Beyond Beaconing: Emerging Applications and Challenges of BLE

Jian Yanga,∗, Christian Poellabauera, Pramita Mitrab, Cynthia Neubeckerb

aDepartment of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN 46556, USA bResearch and Advanced Engineering, Ford Motor Company, Dearborn, MI 48121, USA

Abstract As an emerging technology with exceptional low energy consumption and low-latency data transmissions, Bluetooth Low Energy (BLE) has gained significant momentum in various application domains, such as Indoor Positioning, Home Automation, and Wireless Personal Area Network (WPAN) communications. With various novel protocol stack features, BLE is finding use on resource-constrained sensor nodes as well as more powerful gateway devices. Particularly proximity detection using BLE beacons has been a popular usage scenario ever since the release of Bluetooth 4.0, primarily due to the beacons’ energy efficiency and ease of deployment. However, with the rapid rise of the Internet of Things (IoT), BLE is likely to be a significant component in many other applications with widely varying performance and Quality-of-Service (QoS) requirements and there is a need for a consolidated view of the role that BLE will play in applications beyond beaconing. This paper comprehensively surveys state-of-the-art applications built with BLE, obstacles to adoption of BLE in new application areas, and current solutions from academia and industry that further expand the capabilities of BLE. Keywords: Bluetooth Low Energy, BLE, Communication, Applications, Low Power, Low Latency.

1. Introduction continuously broadcast an identifier to nearby BLE receivers [3]. This has enabled a multitude of prox- Bluetooth Low Energy (BLE), also known as imity detection solutions, i.e., the beacons allow de- Bluetooth Smart, is an emerging short-range wire- vices such as smartphones and tablets to perform less technology aiming at low-power, low-latency, certain actions when in close proximity to a bea- and low-complexity communications. With its deep con. Examples of using BLE Beacons include in- market penetration (e.g., Bluetooth is available door positioning [4, 5], activity recognition [6, 7], on almost all laptops, tablets, and smartphones), and vehicle network wake-up system [8] . BLE has become an attractive alternative to many existing wireless communications technologies [1]. However, in addition to proximity detection, A new implementation of the Bluetooth protocol BLE-based systems are also used to connect wire- stack allows BLE to operate for very long time peri- less sensors and receivers in a variety of healthcare ods using only a coin-cell battery [2]. BLE also pro- and smart home applications. Because of its ubiqui- vides new approaches to wireless communications tous presence in commercial devices and low-energy compared to the Bluetooth Basic Rate/Enhanced requirements, recently a few less traditional domain Data Rate (BR/EDR) supported by Classic Blue- of applications are investigating the use of BLE, tooth, as described later in the paper. such as Vehicular Ad Hoc Networks (VANETs) [9, One of the most popular BLE applications is its 10], smart infrastructure [11, 12, 13], multimedia use in BLE Beacons, which is a class of devices that streaming devices [14, 15, 16], mobile payment sys- tems [17, 18], etc. However, such emerging ap- plications are often unable to utilize BLE with- ∗Corresponding author out modification or enhancements. Obstacles to Email addresses: [email protected] (Jian Yang), the widespread adoption of BLE (besides beacon- [email protected] (Christian Poellabauer), [email protected] (Pramita Mitra), [email protected] ing) include the lack of support for large and dy- (Cynthia Neubecker) namic data transmissions, mesh networking, inter-

Preprint submitted to Journal of Ad Hoc Networks August 28, 2019 Traditional Indoor Positioning Inherent Low-latency Application Domains Systems Functions Transmission

Health Monitoring Home Automation Secure M ultiple forms of Communication networking BLE Emerging Application Domains Enhancements Enhanced Data Smart Infrastructure M obile Payment Transmission Interoperability

Privacy M esh N etwork VAN ET / M AN ET Data Streaming Protection

Figure 1: Taxonomy of BLE applications and their challenges and solutions. operability with other wireless technologies, and se- 2. BLE: Current Functions and Revisions curity/privacy protection. BLE was first introduced in 2010 by the Blue- tooth Special Interest Group (SIG) as part of the While there have been solutions proposed, both Bluetooth 4.0 specification [19], which defined the in academia and industry, to address these chal- overall architecture and implementation details of lenges, there are still many remaining opportunities BLE. Since then, there have been several revi- to ensure BLE’s success in different domains. This sions of the Bluetooth core specification: Bluetooth paper provides a comprehensive review of emerging 4.1 [20], Bluetooth 4.2 [21], Bluetooth 5.0 [22], and application domains of BLE, the challenges BLE Bluetooth 5.1 [23]. Major improvements by these faces in these domains, and solutions that have been revisions address power management, throughput, proposed. Figure 1 presents a taxonomy of BLE communication range, latency, and security issues applications and their supporting techniques that with BLE. This section describes the primary ar- will be discussed in this paper. The inherent func- chitecture, current functions, and major evolution tions of BLE provide the basis for both primary and of BLE. emerging applications, while emerging applications often require enhanced features that have not yet 2.1. BLE Stack been developed. Therefore, we will first introduce the current functionality of BLE and review sev- The protocol stack of BLE maintains a simi- eral typical examples of each application domain. lar lower layer structure as Classic Bluetooth, but Then we focus on recent proposed BLE enhance- also provides revised implementations and a few ments regarding challenges in Data Transmission, new layers, such as the General Attribute Pro- Mesh Network, Interoperability and Privacy Protec- file (GATT) and the Attribute Protocol (ATT). tion. Figure 2 shows the simplified stack for three ma- jor types of Bluetooth chipsets: Classic Blue- tooth, Dual Mode, and BLE-only. For compat- The rest of this paper is structured as follows. ibility reasons, the Bluetooth Dual Mode chipsets In Section 2, we introduce the primary functions were introduced to support both Low Energy and of BLE and highlight its most important features BR/EDR communications, which are commonly provided by various protocol revisions. Section 3 seen on phones and tablets. BLE-only chipsets are summarizes and discusses emerging application do- typically installed on cost- and resource-constrained mains and their characteristics. Then in Section 4, devices. we present a comprehensive survey of existing mod- The implementation of the BLE stack layers fo- ifications and enhancements of BLE for specific ap- cuses on low-latency and low energy consumption. plication scenarios and discuss open challenges and Several highlights of the stack layers can be summa- issues for future BLE applications. Finally, we con- rized as follows. First, the Physical (PHY) Layer clude the paper with a review of our insights in of BLE defines 40 Radio Frequency (RF) channels Section 5. in the 2.4 GHz band, among which three channels 2 2.2. Built-in Functions BLE was originally designed for applications in the rising IoT industry where Classic Bluetooth may be found less efficient. The new implementa- tion of the BLE stack protocol inherently provides novel features with respect to data transmission, networking, and security. In this subsection, we discuss these built-in features of BLE and how they can be used to support various application domains.

2.2.1. Data Transmission The Link Layer defines one packet format (Fig- ure 3) used for both advertising packets (also known as advertisements) and data channel pack- Figure 2: A simplified protocol stack for three types of Blue- tooth chipsets (adapted from [24]). ets, which support connectionless and connection- based communication, respectively. These two types of communication dispense with the slow and low-responsive pairing mechanism used in Classic Bluetooth, which makes the protocol more attrac- are defined as advertising channels for disseminat- tive to several novel application domains. ing data and 37 data channels are used for bidi- rectional exchange of messages in established con- Preamble Access Addr. Packet Data Unit (PDU ) CRC nections. The Link Layer (LL) defines two interac- 1 Byte 4 Bytes 2 - 37Bytes 3 Bytes tion patterns between two devices: 1) connection- Header MIC Payload less communication, i.e., two devices act as adver- 16 bits 32 bits tiser and scanner, where the advertiser broadcasts data packets and the scanner can receive them; 2) Figure 3: The data packet format. connection-based communication, i.e., the scanner and the advertiser are able to establish a bidirec- The Preamble, Access Address, and Cyclic Re- tional connection and adopt the role of central and dundancy Check (CRC) fields are defined for easy peripheral, respectively. The Host Controller Inter- control by the Link Layer, with regard to differ- face (HCI) is a standard protocol that takes care ent communication scenarios. Data is transmitted of the communication between the Host and Con- via the Packet Data Unit (PDU) payload, with the troller. Header identifying its type and size. In connectionless communications, data is broad- On top of the HCI sits the Logical Link Control cast directly via advertisement payloads and all and Adaptation Protocol (L2CAP), which is a pro- neighbors (i.e., nodes in wireless range) can receive tocol in common with Classic Bluetooth. It handles it. Since the payload is limited to a certain size (31 the data from lower layers and encapsulates them bytes in Bluetooth 4.1), a single advertisement can into the standard BLE packet format for upper lay- transmit only very short messages. Splitting and ers’ use and vice versa. The serial port protocols reassembling data for multiple advertisements can (Serial Port Profile and RF Communication Proto- help with large data transmissions, but there will col) in Classic Bluetooth are replaced by two novel be a trade-off between data volume, transmission layers in BLE stack: the ATT and GATT. These overhead, and packet loss. Therefore, connection- two layers handle the data interaction between ap- less communication is typically used for BLE bea- plication and stack layers when connection-based coning, where beacons operate as advertisers and BLE communications are used (Section 2.2.1). Fur- continuously broadcast a specific packet containing thermore, the Generic Access Profile (GAP) and information for various purposes. The advertising Security Manager Protocol (SMP) (not shown) han- process consumes very little energy and the theo- dle the general link management and security func- retical life of a BLE beacon powered by a coin cell tions in BLE communications. battery can be up to 14 years [25]. 3 An advertiser is able to announce its availability cast network on advertising channels; on the other for connections by setting the PDU header in out- hand, the central or peripheral in an existing pi- going advertisements accordingly, so that the re- conet or scatternet are also able to advertise and ceiving scanner can initiate a connection request. scan, resulting in a scatternet that involves both A connection will be established once the adver- advertising and data channels. There could be mul- tiser receives and accepts the connection request, tiple combinations of such scatternets. and then the advertiser becomes a peripheral and A more complex network topology, which offers the scanner becomes a central. The data exchange path diversity that can cope with radio propaga- will then be processed based on the GATT rules via tion impairments and node failures, is the mesh net- one of the 37 data channels. work. This type of network has been introduced in Connection-based communication uses the BLE specifications starting from version 4.2, where same packet format, with the Message Integrity a node can act as central and peripheral simulta- Check (MIC) field used for encrypted transmission neously. In late 2017, the Bluetooth SIG released checks. The adaptive frequency hopping mechanism a set of specifications and profiles that define BLE is applied to data channels, with the purpose of mesh networking on top of current BLE stacks [26]. minimizing channel interference and maintaining However, no implementations or tests of mesh net- a low loss rate. The GATT further defines the works have yet been provided by the group. Related rules of exchanging data. The peripheral acts as problems, such as dynamic address allocation, net- a GATT server that stores data in the form of a work topology mapping, and routing, also require set of services. Each service contains a number further exploration. of characteristics that take the length of a single PDU. The connected central device, known as GATT client, is able to discover, read, and write to 2.2.3. Security the services and characteristics according to their In general, Bluetooth has potential vulnerabili- permissions. As an example, if we have a heart rate ties that fall into three categories: 1) passive eaves- monitor acting as a peripheral, its GATT server dropping, 2) man in the middle (MITM) attacks, will contain a Heart Rate Sensor service with a and 3) identity tracking. Heart Rate characteristic. This characteristic will Passive eavesdropping is the process where a include the sensor data and the access permissions third device listens to the data being exchanged (e.g., [60bpm, Read Only]). between two connected devices. BLE addresses this by encrypting the data being transferred us- 2.2.2. Networking ing AES-CCM encryption at the Link Layer. The The central-peripheral relationship of AES-CCM encryption is considered secure as long connection-based BLE communications is sim- as the key is unpredictable. ilar to the master-slave relationship in BR/EDR MITM attacks occur when a malicious device im- communications, where a central device is allowed personates two other legitimate devices, in order to to connect to multiple peripherals. Therefore, fool these devices into connecting to it. In this sce- this communication mode supports the most basic nario, both the central and peripheral will connect network topology, a piconet that is composed of one to the malicious device, which in turn routes the central and multiple peripherals. Unlike BR/EDR traffic between the two other devices. This gives the slaves, BLE peripherals do not share a common legitimate devices the illusion that they are directly physical channel with the central, i.e., each periph- connected to each other when in fact their connec- eral communicates on a separate physical channel tion has been compromised. This setup not only with the central. Since Bluetooth 4.1, each device allows the malicious device to intercept all the data has the capability to operate simultaneously in being sent, but also allows it to inject false data into both roles in different piconets, thus providing the communication or remove data before it reaches opportunities to form larger scatternets. its intended recipient. LE Secure connections were Furthermore, the connectionless communication introduced in version 4.2 to address this problem, operates on different physical channels (three adver- where three steps are required before exchanging tising channels), and can coexist with connection- data: 1) a pairing feature exchange, 2) key gen- based communications (on data channels). On one eration via Elliptic Curve Diffie Hellman (ECDH) hand, advertisers and scanners can form a broad- encryption, and 3) authentication. 4 Finally, identity tracking is where a malicious en- advertising channels: primary and secondary. The tity is able to associate the address of a BLE de- primary advertising channels are the same three vice with a specific user and then physically track advertising channels available in previous versions, that user based upon the presence of the BLE de- while the secondary advertising channels use the re- vice. BLE addresses this by periodically changing maining 37 BLE channels (formerly defined solely the device address to make it untraceable. as data channels). The secondary advertising chan- nels can exploit frequency hopping, just like data 2.3. BLE Versions channels. The recently released Bluetooth 5.1 pro- Since the release of version 4.0, several revisions vides further enhancements in connection latency of the Bluetooth specification have been published, and location services to better support indoor lo- with enhancements in data rate, payload, power calization services. Both version 5.0 and 5.1 were consumption, and security. Table 1 summarizes the designed towards a more IoT-friendly goal, e.g., us- major differences between these versions. ing a more advanced power management design to maximize the life time of battery-powered devices.

Table 1: Comparison of Bluetooth versions Version 4.0 4.1 4.2 5.0 & 5.1 3. Application Domains Multi-Roles No Yes PDU Up to Up to Payload 31 bytes 255 bytes BLE’s low-energy performance and widespread LE Secure No Yes deployment in mobile devices makes it an excel- IoT Limited Medium High lent candidate for a variety of applications, includ- Support ing many emerging application domains. Tradi- Advertising 3 Primary Ch. 3 Channels Channels 37 Secondary Ch. tional application scenarios can take advantage of Data Rate 1 Mbps 2 Mbps all inherent BLE functionality immediately and in- Effective 50 m (Line of Sight) 200 m (Line of Sight) clude examples found in Indoor Positioning Sys- Range 10 m (Indoor) 40 m (Indoor) tems (IPS), Health Monitoring, and Home Automa- Battery Life Shorter Longer tion. In contrast, many emerging applications can- not readily use BLE and thereby may require fur- Bluetooth 4.0 explicitly prohibits a peripheral to ther modifications or enhancements, including ap- participate in multiple connections (or assume mul- plications in smart infrastructure, vehicular net- tiple roles) simultaneously with other central de- works, mobile payments and data streaming. In vices. Version 4.1 and later incorporate a funda- this section, we briefly summarize the traditional mental change with regard to the roles each device application domains of BLE, and review some at- can play when multiple connections are present. tempts of using BLE in emerging domains. That is, a device, regardless of its Link Layer role, can run multiple Link Layer instances simultane- ously without limitation. Therefore, a peripheral 3.1. Traditional Application Domains is allowed to be simultaneously connected to more BLE was designed for specific applications suited than one central device. for a static, low-energy environment. To provide Version 4.2 introduces major enhancements an easy and fast development process, each BLE where the maximum PDU payload can be up to chipset comes with a built-in list of uniform type 255 bytes, compared to only 31 bytes in previous identifiers, which cover some basic services or data versions. This version also provides additional sup- types in IPS, Health Monitoring, and Home Au- port for IoT capabilities, such as low-power IP [27] tomation. These are the three main application and Internet gateways [28]. In terms of security, domains where BLE has been increasingly imple- the LE Secure Connections were introduced in this mented, tested and deployed. Table 2 summarizes version, which utilize the ECDH algorithm for key the built-in BLE features used in these domains. generation, in order to protect against MITM at- IPS are systems that can determine the posi- tacks. tion of an object or a person in a limited physical Bluetooth 5.0 is regarded as a significant leap for- space [40]. A simplified structure of an IPS is based ward compared to previous versions, with claims on the periodical execution of two steps: 1) sensors such as “twice the speed” and “four times the or receivers receive signals from transmitting de- range” [22]. This version also defines two types of vices and 2) distributed devices or a central unit 5 As a sub-domain of IoT, Home Automation is Table 2: Summary of Traditional BLE Application Domains App BLE Range of one of the major drivers for the design of BLE. Ap- Examples Domains Built-in Features Interest plications in such domain are usually deployed in a connectionless comm, < 30m IPS [5, 29, 30, 31, 32] low energy (workspace) limited area (< 15m) with more interactions among GATT profile, Health < 1.5m sensors, actuators, and gateways. BLE also defines piconet networking, [33, 34, 35, 36] Monitoring (body area) privacy protection a set of GATT services related to home monitoring GATT profile, data, providing simple and direct data extraction Home < 15m piconet networking, [37, 2, 38, 39] Automation (living area) for common data types. By virtue of its low-power privacy protection consumption, BLE has been implemented by many sensors and actuators [37], replacing other wireless estimate parameters to calculate the approximate technologies, such as Wi-Fi or ZigBee. Some archi- position of the object [41]. The Received Signal tectures [2, 38, 39] also apply BLE as a key part of Strength Indicator (RSSI) is usually collected for the gateway in smart homes, where BLE will play distance estimation. The RSSI values can be part the central role to coordinate among sensors and of the metadata transmitted with BLE advertise- actuators. ments, thus supporting the positioning system in a simple manner. Such applications only rely on 3.2. Emerging Application Domains connectionless BLE communications and thus con- Apart from the above applications that can be di- sume very limited energy. Typically, a set of BLE rectly supported by BLE, there are numerous other Beacons deployed in a workspace can support posi- applications that can benefit from BLE-based com- tioning services for several years without changing munications. Most applications in these domains battery. are currently supported by other wireless technolo- The advent of BLE has also attracted consid- gies, but BLE can provide complementary features erable interest in the development of personal or to, or expand functionality of systems using hybrid human-centric networks. The continuous transmis- networking technologies. sion of body sensor readings usually requires low latency and low power. Figure 4 shows the general 3.2.1. Smart Infrastructure structure of a wireless health monitoring system, where BLE can easily connect a set of body sensors Smart infrastructure is the cornerstone for smart to the smartphone by forming a piconet. For the city development. It intelligently connects energy ease of development, the GATT profile provides a systems, buildings and industries to adapt and list of identifiers specifically for health service data, evolve the way we live and work. We have reached such as Blood Pressure, Glucose, Heart Rate, Pulse a state of “infrastructure maturity”, especially in Oximeter, etc. For the Health Monitoring appli- developed economies, where the value of new in- cations that are primarily interested in body area frastructure is far outweighed by the value of ex- (< 1.5m) communications, the inherent BLE fea- isting infrastructure [43]. Applying digital tech- tures satisfy most of the technical requirements in nologies to existing infrastructures offers the po- regards to latency, energy consumption and privacy tential to use our assets more intelligently, and bet- protection. ter meeting social needs. Wi-Fi and cellular solu- tions have provided stable and robust services in this field, but when it comes to local services, BLE can make it much easier for people to actively inter- act with buildings and other infrastructures in their surroundings. The BLE-based services are more re- Patient M edical Service sponsive, even without Internet connectivity. Such examples include (but are not limited to): 1) iden- tifying certain groups of people in public areas [11], BLE Wi-Fi/ Cellular 2) logging and managing the usage and service sta- tus of power grid [44], and 3) monitoring extreme Signal Acquisition Storage weather conditions for farming automation [12]. Take the smart building as an example, a proof- Figure 4: Wireless health monitoring system structure [42]. of-concept work, NomaBlue [45] assigns buildings 6 as databases for spatial exploration in smart city ceived metadata. BlueNet also applied a dynamic scenarios. This system utilizes both beacons and role switching mechanism to provide each node with regular BLE transmitters for data dissemination a higher chance of being connected into the net- and device detection. Buildings equipped with BLE work. Their work also discusses the potential of beacons and servers act as the knowledge base that transferring BlueNet to V2I communications. stores spatial knowledge from users. Users with BLE transmitters can share spatial knowledge to The wide deployment of Bluetooth chips in other users or buildings when in the proximity. Spa- vehicles would greatly lower the cost of large- tial knowledge is then shared and propagated via scale deployment of V2V and V2I systems based numerous meet-ups, allowing the system to provide on BLE, when compared to technologies such on-demand knowledge requests for local users. The as Dedicated Wireless Short-Range Communi- system has been tested and evaluated without In- cation (DSRC). Therefore, BLE will be more ternet connection, and has been proven effective. prominent in resource-constraint situations, such Google’s Sidewalk Lab has also implemented simi- as Vehicle-to-Pedestrian (V2P) and Vehicle-to- lar ideas in the city of Toronto [46]. The city-wide Drones (V2D) communications. Some prelimi- deployment of BLE transmitters allow citizens to nary models [49, 50] have been developed recently be aware of people and events in the neighborhood, for pedestrian protection using connectionless BLE thus providing opportunities for more social con- communication. In these models, the GPS, speed, nections. and direction of pedestrian and vehicles will be Using BLE in smart infrastructures can comple- broadcast via BLE advertisement, and algorithms ment other wireless technologies by providing easy are developed based on the received data to predict and low-cost data transmission for local area, even collision risk. Based on these promising efforts and without Internet connection. We therefore see the results in VANETs, BLE can now also be a candi- potential of BLE to be used widely in future in- date for communication between other devices such frastructures to build a dynamic and low-cost con- as drones [51, 52] and robots [53], e.g., in the con- nected ecosystem. text of Mobile Ad Hoc Network (MANET) appli- cations. 3.2.2. Vehicular Ad Hoc Networks (VANETs) BLE may not be able to outperform other wire- VANETs are considered as one of the most less technologies due to its limited communications prominent technologies for improving the efficiency range and lack of diversity in supported types of and safety of modern transportation systems. In network topology, but it can serve as a decent com- a VANET, vehicle-to-vehicle (V2V) and vehicle-to- plementary technology in a system that utilizes a infrastructure (V2I) communication have attracted hybrid networking approach. Table 3 shows a com- a lot of interest in the research community. In 2014, parison between several existing wireless technolo- Frank et al. [47] first proposed to use BLE as an al- gies in VANETs. Though facing challenges in com- ternative technology for V2V communications. The munication range and data rate, the newly released idea was to utilize connection-based BLE commu- BLE mesh specification [26] still makes BLE com- nications, where each vehicle is initially assigned a petitive with respect to low cost and easy deploy- role of either central (C) or peripheral (P) and ex- ment when compared to Wi-Fi and DSRC. changes data with neighbors via C-P connections. For the same role communication (i.e., C-C or P- P), one of the vehicle will alter its role to set up the connection. This idea has been implemented Table 3: A Comparison of VANET Technologies [47] with a prototype [9] using BLE-equipped phones, BLE Wi-Fi DSRC and tested for single-hop and multi-hop communi- Bandwidth (MHz) 2 20/40 10 cations. Num. of Ch. 40 11 7 Yang et al. [10, 48] further proved and vali- Data rate (Mb/s) 1 600 27 dated a feasible approach (called BlueNet) for a dy- Max Power (mW) 10 100 2000 namic and self-organized vehicular network. Their Range (m) 50 100 1000 method encapsulated metadata into BLE advertise- Latency (ms) 6 50 1 ments so that each node in the network can decide whether to initiate a connection based on the re- 7 3.2.3. Mobile Payments be possible to build such solutions also with BLE. Current mainstream mobile payment methods 3.2.4. Multimedia Streaming (i.e., Near Field Communications (NFC), chip cards, carrier billing, etc.) are typically limited to There is also an increasing interest in BLE in ap- contact-based or very short range contact-less au- plications that require larger data exchange. The thentication, while BLE can provide more flexible data payload limit of BLE in connectionless mode payment experiences for consumers. For instance, is 31 bytes in version 4.1 and 255 bytes in version using BLE beacons it is possible to determine the 4.2 and after. Although the connection-based mode customer’s location in a store. From the seller’s does not have such a limit on data packets, large perspective, it is useful to be aware of a customer’s amounts of data may still need to fit into the GATT activity - entering the store or checking out. Based service and characteristics format. For certain ap- on current BLE functions, three different payment plications, such as multimedia streaming, the abil- scenarios can be presented, of which the second sce- ity to efficiently stream large amounts of data is an nario is based on an actual implementation by Pay- important criterion. Pal: Giovanelli et al. [14] proposed a data streaming design that adds a service composed of two specific • Replacing NFC with BLE - pay at cashier with characteristics, one for regular data exchanges and agreement on handset. the other is used to control the data stream from the • PayPal Beacon Hands Free [17] - pay at cashier central side, enabling it when set to 1 and disabling with verbal confirmation. it when set to 0. In this case, the central device will • “Take and Shake” - scan and pay on your own, only need to check the payload from second charac- no cashier needed. teristic to decide whether or not to receive the next Unlike the simple scheme of establishing a BLE regular incoming data packet, thus narrowing the connection, BLE-based mobile payment requires a gap between each packet transmission. more secure process of authentication, which ap- The size limit of data frames at the Link Layer plies to most BLE payment scenarios. Take the was also tested and explored in [15], where it was approach in [18] as an example, where the payment shown that with proprietary modifications at up- process usually consists of the following steps: 1) per layers, BLE throughput can go as high as 300 the merchant terminal receives BLE identifiers from kb/s, which is sufficient for most speech and music the product and the customer, then transmits mer- transmissions. In another study [16], the potential chant information related to the product back to for BLE beacons to transmit complex data, e.g., the customer device; 2) the customer device sends a images, was demonstrated. The proposed method request for making a payment; 3) the merchant ter- segments an image into multiple smaller units for minal initiates a transaction based on the product beaconing, while utilizing a retrieval algorithm on and customer information; 4) the customer device the receiver end to rebuild the images. receives and sends back a confirmation to autho- In most data streaming use cases, BLE is infe- rize the transaction and the amount; 5) the mer- rior to other wireless technologies, such as Clas- chant terminal replies with the confirmation once sic Bluetooth, Wi-Fi and cellular radios, primar- the transaction is completed. Certain systems may ily in terms of achievable data rate. However, it also include two factor authentication approaches still shows great potential as a back-up method, es- to secure the process. The recently opened Ama- pecially for resource-constraint scenarios, such as zon Go store is believed to incorporate BLE as part emergency communication in a natural disaster. of the solution for automatic checkout [54]. As BLE has already been applied in VANET 4. Solutions and Challenges applications, it may also be adapted for scenarios where vehicles can be utilized for mobile payments The examples discussed so far strongly benefit (e.g., parking fees, fueling, tolls, etc.). The VANET from various BLE features, but also present chal- application layer exchanges the vehicle’s informa- lenges and additional requirements that need to be tion with pay station, and then the quick transac- addressed for the successful adoption of BLE in tion can be processed by a secure BLE transaction emerging application domains. Based on our review layer. While some attempts of using DSRC in such of various examples from emerging application do- systems have been shown successful [55], it would mains, we further categorize four major and urgent 8 challenges or additional requirements for BLE: 1) 4.1. Enhanced Data Transmission the need of Enhanced Data Transmission, 2) Mesh The two types of BLE communications between Networking support, 3) Inter-operability with other two devices (i.e., connection-based and connection- wireless technologies, and 4) More reliable Privacy less) have enabled simple and quick data exchange and Security protection. for many novel designs and applications. However, The spider web map in Figure 5 demonstrates there are still some challenges found in application the significance of these challenges for each of domains such as IPS and VANETs, where BLE en- the emerging application domains we reviewed in counters several limitations in device discovery and Section 3. Applications of smart infrastructures role assignment. We list and analyze several typical usually require interactions and co-operating with solutions below. other wireless radios, and also need some protection for transmitting sensitive data. VANETs applica- tions, in the contrary, exhibit a strong need for the 4.1.1. Efficient Device Discovery capability of mesh networking, so as to get as many In most prior studies, it is assumed that the ad- vehicles connected as possible. An enhanced data vertisements are processed immediately as long as transmission mechanism is also expected to further they are received by a scanner, which means there accommodate the fast growing vehicular network, is no collision when discovering BLE devices. How- and improve the throughput. For mobile payments, ever, in practice, there exist contentions among BLE is mainly challenged by privacy protection, multiple BLE devices during the device discovery where the simplicity of BLE design potentially leads process, especially in a crowded environment. With to vulnerability to attacks. The multimedia stream- an increasing number of BLE devices, discovery la- ing obviously require higher data rate and lower tency and energy consumption will rise exponen- latency for BLE, while also challenged by inter- tially [56], which will degrade the achievable per- operability for use cases where BLE works as an formance and QoS of many applications. Solu- auxiliary approach for other technologies. tions for low-latency device discovery fall into two While some of these challenges have been ad- categories: 1) Adaptive Parameter Settings and 2) dressed by prior work, not all have yet received at- Channel Sensing, which are further explained be- tention or have been fully resolved, indicating the low. necessity of further research into these areas. In Adaptive Parameter Settings: There are four ma- this section, we summarize and analyze some solu- jor timing parameters that may affect the perfor- tion approaches to the challenges mentioned above. mance of BLE device discovery: • AdvInterval: total time of an advertising event on three advertising channels; Mesh • AdvT imeP erChannel: advertising period per Networking channel; • ScanW indow: time length of a scan event; • ScanInterval: delay between two consecutive scans. Although the BLE standard has enabled the abil-

Enhanced ity for BLE devices to operate with a wide range Privacy & Data Security of these parameters, it is somehow hard for them Transmission to fine tune these parameters automatically, as nei- ther the scanner nor the advertiser can be aware of the existence of contentions on advertising chan- nels. The adaptive parameter setting method ad- justs some of these parameters based on certain ob-

Inter- servations to achieve a more efficient device discov- operability ery. The authors in [57] presented a model that Smart Infrastructure VANETs utilizes the advertisement payload to reflect con- Mobile Payments Multimedia Streaming tention situations. The main idea can be sum- Figure 5: Critical Challenges for Emerging BLE Application marized as: 1) advertisers piggyback connection Domains reports (containing AdvInterval and the current 9 count of advertising intervals) in the advertisement Self-organization and self-management of these de- payload; 2) scanners use the reports to evaluate vices, e.g., the ability to decide when to establish the current contention situation and adjust certain or tear down a connection, is one of the defining parameters (ScanW indow and ScanInterval) ac- characteristics of IoT and VANETs. However, BLE cordingly. However in practical use, especially when was built for deployment scenarios that have well- the parameters are changing fast, the advertiser defined roles for the connected devices, e.g., it is needs to frequently update the payload, which may defined that only a central device can initiate a con- lead to high system overhead. nection to peripherals. This design may limit the Park et al. [58] provided a parameter adjust- self-management of BLE device and the efficiency ment scheme based on the discovery time ratio of data propagation. Existing solutions to this lim- ρ (= Tactual/Treference). The reference discovery itation focus on providing alternatives for the role time is defined according to empirical settings. Ad- assignment in BLE connections. vertisers and scanners will then adjust AdvInterval Bronzi et al. [9] proposed an event-based role and ScanW indow, respectively, depending on ρ. switching scheme to switch the role of central and This approach allows advertisers to actively join the peripheral that a BLE device can play, so that each parameter adjustment, which makes it easier to be device can be in the accessible role when there is applied to general use cases. a need to transfer data. The scheme is designed Channel Sensing: The latency in the BLE de- in the context of multi-hop V2V communications, vice discovery is partly caused by the unawareness where every node (vehicle) is initially set as a cen- of channel traffic. Therefore, the main idea of the tral and will activate its peripheral role manually on Channel Sensing method is to sense the channel the device itself or upon receiving a message to re- traffic before advertising or scanning. When the broadcast. In a multi-hop scenario, the relay node channel is busy, an advertiser will execute a defer- will stay active as both central and peripheral roles ral and random backoff and retry the sensing until for a certain period of time to ensure the data in- the channel is idle [59]. A similar scheme can also be tegrity, and will resume the initial role once the data applied to scanners so that they can decide whether transmission is finished. However, the transmission to initiate a connection to neighbors based on chan- latency may increase aggressively as the network nel traffic [60]. The channel traffic can be evaluated size and the amount of data grows. by the density of the received packets, but may ex- Following a similar idea of role switching, Yang et perience heavy fluctuations in highly dynamic net- al. [10, 48] further developed a more self-organized works. While promising, this method still requires mode of role switching, which is called Dynamic a better definition of the channel traffic and the C/P Switching. This approach addresses the prob- decision-making algorithm for each role. lem by allowing BLE devices to continually and fre- The two types of methods mentioned above have quently switch their roles. In general, if the roles are shown the effectiveness in reducing latency caused switched at random times, two devices will eventu- by collisions in certain cases. However, the common ally have different roles, allowing them to establish problem with these solutions is the lack of tests and a connection and communicate. In this mode, a validation on physical BLE devices. Device discov- device may be initially be set as either central or ery is primarily conducted in the physical layer and peripheral and after a random period of time, its link layer, which means that the enhancements will role will be switched to the other. The active time need to manipulate the BLE stack and must be use- for each role is randomly chosen, possibly from a ful for various common applications. Further, the range of minimum and maximum active times. At schemes described above are mainly designed and any given time, devices with the same role are not tested for dense networks and the trade-offs when able to make a connection and a connection can applied to sparse networks have not been investi- only be established if one device is central, while the gated. other is peripheral. Once a connection has been es- tablished, the role switching process can be paused 4.1.2. Role Assignments to allow the newly connected devices to exchange In many applications, independent devices will their data. When the data transfer has finished, be expected to find ways to coordinate, access each the connection will be torn down and the switching others sensor data, share communication channels, approach will resume. This method allows equal or process and fuse data from multiple sources. opportunities for each device to play as central or 10 peripheral, but the frequent role switching may also each solution. Since each work uses different met- bring high overhead and low energy-efficiency. rics and different hardware/chipset for evaluating Similar ideas were also applied to the data flow the performance, and the comparison may vary de- between parent nodes and child nodes in a BLE- pending on the actual test environment. Generally, based tree networks [61]. However, these role the Latency in Table 4 refers to the general latency switching schemes face some common challenges: for multi-hop transmissions, while the Dissemina- 1) how to provide an efficient parameter settings tion Efficiency reflects the average packet delivery (e.g., the time interval for each role) according to ratio in a mesh network. These key characteristics different network contexts; 2) how to minimize the are generally acknowledged factors that need to be overhead caused by role switching, particularly in considered when designing a network-based appli- dense networks; and 3) how to ensure the consis- cation. There is no solution that fits into all design- tency of data transmissions. ing criteria, and developer should refer to the best fit based on the actual goal/needs. The main ideas 4.2. Mesh Networking for each of the solution are explained as below. The limited range of BLE is one of its major drawbacks, especially for use cases in health moni- 4.2.1. Flooding Routing toring, IoT, and VANETs. BLE was originally de- This type of routing protocols are based on con- signed based on the star network topology. How- nectionless broadcast, where every node that re- ever, other wireless technologies, such as ZigBee ceives a broadcast will rebroadcast until the mes- and Z-Wave, support mesh networks, which pro- sage has been received by the destination node. vides them with an advantage in these domains [62]. BLESSED [64] is an example that utilizes the BLE Therefore, to further extend the network coverage advertisement for flooding packets. It defines three of BLE, solutions have been proposed, both by the superstates for each participating node, so that ev- community and the Bluetooth SIG. ery node will be able to broadcast, receive, and In mid-2017, the Bluetooth SIG released a set of update identifiers of advertisements. However, the specifications defining the architecture of the BLE BLESSED method needs to be implemented and mesh topology [26]. These specifications outline tested with the assistance of Wi-Fi hotspots. the implementations and requirements to enable an BLEmesh [63], proposed in the same year, is a interoperable many-to-many mesh networking so- pure BLE-based mesh solution. In BLEmesh, pack- lution on top of Bluetooth 5.0 and later. Apart ets carrying data from a specific source-destination from the official support for mesh networking, many couple are aggregated in batches. Data, together solutions from academia have also been proposed with control fields, which are used to decide which based on Bluetooth 4.0 through 4.2 to fit into mul- nodes will participate as broadcasters, are carried in tiple application domains. Based on the type of the advertisements. The control fields include two routing protocol, these solutions can be categorized lists: 1) Forwarder List and 2) Batch Map, which into three classes: 1) Flooding routing, 2) Table- are used to keep track of a prioritized set of interme- driven routing and 3) On-demand routing. While diate nodes and the last nodes that have broadcast all of them resolve the routing problems in BLE data to a corresponding batch, respectively. These mesh networks, the target application domains may control fields are designed to minimize the overhead vary. Smart infrastructure applications are usually caused by unnecessary rebroadcast. The authors deployed in a static environment, where flooding compared their protocol with a conventional flood- and table-driven routing may exhibit high perfor- ing protocol and show that BLEmesh requires fewer mance. Similarly, built on a pre-defined and well transmissions. connected network, health monitoring applications can easily benefit from table-driven routing meth- ods. However in VANETs use cases, the network 4.2.2. Table-driven Routing is usually of high mobility and flexibility, where Table-driven routing is a typical type of routing flooding and table-driven routing are less efficient in MANETs. In such protocols, each node main- but on-demand routing can provide more dynamic tains one or more tables containing routing informa- routes. Table 4 summarizes the typical solutions tion to every other node in the network. MHTS [65] for each of these routing classes, and we also list is known as the first attempt to construct a multi- several key characteristics that may stand out for hop BLE network. This approach is based on BLE 11 Table 4: A comparison of BLE mesh network solutions Routing MajorApplication Solution Bluetooth Key Characteristics Year Type Domains Name Version Energy Dissemination Latency Mobility Scalability Efficiency Efficiency BLEmesh [63] 2015 4.2 ! ! Flooding Smart Infrastructure, BLESSED [64] 2015 4.2 ! ! ! ! MHTS [65] 2013 4.0 ! Smart Infrastructure, Table-driven ! Health Monitoring NDN-BLE [66] 2015 4.1 BMN [67] 2015 4.1 ! ! !  N/A [68] 2015 4.1 !  CORP [69] 2017 4.1 ! ! ! ! ! On-demand VANETs RT-BLE [70] 2016 4.1 !   Dual-Ring Tree [71] 2018 N/A ! ! ! MRT-BLE [72] 2018 4.1 ! ! !: theoretically or experimentally proved to be good; : weakness or proved to be below average; blank: not considered or explained explicitly.

GATT profiles, which stores the routing entries (in- 4.2.3. On-demand Routing cluding data, source address, and destination ad- On-demand routing is another type of routing dresses). The route discovery is carried out by protocols in MANETs. In contrast to table-driven broadcasting the Seek Table in advertisements and routing protocols, routes are not maintained at ev- constructing a Route Table for each receiving node. ery node, instead the routes are created as and Then connections will be established based on the when required. When a source wants to send Route Table. Since Bluetooth 4.0 does not allow data to a destination, it invokes the route discov- scatternet formations, current connections must be ery mechanisms to find a path to the destination. torn down before the intermediate node transfers The route remains valid until the destination is not data to the next hop. MHTS can transfer packets reachable anymore or until the route is no longer over up to five hops for a file size of 1 kB. needed. Guo et al. [68] present a typical example of this type of routing based on BLE. In their method, BMN [67] was later proposed as an improved the route discovery is conducted based on scatter- table-driven routing protocol. BMN uses Directed nets: a source node first sends a route request to Acyclic Graph (DAG) as the basis for routing. The its master. If the destination node is not in the network formation starts with BLE advertisements slaves list, then the master starts a Breadth-First of DAG information and an arbitrarily selected root Search by forwarding the request to its slaves that node. Then a DAG will be formed by a series are also in other piconets. Such slaves will continue of connection establishments, and each connected the same procedure until the destination node is node will maintain a table that stores its parent, found. The source node will exploit the shortest alternative parent, and its children. The data for- path once all possible routes are obtained. This warding will then retrieve its referenced path from approach may waste network resources as only one the table maintained by each node. However, this route is used and no other nodes benefit from it. approach may suffer from intermediate node failure Therefore, CORP [69] was proposed to provide and network congestion. a more effective routing procedure. The scatter- NDN-BLE [66] is a variation of table-driven rout- net formation in CORP is based on a device’s de- ing protocol, which uses the Named Data Net- gree (i.e., #neighbors) so that the each piconet will work (NDN) to build BLE mesh networks. NDN be connected with the smallest number of connec- names every chunk of data with an appropriate Uni- tions. The routing protocol is executed similar to form Resource Identifier (URI), and operates over the previous method, but due to the simplification a distributed database, which determines how an of scatternets, the route discovery is now more ef- endpoint can retrieve data of interest. A Media- ficient. The authors also design a mechanism to tion Service is introduced to manage and aggregate locally reconstruct the scatternets when encounter- distributed databases, so that multi-hop transmis- ing a single-node failure. sions are actually conducted via these mediators. RT-BLE [70] and MRT-BLE [72] stabilize the While this approach has been verified from various routing by putting limitations on each node: 1) angles, the authors did not provide any physical or a node can establish a connection with up to two simulation tests to evaluate its performance. masters and 2) a master can establish a connec- 12 tion with at most one other master, and, in this probability of failed BLE connections and transmis- connection, the former shall play the slave role. In sions increases sharply when the wireless environ- the route discovery process, these two models use ment become extremely complex and dense. The the Client Characteristic Configuration Descriptor PHY layer of BLE stack utilizes an adaptive chan- (CCCD), a descriptor available in the GATT layer, nel hopping scheme to avoid interference, and it has to maintain connections. CCCD only allows one been shown effective in most cases. However, the connection to be active at a time, while the rest evaluation results above also point out that there is are kept inactive. Such models show improvements a need for additional research to develop enhanced in power consumption, while achieving the goal of schemes for more critical and complex scenarios. multi-hop transmissions. Other variations (e.g., Dual-Ring Tree [71]) follow similar approaches to 4.3.2. Integration on-demand routing, but use tree topologies to con- We expect that, due to its limitations with re- struct the network, which have also been proven spect to data rate and communication range, BLE useful in some cases. will often be used together with other wireless tech- In summary, BLE mesh networking is an emerg- nologies to achieve certain goals and functionality. ing area with the potential to expand the BLE ap- A common method of integration is to utilize the plicability space. The above solutions can address simple and fast connection process of BLE to set up various application scenarios, but many of them connection between devices, while the actual data still suffer from trade-offs between latency, network transmissions are performed via another wireless traffic, and power consumption when applied to technology. For example, this approach has been general cases and, therefore, this area requires fur- implemented and tested for Wi-Fi P2P communi- ther exploration. cations [75], where a pair of nodes exchange Wi-Fi MAC addresses and service lists over BLE adver- 4.3. Inter-operability tisements. Nodes then decide whether to establish a Wi-Fi P2P connection based on the contents of Although cheap and convenient, BLE cannot yet the received BLE messages. Once a connection has fully replace other existing wireless technologies. In been established, all data exchange occurs via the practical uses, it will be more common to see BLE Wi-Fi P2P channels. This approach can signifi- co-exist or even integrate with technologies that cantly shorten the latency of connection establish- share the 2.4 GHz frequency band. This brings up ment, while maintaining a high transmission rate. the problem of inter-operability, i.e., approaches to A similar approach could also be based on Classic co-existence and integration with other technologies Bluetooth. that minimize inter-technology interference. Next, Another type of integration is to transmit non- we discuss such challenges in terms of co-existence BLE data packets over BLE networks. One pop- and integration. ular idea is to transmit Internet Protocol version 6 (IPv6) packets over BLE. The Internet Engineer- 4.3.1. Co-existence ing Task Force (IETF) published the “IPv6 over BLE shares a similar frequency band with Wi- Bluetooth Low Energy” specification in 2015 [76], Fi, ZigBee, and many other wireless technologies. formally defining a complete protocol stack that in- Silva et al. [73] have performed comprehensive tests tegrates BLE (Bluetooth version 4.1 or greater) and on co-existence and interference among BLE, Clas- IPv6. This stack is based on the IPv6 over Low- sic Bluetooth, Wi-Fi, and ZigBee in a full anechoic Power Wireless Personal Area Network (6LoW- chamber. RSSI and Bit Error Rate are measured as PAN) standard, which is also maintained by IETF the main criteria for the level of interference. The and intended for transmitting IPv6 packets over results show no obvious interference between BLE low-power networks. The IPv6 stack (including and Wi-Fi, but Classic Bluetooth and ZigBee do 6LoWPAN, IPv6, and UDP/TCP) and GATT collide occasionally with BLE, as shown by the in- stack (including GATT and ATT) work in parallel creased RSSI and Bit Error Rate. Kalaa et al. [74] on top of the BLE L2CAP layer. The 6LoWPAN presented a general evaluation of BLE in realistic and L2CAP layers provide address configuration, wireless environments such as a sports facility, a header compression, fragmentation, and reassem- university’s food court, and a hospital’s Intensive bly services to translate IPv6 packets into transfer- Care Unit (ICU). Their results revealed that the able packets for the BLE PHY layer and vice versa. 13 Based on this concept, several architectures were raises the problem of symmetric key management proposed that yield high throughput [27] or seam- and reduced payload efficiency. less transitions between different protocols [77]. Overall, integrating BLE with existing wireless technologies is a method that can be used to over- 5. Discussion and Conclusion come certain weaknesses of each technology, while also offering better compatibility among different BLE is an emerging wireless technology with types of devices. However, there is still a dearth of great potential in many application areas. Ever work on effective and efficient solutions using this since its release, it has been successfully applied concept, including efforts to standardize such solu- in many different domains. This paper surveys sev- tions. eral BLE applications and describes the challenges and existing solutions regarding data transmissions, 4.4. Privacy and Security mesh networking, inter-operability, and security. Security is of the utmost importance in many Among traditional application domains, IPS can application domains. Although recent revisions of directly build upon the connectionless BLE trans- BLE were designed for better security and have mission, while health monitoring and Home Au- fixed several vulnerabilities [78, 79], security still tomation applications rely on connection-based remains as a significant challenge for many current communications and basic BLE network topology. and future BLE applications. Emerging application domains require more ad- vanced features, such as the inter-operability and Ray et al. successfully performed a series of at- mesh network support for smart infrastructure and tacks on Bluetooth 4.2 devices [80] and revealed the VANETs, privacy protection for mobile payments weaknesses that have not yet been covered by the and more robust data transmission for multimedia LE Secure scheme. They conducted three major streaming applications. With recent enhancements attacks on BLE: MITM, Flooding, and Fuzzing at- proposed by the research community, we see that tacks. The MITM attack easily breaks a BLE con- there is great potential for BLE and its use in more nection and successfully modifies the data packets. emerging domains, especially with the rise of In- The Flooding and Fuzzing attacks do not signifi- dustrial IoT as its ubiquitous applications in static cantly crash the target BLE device when numerous sensor networks as well as in mobility and trans- connection requests and GATT requests are sent to portation industries. While the investigations of it, but still cause the target device to be “stuck” current solutions show that some progress has been for a certain period of time. Similar attacks have made, we still witness many opportunities and un- also been conducted to sniff data from BLE de- solved problems. Specifically, we propose that the vices (such as keyboards [81]). community start with the following directions: Due to the insecure channels and the simplicity of connections, there is a lack of countermeasures that can protect BLE devices from MITM attacks. 5.1. From Traditional to Emerging However, some attempts have been made to secure the transmitted packets, e.g., Perrey et al. [82] pro- With the release of Bluetooth 5.1, many BLE fea- posed a key exchange approach that complements tures have been enhanced, providing even more op- the ECDH algorithm to provide secure connections. portunities for traditional BLE applications. Blue- This approach applies Merkle’s Puzzle to the key tooth 5.1 brings two positioning systems to BLE: generation process, where all puzzles are generated Angle of Arrival (AoA) and Angle of Depar- and encrypted depending on the functionality of ture (AoD). Since they are implemented from the the devices (i.e., fully functioning or reduced func- hardware level, BLE-based IPS will then provide tioning). The encrypted puzzles are then broad- more precise positioning service even with very cast via BLE advertisements for key distribution, so limit BLE beacons. Based on the location infor- that further connections will be securely established mation, home automation can also been boosted: based on the key. Another attempt, called Black smart home devices can now precisely detect nearby BLE [83], applied AES-EAX encryption to both users and take actions accordingly. meta-data and payloads of PDUs in each transmis- Thanks to its low-cost, BLE-based sensors are sion. The encryption method is robust, but it also widely deployed under various settings, and lots of 14 data has been generated through these sensors. Uti- Acknowledgment lizing the data and applying machine learning ap- proaches, there could be many more emerging ap- The project was supported through a Ford Mo- plications rise from the traditional domain. Some tor Company University Research Program (URP) attempts have been made to learn and predict mov- grant. ing pattern [84], distance [85], etc. Similar tech- nologies can also be transferred to the Geo-spatial References domain, where BLE positioning services and learn- ing models can be used to draw high definition map [1] J. Tosi, F. Taffoni, M. Santacatterina, R. Sannino, for complex road intersections. D. Formica, Performance evaluation of bluetooth low energy: A systematic review, Sensors 17 (12) (2017) 2898. 5.2. From Small to Large [2] M. Collotta, G. Pau, Bluetooth for internet of things: A fuzzy approach to improve power management in smart As BLE technology is now being deployed as a homes, Computers & Electrical Engineering 44 (2015) key part in smart city implementation, scalability 137–152. of the solutions is going to be of paramount inter- [3] M. S. Gast, Building applications with IBeacon: prox- imity and location services with bluetooth low energy, est to the industry. Mesh networking support can ” O’Reilly Media, Inc.”, 2014. apparently expand the range of BLE networks, but [4] X.-Y. Lin, T.-W. Ho, C.-C. Fang, Z.-S. Yen, B.-J. Yang, there are many other issues that are not fully con- F. Lai, A mobile indoor positioning system based on ibeacon technology, in: Engineering in Medicine and Bi- sidered, such as the discovery scheme, connection ology Society (EMBC), 2015 37th Annual International robustness, support for large payload size in data Conference of the IEEE, IEEE, 2015, pp. 4970–4973. packets in multi-hop transmission, etc. Since mul- [5] R. Faragher, R. Harle, Location fingerprinting with ticast is not supported by connection-based BLE bluetooth low energy beacons, IEEE journal on Selected Areas in Communications 33 (11) (2015) 2418–2428. communications [86], system latency is expected to [6] D. De, P. Bharti, S. K. Das, S. Chellappan, Multimodal increase significantly as the network scales. There- wearable sensing for fine-grained activity recognition in fore, methods that address many of these issues healthcare, IEEE Internet Computing 19 (5) (2015) 26– under one holistic solution architecture design, are 35. [7] K. Zidek,ˇ J. Pitel, Smart 3d pointing device based on currently considered to be the most promising ones mems sensor and bluetooth low energy, in: Computa- to scale the BLE deployment. tional Intelligence in Control and Automation (CICA), 2013 IEEE Symposium on, IEEE, 2013, pp. 207–211. [8] T. Takahashi, Y. Shibata, S. Imata, N. Suzuki, Evalu- 5.3. Fit into the era of 5G ation of wake-on-demand accurate activation and in- vehicle wireless connecation control, in: Broadband Many opportunities come with the proliferation and Wireless Computing, Communication and Appli- of 5G. Although 5G communication supports a wide cations (BWCCA), 2015 10th International Conference bandwidth and extremely high data rate, BLE can on, IEEE, 2015, pp. 143–149. [9] W. Bronzi, R. Frank, G. Castignani, T. Engel, Blue- still find its role in this era. For example, bike shar- tooth low energy performance and robustness analysis ing and planning service, last-mile delivery, brain- for inter-vehicular communications, Ad Hoc Networks machine interface, etc. While 5G network can easily 37 (2016) 76–86. handle massive request for a large area, BLE solves [10] J. Yang, C. Poellabauer, P. Mitra, Using bluetooth low energy for dynamic information-sharing in vehicle- local and near body area data exchange with low- to-vehicle communication, SAE International Journal cost. of Passenger Cars-Electronic and Electrical Systems With the rise of the Industrial Internet of 10 (2017-01-1650) (2017) 240–247. [11] J.-E. Kim, M. Bessho, S. Kobayashi, N. Koshizuka, Things (IIoT) and other technologies such as edge K. Sakamura, Navigating visually impaired travelers in computing, a seamless integration of multiple wire- a large train station using smartphone and bluetooth less technologies will often be essential for many de- low energy, in: Proceedings of the 31st Annual ACM ployment environments. The IP-based method [76] Symposium on Applied Computing, ACM, 2016, pp. 604–611. is the most popular approach to connecting con- [12] G. Rajagopal, V. M. Lodd, A. Vignesh, R. Rajesh, strained devices to the Internet, and it is believed V. Vijayaraghavan, Low cost cloud based intelligent to continue the expansion as it can easily support farm automation system using bluetooth low energy, scalability and application development. Based on in: Humanitarian Technology Conference (R10-HTC), 2014 IEEE Region 10, IEEE, 2014, pp. 127–132. this idea, we see the possibility of integrating BLE [13] M. Vochin, A. Vulpe, G. Suciu, L. Boicescu, Intelligent with DSRC, LTE and 5G. displaying and alerting system based on an integrated 15 communications infrastructure and low-power technol- [33] M. Ali, L. Albasha, H. Al-Nashash, A bluetooth ogy, in: World Conference on Information Systems and low energy implantable glucose monitoring system, in: Technologies, Springer, 2017, pp. 135–141. Microwave Conference (EuMC), 2011 41st European, [14] D. Giovanelli, B. Milosevic, E. Farella, Bluetooth low IEEE, 2011, pp. 1265–1268. energy for data streaming: Application-level analysis [34] L. Guo-Cheng, Y. Hong-Yang, Design and implemen- and recommendation, in: Advances in Sensors and In- tation of a bluetooth 4.0-based heart rate monitor sys- terfaces (IWASI), 2015 6th IEEE International Work- tem on ios platform, in: Communications, Circuits and shop on, IEEE, 2015, pp. 216–221. Systems (ICCCAS), 2013 International Conference on, [15] M. Meli, O. Rion, Streaming speech and music using Vol. 2, IEEE, 2013, pp. 112–115. bluetooth low energy, in: Embedded World Conference, [35] Z.-M. Lin, C.-H. Chang, N.-K. Chou, Y.-H. Lin, Blue- Nuremberg, February, WEKA Fachmedien, 2015, pp. tooth low energy (ble) based blood pressure monitoring 24–26. system, in: Intelligent Green Building and Smart Grid [16] C. Shao, S. Nirjon, J.-M. Frahm, Years-long binary im- (IGBSG), 2014 International Conference on, IEEE, age broadcast using bluetooth low energy beacons, in: 2014, pp. 1–4. Distributed Computing in Sensor Systems (DCOSS), [36] B. Zhou, X. Chen, X. Hu, R. Ren, X. Tan, Z. Fang, 2016 International Conference on, IEEE, 2016, pp. 225– S. Xia, A bluetooth low energy approach for monitor- 232. ing electrocardiography and respiration, in: e-Health [17] M. Todasco, Systems and methods for completion of Networking, Applications & Services (Healthcom), 2013 item delivery and transactions using a mobile beacon, IEEE 15th International Conference on, IEEE, 2013, uS Patent App. 14/154,414 (Apr. 30 2015). pp. 130–134. [18] D. Baldie, System and method for providing a blue- [37] M. Khan, S. Din, S. Jabbar, M. Gohar, H. Ghayvat, tooth low energy mobile payment system, uS Patent S. Mukhopadhyay, Context-aware low power intelligent App. 14/469,230 (Mar. 3 2016). smarthome based on the internet of things, Computers [19] B. SIG, Bluetooth core specification version 4.0, Speci- & Electrical Engineering 52 (2016) 208–222. fication of the Bluetooth System. [38] M. Collotta, G. Pau, A novel energy management ap- [20] B. SIG, Bluetooth core specification version 4.1, Speci- proach for smart homes using bluetooth low energy, fication of the Bluetooth System. IEEE Journal on Selected Areas in Communications [21] B. SIG, Bluetooth core specification version 4.2, Speci- 33 (12) (2015) 2988–2996. fication of the Bluetooth System. [39] O. Galinina, K. Mikhaylov, S. Andreev, A. Turlikov, [22] B. SIG, Bluetooth core specification version 5.0, Speci- Y. Koucheryavy, Smart home gateway system over blue- fication of the Bluetooth System. tooth low energy with wireless energy transfer capa- [23] B. SIG, Bluetooth core specification version 5.1, Speci- bility, EURASIP Journal on Wireless Communications fication of the Bluetooth System. and Networking 2015 (1) (2015) 1–18. [24] M. Galeev, Bluetooth 4.0: an introduction to bluetooth [40] L. Mainetti, L. Patrono, I. Sergi, A survey on indoor low energy-part ii, EE Times, Design. positioning systems, in: Software, Telecommunications [25] C. Gomez, J. Oller, J. Paradells, Overview and evalu- and Computer Networks (SoftCOM), 2014 22nd Inter- ation of bluetooth low energy: An emerging low-power national Conference on, IEEE, 2014, pp. 111–120. wireless technology, Sensors 12 (9) (2012) 11734–11753. [41] N. Cinefra, An adaptive indoor positioning system [26] S. Bluetooth, Mesh networking specifications (2017). based on bluetooth low energy rssi, Master’s thesis, Po- [27] J. Yim, S. Kim, N.-K. Kim, Y.-B. Ko, Ipv6 based real- litecnico di Milano, Milano, Italy (2014). time acoustic data streaming service over bluetooth low [42] A. H. Omre, S. Keeping, Bluetooth low energy: wireless energy, in: Communications, Computers and Signal connectivity for medical monitoring, Journal of diabetes Processing (PACRIM), 2015 IEEE Pacific Rim Confer- science and technology 4 (2) (2010) 457–463. ence on, IEEE, 2015, pp. 269–273. [43] N. Abou-Rahme, Six ways to innovation with smart [28] J. Decuir, Introducing bluetooth smart: Part ii: Appli- infrastructure (2018). cations and updates., IEEE Consumer Electronics Mag- URL https://www.mottmac.com/views/ azine 3 (2) (2014) 25–29. six-ways-to-innovation-with-smart-infrastructure [29] D. Cabarkapa,ˇ I. Gruji´c,P. Pavlovi´c,Comparative anal- [44] S. Kulkarni, S. Piper, S. Lipt´ak,D. Divan, Implement- ysis of the bluetooth low-energy indoor positioning sys- ing pay-as-you-go functionality in microgrids using mo- tems, in: Telecommunication in Modern Satellite, Ca- bile ad-hoc networks, in: 2019 IEEE Decentralized En- ble and Broadcasting Services (TELSIKS), 2015 12th ergy Access Solutions Workshop (DEAS), IEEE, 2019, International Conference on, IEEE, 2015, pp. 76–79. pp. 207–212. [30] M. Altini, D. Brunelli, E. Farella, L. Benini, Blue- [45] M. Boukhechba, A. Bouzouane, S. Gaboury, C. Gouin- tooth indoor localization with multiple neural networks, Vallerand, S. Giroux, B. Bouchard, A novel bluetooth in: Wireless Pervasive Computing (ISWPC), 2010 5th low energy based system for spatial exploration in smart IEEE International Symposium on, IEEE, 2010, pp. cities, Expert Systems with Applications. 295–300. [46] S. Doar, J. Merkin, Bringing neighbors back to neigh- [31] F. Palumbo, P. Barsocchi, S. Chessa, J. C. Augusto, A borhoods (2018). stigmergic approach to indoor localization using blue- URL http://www.sidewalklabs.com/blog/ tooth low energy beacons, in: Advanced Video and Sig- bringing-neighbors-back-to-neighborhoods/ nal Based Surveillance (AVSS), 2015 12th IEEE Inter- [47] R. Frank, W. Bronzi, G. Castignani, T. Engel, Blue- national Conference on, IEEE, 2015, pp. 1–6. tooth low energy: An alternative technology for vanet [32] P. Kriz, F. Maly, T. Kozel, Improving indoor localiza- applications, in: Wireless On-demand Network Systems tion using bluetooth low energy beacons, Mobile Infor- and Services (WONS), 2014 11th Annual Conference mation Systems 2016. on, IEEE, 2014, pp. 104–107.

16 [48] J. Yang, C. Poellabauer, P. Mitra, J. Rao, [62] S. M. Darroudi, C. Gomez, Bluetooth low energy mesh C. Neubecker, Bluenet: Ble-based ad-hoc commu- networks: A survey, Sensors 17 (7) (2017) 1467. nications without predefined roles, in: 2017 IEEE [63] H.-S. Kim, J. Lee, J. W. Jang, Blemesh: A wireless SmartWorld, Ubiquitous Intelligence & Computing, mesh network protocol for bluetooth low energy devices, Advanced & Trusted Computed, Scalable Computing in: Future Internet of Things and Cloud (FiCloud), & Communications, Cloud & Big Data Computing, 2015 3rd International Conference on, IEEE, 2015, pp. Internet of People and Smart City Innovation (Smart- 558–563. World/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), [64] O. Turkes, H. Scholten, P. J. Havinga, Blessed with op- IEEE, 2017, pp. 1–8. portunistic beacons: A lightweight data dissemination [49] M. Wu, B. Ma, Z. Liu, L. Xiu, L. Zhang, Ble-horn: model for smart mobile ad-hoc networks, in: Proceed- A smartphone-based bluetooth low energy vehicle-to- ings of the 10th ACM MobiCom Workshop on Chal- pedestrian safety system, in: Wireless Communications lenged Networks, ACM, 2015, pp. 25–30. and Signal Processing (WCSP), 2017 9th International [65] K. Mikhaylov, J. Tervonen, Multihop data transfer ser- Conference on, IEEE, 2017, pp. 1–6. vice for bluetooth low energy, in: ITS Telecommunica- [50] H. Park, S. Lee, E. Moon, S. H. Ahmed, D. Kim, Per- tions (ITST), 2013 13th International Conference on, formance analysis of bicycle-to-pedestrian safety appli- IEEE, 2013, pp. 319–324. cation using bluetooth low energy, in: Proceedings of [66] A. Balogh, S. Imre, K. Lendvai, S. Szab´o,Service medi- the International Conference on Research in Adaptive ation in multihop bluetooth low energy networks based and Convergent Systems, ACM, 2017, pp. 160–165. on ndn approach, in: Software, Telecommunications [51] M. Komarov, D. Moltchanov, System design and analy- and Computer Networks (SoftCOM), 2015 23rd Inter- sis of uav-assisted ble wireless sensor systems, in: Inter- national Conference on, IEEE, 2015, pp. 285–289. national Conference on Wired/Wireless Internet Com- [67] S. Sirur, P. Juturu, H. P. Gupta, P. R. Serikar, Y. K. munication, Springer, 2016, pp. 284–296. Reddy, S. Barak, B. Kim, A mesh network for mobile [52] M. Lodeiro-Santiago, I. Santos-Gonz´alez,P. Caballero- devices using bluetooth low energy, in: SENSORS, 2015 Gil, C. Caballero-Gil, Secure system based on uav and IEEE, IEEE, 2015, pp. 1–4. ble for improving sar missions, Journal of Ambient In- [68] Z. Guo, I. G. Harris, L.-f. Tsaur, X. Chen, An on- telligence and Humanized Computing (2017) 1–12. demand scatternet formation and multi-hop routing [53] M. M. Scheunemann, K. Dautenhahn, Bluetooth low protocol for ble-based wireless sensor networks, in: energy for autonomous human-robot interaction, in: Wireless Communications and Networking Conference Proceedings of the Companion of the 2017 ACM/IEEE (WCNC), 2015 IEEE, IEEE, 2015, pp. 1590–1595. International Conference on Human-Robot Interaction, [69] C. Jung, K. Kim, J. Seo, B. N. Silva, K. Han, Topology ACM, 2017, pp. 52–52. configuration and multihop routing protocol for blue- [54] J. Klinglmayr, B. Bergmair, M. A. Klaffenb¨ock, tooth low energy networks, IEEE Access 5 (2017) 9587– L. H¨ormann,E. Pournaras, Sustainable consumerism 9598. via context-aware shopping, International Journal of [70] G. Patti, L. Leonardi, L. L. Bello, A bluetooth low en- Distributed Systems and Technologies (IJDST) 8 (4) ergy real-time protocol for industrial wireless mesh net- (2017) 54–72. works, in: Industrial Electronics Society, IECON 2016- [55] M. R. Tinskey, M. Seneski, B. Walter, R. P. Eaton, 42nd Annual Conference of the IEEE, IEEE, 2016, pp. Wireless payment transactions in a vehicle environ- 4627–4632. ment, uS Patent App. 15/092,031 (Oct. 12 2017). [71] C.-M. Yu, E.-L. Lin, Reliable formation protocol for [56] K. Cho, G. Park, W. Cho, J. Seo, K. Han, Performance bluetooth hybrid single-hop and multi-hop networks, analysis of device discovery of bluetooth low energy IEEE Network 32 (2) (2018) 120–125. (ble) networks, Computer Communications 81 (2016) [72] L. Leonardi, G. Patti, L. L. Bello, Multi-hop real-time 72–85. communications over bluetooth low energy industrial [57] J. Liu, C. Chen, Y. Ma, Y. Xu, Adaptive device dis- wireless mesh networks, IEEE Access. covery in bluetooth low energy networks, in: Vehicular [73] S. Silva, S. Soares, T. Fernandes, A. Valente, A. Mor- Technology Conference (VTC Spring), 2013 IEEE 77th, eira, Coexistence and interference tests on a bluetooth IEEE, 2013, pp. 1–5. low energy front-end, in: Science and Information Con- [58] G. Park, W. Park, M. Hong, K. Cho, W. Cho, J. Seo, ference (SAI), 2014, IEEE, 2014, pp. 1014–1018. K. Han, An adaptive parameter setting algorithm to [74] M. O. Al Kalaa, W. Balid, N. Bitar, H. H. Refai, Evalu- enhance performance in self-organizing bluetooth low ating bluetooth low energy in realistic wireless environ- energy networks, Wireless Personal Communications ments, in: Wireless Communications and Networking 87 (3) (2016) 953–969. Conference (WCNC), 2016 IEEE, IEEE, 2016, pp. 1–6. [59] J. Seo, K. Cho, W. Cho, G. Park, K. Han, A discov- [75] H. Joh, I. Ryoo, A hybrid wi-fi p2p with bluetooth ery scheme based on carrier sensing in self-organizing low energy for optimizing smart devices communica- bluetooth low energy networks, Journal of Network and tion property, Peer-to-Peer Networking and Applica- Computer Applications 65 (2016) 72–83. tions 8 (4) (2015) 567–577. [60] J. Kim, K. Han, Backoff scheme for crowded blue- [76] J. Nieminen, T. Savolainen, M. Isomaki, B. Patil, tooth low energy networks, IET Communications 11 (4) Z. Shelby, C. Gomez, Ipv6 over bluetooth (r) low energy, (2017) 548–557. Tech. rep., Internet Engineering Task Force (IETF) [61] J. Kim, S.-k. Kang, J. Park, Bluetooth-based tree topol- (2015). ogy network for wireless industrial applications, in: [77] H. Wang, M. Xi, J. Liu, C. Chen, Transmitting ipv6 Control, Automation and Systems (ICCAS), 2015 15th packets over bluetooth low energy based on bluez, in: International Conference on, IEEE, 2015, pp. 1305– Advanced Communication Technology (ICACT), 2013 1308. 15th International Conference on, IEEE, 2013, pp. 72–

17 77. [78] M. Ryan, et al., Bluetooth: With low energy comes low security., WOOT 13 (2013) 4–4. [79] A. K. Das, P. H. Pathak, C.-N. Chuah, P. Mohapa- tra, Uncovering privacy leakage in ble network traffic of wearable fitness trackers, in: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, ACM, 2016, pp. 99–104. [80] A. Ray, V. Raj, M. Oriol, A. Monot, S. Obermeier, Bluetooth low energy devices security testing frame- work, in: Software Testing, Verification and Validation (ICST), 2018 IEEE 11th International Conference on, IEEE, 2018, pp. 384–393. [81] T. Willingham, C. Henderson, B. Kiel, M. S. Haque, T. Atkison, Testing vulnerabilities in bluetooth low en- ergy, in: Proceedings of the ACMSE 2018 Conference, ACM, 2018, p. 6. [82] H. Perrey, O. Ugus, D. Westhoff, Wisec’2011 poster: security enhancement for bluetooth low energy with merkle’s puzzle, ACM SIGMOBILE Mobile Computing and Communications Review 15 (3) (2011) 45–46. [83] S. Chakrabarty, D. W. Engels, Black networks for blue- tooth low energy, in: Consumer Electronics (ICCE), 2016 IEEE International Conference on, IEEE, 2016, pp. 11–14. [84] Y.-C. Pu, P.-C. You, Indoor positioning system based on ble location fingerprinting with classification ap- proach, Applied Mathematical Modelling 62 (2018) 654–663. [85] C. H. Lam, P. C. Ng, J. She, Improved distance esti- mation with ble beacon using kalman filter and svm, in: 2018 IEEE International Conference on Communi- cations (ICC), IEEE, 2018, pp. 1–6. [86] K.-H. Chang, Bluetooth: a viable solution for iot?[industry perspectives], IEEE Wireless Communi- cations 21 (6) (2014) 6–7.

18