14 BLE test packet format [1]
Test packets are required for physical layer testing using Direct Test Mode. The test packet consists of the following fields: preamble (8 bit), synchronization word (32 bit), PDU header (8 bit), PDU length (8 bit), payload (296-2040 bit) and CRC (24 bit), in total 376-2120 bits. The packets do not have a PDU address field. Depending on the test, the packet payload content may vary. Depending on the test packet length, the test packet interval is defined in Table 2.5.
22 LE Test Packet Length Packet Interval
≤ 376 μs 625 μs
≥ 377 and ≤ 1000 μs 1250 μs
≥ 1001 and ≤ 1624 μs 1875 μs
≥ 1625 and ≤ 2120 μs 2500 μs
Table 2.5 BLE test packet length to packet interval