DOCSLIB.ORG

Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Proceedings on Privacy Enhancing Technologies ; 2020 (1):26–46 Guillaume Celosia* and Mathieu Cunche Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols Abstract: Apple Continuity protocols are the under- 1 Introduction lying network component of Apple Continuity services which allow seamless nearby applications such as activ- Smart devices interacting with each other are bring- ity and file transfer, device pairing and sharing a net- ing new types of applications that simplify configura- work connection. Those protocols rely on Bluetooth Low tion procedures and enhance users experience. Those Energy (BLE) to exchange information between devices: new applications include sending a file to a nearby de- Apple Continuity messages are embedded in the pay- vice, transferring an activity to another device, network load of BLE advertisement packets that are periodically connection sharing, etc. Major vendors have developed broadcasted by devices. Recently, Martin et al. identi- protocols to enable those features: Google Nearby [2], fied [1] a number of privacy issues associated with Apple Microsoft Connected Devices Platform (CDP) [3] and Continuity protocols; we show that this was just the tip protocols used by Apple Continuity [4]. The family of of the iceberg and that Apple Continuity protocols leak protocols developed by Apple, called Apple Continu- a wide range of personal information. ity protocols, can be found in all Apple products but In this work, we present a thorough reverse engineering also in devices from third-party companies1. Thus, Ap- of Apple Continuity protocols that we use to uncover a ple Continuity protocols are embedded in more than collection of privacy leaks. We introduce new artifacts, one billion active devices [7], including smartphones, including identifiers, counters and battery levels, that laptops, earphones, smartwatches and smarthome appli- can be used for passive tracking, and describe a novel ances. Within those devices, Apple Continuity proto- active tracking attack based on Handoff messages. Be- cols enable a range of services such as activity transfer, yond tracking issues, we shed light on severe privacy remote printing and smarthome monitoring. flaws. First, in addition to the trivial exposure of device Apple Continuity protocols rely on Bluetooth Low characteristics and status, we found that HomeKit ac- Energy (BLE) for the transport of information over the cessories betray human activities in a smarthome. Then, air: messages of continuity protocols are carried by BLE we demonstrate that AirDrop and Nearby Action pro- advertisement packets that are broadcasted and thus tocols can be leveraged by passive observers to recover made available to all nearby devices. e-mail addresses and phone numbers of users. Finally, Wireless communications functionalities of smart we exploit passive observations on the advertising traffic devices can represent privacy threats for users. In par- to infer Siri voice commands of a user. ticular, Wi-Fi and Bluetooth/BLE signals can be used Keywords: Bluetooth Low Energy; Privacy; Tracking; for users tracking [8, 9] and to infer other private at- Activity inference; Inventory attacks; Perceptual hash- tributes [10–12]. To remedy to the tracking issue, the ing; Guesswork; Protocol. Bluetooth Core Specification version 4.0 introduced the LE Privacy feature [13, Vol 3, Part C, sec. 10.7] that DOI 10.2478/popets-2020-0003 Received 2019-05-31; revised 2019-09-15; accepted 2019-09-16. defines the use of temporary and random link layer iden- tifiers. Several works [14, 15] have highlighted privacy is- sues associated with BLE showing that devices can still be tracked despite LE Privacy provisions. Furthermore, *Corresponding Author: Guillaume Celosia: Univ Lyon, several serious issues have been recently discovered [1] INSA Lyon, Inria, CITI, in Apple Continuity protocols, allowing an attacker to F-69621 Villeurbanne, France, track a device based on passive and active attacks. E-mail: [email protected] Mathieu Cunche: Univ Lyon, INSA Lyon, Inria, CITI, F-69621 Villeurbanne, France, E-mail: [email protected] 1 Apple certified vendors [5] and HomeKit accessories manufac- turers [6]. Discontinued Privacy: Leaks in Apple BLE Continuity Protocols 27 In this paper, we pursue on the path started by Mar- nels of BLE. An advertisement packet is composed of tin et al. [1] and present a collection of new privacy is- a header and a payload. The payload contains an ad- sues in Apple Continuity protocols. Based on a detailed vertising device address and up to 31 bytes of data, reverse engineering of Apple Continuity protocols, we organized in Advertisement Data (AD) structures that demonstrate how information exposed in cleartext in carry information about the device. An AD structure is BLE advertisement packets can be used for tracking composed of a 1-byte field indicating the length of the but also to reveal personal information and users activ- AD (excluding itself), followed by a 1-byte field spec- ities. Our contributions are outlined as follows: ifying the type2 of the AD and finally, a sequence of – We present an extensive reverse engineering of Ap- up to 29 bytes of data (see Fig. 1). One AD struc- ple Continuity protocols along with the format of ture type, called Manufacturer Specific Data (code corresponding messages (Section 3); 0xFF), is dedicated to the transport of data for custom – We identify new fields of Apple Continuity mes- applications defined by the manufacturer. sages leverageable for passive tracking (Section 4); – We introduce a novel active attack that can be used 2.2 BLE privacy to track a user and to link devices belonging to the same iCloud account (Section 5); While advertising, BLE devices are identified by a Blue- – We find that several fields expose characteristics of tooth device address, a 48-bit identifier found within the device (model, OS version, color, etc.) and infor- the Advertising Address (AdvA) field of the advertising mation on the device status that could be leveraged payload. As part of the LE Privacy feature, BLE has to infer the ongoing activity (Section 6); introduced random addresses in addition to the glob- – We show that messages broadcasted by HomeKit ally unique MAC address [16]. Thus, there are 4 types accessories include a Global State Number (GSN) of device addresses in BLE: that leaks the activity in a smarthome (Section 7); Public device address: The address uniquely allo- – We discover that AirDrop and Nearby Action mes- cated to the device by the manufacturer in accordance sages include hashed e-mail addresses and phone to the IEEE MAC address specifications [17, sec. 8.2]. numbers, and we demonstrate how they can be re- covered through a guesswork attack (Section 8); Random Static device address: A randomly gener- – We found that Siri messages include a perceptual ated address that can be renewed after each power cycle hash of voice commands and demonstrate how it and that shall not change during the use of the device. can be exploited to infer a command (Section 9); Random Non-resolvable device address: A ran- – We provide a discussion on the impact of the dis- domly generated address that can be renewed at any covered attacks (Section 10); time. – We discuss potential solutions to remedy to the Random Resolvable device address: An address identified issues (Section 11). generated using a random value and an Identity Reso- lution Key (IRK), that can only be resolved by devices 2 Background knowing the IRK. Furthermore, the Bluetooth Core Specification [18, 2.1 BLE protocol Vol 3, Part C, App. A] recommends to renew Random Non-resolvable and Random Resolvable addresses at BLE is a 2.4 GHz ISM band radio communication stan- most every 15 minutes. dard that has been introduced in 2010 as part of the Bluetooth Core Specification version 4.0 [13, Vol 6]. 2.3 Continuity protocols BLE operates on 40 physical channels: 3 of those chan- nels are dedicated to the discovery mechanism called Continuity protocols are network mechanisms used to advertisement while the 37 remaining channels are used enable short range communications for services running for data transmissions. on mobile devices and connected appliances. They con- The advertisement discovery mechanism allows stitute the network element of Apple Continuity ser- BLE devices to advertise their presence and character- istics to nearby devices. It relies on the broadcasting of advertisement packets on the 3 advertisement chan- 2 https://www.bluetooth.com/specifications/assigned- numbers/generic-access-profile Discontinued Privacy: Leaks in Apple BLE Continuity Protocols 28 vices [4], and similar protocols have been developed the Received Signal Strength Indicator (RSSI) to filter by major vendors: Google Nearby [2] and Microsoft out packets coming from other devices. CDP [3]. Typical continuity services include activity All the tests were performed in our laboratory transfer, multimedia content streaming, file sharing, de- against Apple devices owned by the authors and their vice pairing, monitoring and control of connected home institutions. Those tests involved a range of Apple de- appliances to name a few. vices including iPhone smartphones, iPad tablets, Air- Continuity protocols typically rely on wireless tech- Pods earphones, MacBook laptops, Apple Watch smart- nologies such as Bluetooth/BLE and Wi-Fi to carry in- watches that were running across different versions of formation between devices. As they are directly used Apple iOS, macOS and watchOS operating systems. We by applications, such protocols can be seen as part of considered products from partner companies too that the Application Layer of the OSI model. However, they are compatible with the Apple ecosystem such as the sometimes include features of other layers such as the Eve Motion sensor and the Osram Smart+ lightbulb. Session and Transport Layers (sequence number and re- We also relied on debugging tools provided by connection). Because they only involve device-to-device Apple, PacketLogger and PacketDecoder. Those tools, communications, the Network Layer is limited to a bare available on the Apple Developer5 website, provide in- minimum.
Load more

Recommended publications
  • 25 Years of Bluetooth Technology
    future internet Article 25 Years of Bluetooth Technology Sherali Zeadally 1,*, Farhan Siddiqui 2 and Zubair Baig 3 1 College of Communication and Information, University of Kentucky, Lexington, KY, 40506, USA 2 Department of Mathematics and Computer Science, Dickinson College, Carlisle, PA 17013, USA 3 School of Information Technology, Deakin University, Geelong 3216, Victoria, Australia * Correspondence: [email protected] Received: 12 August 2019; Accepted: 2 September 2019; Published: 9 September 2019 Abstract: Bluetooth technology started off as a wireless, short-range cable replacement technology but it has undergone significant developments over the last two decades. Bluetooth radios are currently embedded in almost all computing devices including personal computers, smart phones, smart watches, and even micro-controllers. For many of us, Bluetooth is an essential technology that we use every day. We provide an insight into the history of Bluetooth and its significant design developments over the last 25 years. We also discuss related issues (including security) and Bluetooth as a driving technology for the Internet of Things (IoT). Finally, we also present recent research results obtained with Bluetooth technology in various application areas. Keywords: bluetooth; internet of things; low-energy; mesh; networking; protocol; security 1. Introduction The Bluetooth radio technology was developed by L. M. Ericsson in 1994. The standard is named after the King of Denmark, Harald Blaatand (“Bluetooth”). Major mobile phone manufacturers and technology providers comprising IBM, Nokia, Intel, Ericsson, and Toshiba created the Bluetooth Special Interest Group (SIG). The aim of the group was to invent an open specification for wireless technologies of short range. Bluetooth SIG continues to oversee the Bluetooth technology today.
    [Show full text]
  • Iot Systems Overview
    IoT systems overview CoE Training on Traffic engineering and advanced wireless network planning Sami TABBANE 30 September -03 October 2019 Bangkok, Thailand 1 Objectives •Present the different IoT systems and their classifications 2 Summary I. Introduction II. IoT Technologies A. Fixed & Short Range B. Long Range technologies 1. Non 3GPP Standards (LPWAN) 2. 3GPP Standards IoT Specificities versus Cellular IoT communications are or should be: Low cost , Low power , Long battery duration , High number of connections , Low bitrate , Long range , Low processing capacity , Low storage capacity , Small size devices , Relaxed latency , Simple network architecture and protocols . IoT Main Characteristics Low power , Low cost (network and end devices), Short range (first type of technologies) or Long range (second type of technologies), Low bit rate (≠ broadband!), Long battery duration (years), Located in any area (deep indoor, desert, urban areas, moving vehicles …) Low cost 3GPP Rel.8 Cost 75% 3GPP Rel.8 CAT-4 20% 3GPP Rel.13 CAT-1 10% 3GPP Rel.13 CAT-M1 NB IoT Complexity Extended coverage +20dB +15 dB GPRS CAT-M1 NB-IoT IoT Specificities IoT Specificities and Impacts on Network planning and design Characteristics Impact • High sensitivity (Gateways and end-devices with a typical sensitivity around -150 dBm/-125 dBm with Bluetooth/-95 dBm in 2G/3G/4G) Low power and • Low frequencies strong signal penetration Wide Range • Narrow band carriers far greater range of reception • +14 dBm (ETSI in Europe) with the exception of the G3 band with +27 dBm, +30 dBm but for most devices +20 dBm is sufficient (USA) • Low gateways cost Low deployment • Wide range Extended coverage + strong signal penetration and Operational (deep indoor, Rural) Costs • Low numbers of gateways Link budget: UL: 155 dB (or better), DL: Link budget: 153 dB (or better) • Low Power Long Battery life • Idle mode most of the time.
    [Show full text]
  • Bluetooth® Low Energy Tree Structure Network
    Application Report SWRA648–May 2019 Bluetooth® Low Energy Tree Structure Network Stanford Li, Yan Zhang, and Marie Hernes ABSTRACT This application report presents the concept of the wireless tree structure using Bluetooth Low Energy technology. The important steps when designing a Bluetooth Low Energy tree structure are elaborated on a detailed level throughout the document. With the use of the TI SimpleLink™ Bluetooth low energy software Stack, the tree structure can be done in a simple and intuitive way. The accompanying software example can be found on github. Contents 1 Introduction ................................................................................................................... 2 2 Bluetooth Low Energy Basic Knowledge ................................................................................. 2 3 Three Kinds of Bluetooth Low Energy Network Structure.............................................................. 2 4 Bluetooth Low Energy Tree Structure Network Analysis ............................................................... 4 5 Bluetooth Low Energy Tree Structure Network Realization............................................................ 6 6 Bluetooth Low Energy tree Structure Network Test ................................................................... 10 7 References .................................................................................................................. 11 List of Figures 1 Star Network.................................................................................................................
    [Show full text]
  • Applying Mix Nets to Email Document
    Ref. Ares(2016)2647269 - 08/06/2016 Harry Halpin (Greenhost/LEAP)) Kali Kaneko (Greenhost/LEAP) Ruben Pollan (Greenhost/LEAP) Elijah Sparrow (Greenhost/LEAP)) Mooness Davarian (Greenhost/LEAP) Raf Degens (Medialaan/Mobile Vikings) Tariq Elahi (KUL) George Danezis (UCL) Applying Mix Nets to Email Document Deliverable D 7.1 June 8, 2016 Panoramix Project, # 653497, Horizon 2020 http://www.panoramix-project.eu Contents 1 Introduction 3 2 Use-cases 4 2.1 Companies and Government Use-case . 4 2.2 Journalist Use-case . 5 2.3 Activists . 5 3 Email Systems 7 4 Threat Models and Requirements 9 4.1 Threat Models . 9 4.2 Requirements . 10 4.2.1 Security Requirements . 11 4.2.2 Privacy Requirements . 11 4.3 Problems and Meditations . 12 4.3.1 Security Requirement Problem: StartTLS downgrade . 12 4.3.2 Security Requirement Problem: DNS hijacking . 12 4.3.3 Security Requirement Problem: MX impersonation . 13 4.3.4 Privacy Requirement Problem: Abusive Users . 13 4.3.5 Privacy Requirement Problem: Spam . 14 4.3.6 Privacy and Abuse Prevention Mediations . 15 5 LEAP Software 17 5.1 The LEAP Architecture . 18 5.1.1 LEAP Platform . 19 5.1.2 Soledad . 20 5.1.3 LEAP Client . 21 5.1.4 Nicknym Key-Management . 22 5.2 LEAP for Email Encryption Example . 22 1 5.2.1 Setting up a new device . 22 5.2.2 Receiving Mail . 23 5.2.3 Mailbox Sync . 23 5.2.4 Sending Mail . 23 5.3 Current State and Future Work . 23 6 End-user Usability 25 7 System Administration Usability 27 8 Empirical Mix-net Parameters 30 8.1 Empirical Data .
    [Show full text]
  • Car Access Bluetooth®+ CAN Satellite Module Reference Design
    Design Guide: TIDA-020032 Car Access Bluetooth®+ CAN Satellite Module Reference Design Description Features This satellite module reference design is intended for • CAN, CAN-FD communications Bluetooth® Low Energy passive entry passive start • CAN auto-addressing (PEPS) and phone as a key (PaaK) Digital key car • 25-µA system sleep state (typical) access systems. The design demonstrates how control area network flexible data rate (CAN-FD) • Capable of measuring Bluetooth AoA and RSSI communication capabilities can be implemented with • Small 47.625-mm × 76.2-mm (1.875 in × 3 in) PCB our Bluetooth wireless MCUs for systems that require • Improved system performance with Bluetooth higher bandwidth in-vehicle network communications. connection monitoring capabilities Further benefits include reduced power consumption in the sleep state, CAN auto-addressing method for Applications improved manufacturing, connection monitor capabilities for improved Bluetooth localization • Phone as a key (PaaK), Digital key accuracy, and a compact printed-circuit board (PCB) • Passive entry passive start (PEPS) capable of measuring Bluetooth angle of arrival (AoA) and received signal strength index (RSSI). Resources TIDA-020032 Design Folder CC2642R-Q1 Product Folder TCAN4550-Q1 Product Folder TLV713P-Q1 Product Folder Search Our E2E™ support forums Phone as a key Module Rest of the Vehicle (may be integrated in BLE Satellite Modules Outside of the Vehicle the BCM) TLV713-Q1 Car Battery 5 V Power Supply TCAN4550-Q1 3.3 V Phone as a key 2 x 2.4 GHz (SBC) Communication Antennas Interface + Wide Input Voltage LDO Body Control CAN PaaK Module Module (BCM) CAN CC2642R-Q1 Back-up key MCU An IMPORTANT NOTICE at the end of this TI reference design addresses authorized use, intellectual property matters and other important disclaimers and information.
    [Show full text]
  • Advantages and Limitations of Li- Fi Over Wi-Fi and Ibeacon Technologies By
    ISSN (Online) 2321 – 2004 IJIREEICE ISSN (Print) 2321 – 5526 International Journal of Innovative Research in Electrical, Electronics, Instrumentation and Control Engineering ISO 3297:2007 Certified Vol. 4, Issue 11, November 2016 Review Paper: Advantages and Limitations of Li- Fi over Wi-Fi and iBeacon Technologies By Deepika D Pai Asst. Professor, (Sel Grade), Department of Electronics and Communication Engineering. Vemana Institute of Technology Abstract: Li-Fi can be thought of as a light-based Wi-Fi. That is, it uses light instead of radio waves to transmit information. And instead of Wi-Fi modems, Li-Fi would use transceiver-fitted LED lamps that can light a room as well as transmit and receive information. Light is inherently safe and can be used in places where radio frequency communication is often deemed problematic, such as in aircraft cabins or hospitals. So visible light communication not only has the potential to solve the problem of lack of spectrum space, but can also enable novel application. The visible light spectrum is unused; it's not regulated, and can be used for communication at very high speeds. This paper compares the Li-Fi technology with Wi-Fi and iBeacon technologies. Keywords: Li-fi, Wi-Fi, iBeacon, visible light communication, BLE communication I. INTRODUCTION In recent trends, wireless communication Wi-Fi is gaining government licence. This new Ethernet standard was tremendous importance. CISCO reported that the compatible with devices and technology working on radio compound annual growth rate (CAGR) of mobile data waves and came to be known as ―Wi-Fi‖ only in 1999. usage per month is around 80% which has led to the saturation of the network spectrum consequently bringing iBeacon: The technology was first introduced by Apple at down its efficiency.
    [Show full text]
  • Applications: S
    Applications: S This chapter contains the following sections: • Sabah, on page 9 • Safari, on page 10 • SAFT, on page 11 • Sage, on page 12 • Sahibinden, on page 13 • Saks Fifth Avenue, on page 14 • Salesforce.com, on page 15 • Salesforce.com Live Agent, on page 16 • Sam's Club, on page 17 • Sametime, on page 18 • SAMR, on page 19 • Samsung, on page 20 • Samsung Push Notification, on page 21 • SANity, on page 22 • Sanook.com, on page 23 • SAP, on page 24 • SAP HostControl, on page 25 • SASCDN, on page 26 • SATNET, on page 27 • SATNET and Backroom EXPAK, on page 28 • SATNET Monitoring, on page 29 • SaveFrom, on page 30 • Sberbank of Russia, on page 31 • SBS, on page 32 • SCC Security, on page 33 • SCCM, on page 34 • SCCM Remote Control, on page 35 • SCCP, on page 36 • Schedule Transfer Protocol, on page 37 • schuelerVZ, on page 38 • Schwab, on page 39 • ScienceDirect, on page 40 Applications: S 1 Applications: S • SCO Desktop Administration Server, on page 41 • Sco I2 Dialog Daemon, on page 42 • SCO System Administration Server, on page 43 • SCO Web Server Manager 3, on page 44 • SCO WebServer Manager, on page 45 • scohelp, on page 46 • Scopia, on page 47 • Scopia Audio, on page 48 • Scopia Video, on page 49 • Scorecard Research, on page 50 • Scottrade, on page 51 • SCPS, on page 52 • Scribd, on page 53 • Scribd Upload, on page 54 • Scribol, on page 55 • SCSI-ST, on page 56 • SCTP, on page 57 • scx-proxy, on page 58 • SDNS-KMP, on page 59 • SDRP, on page 60 • Seamonkey, on page 61 • Search-Result.com, on page 62 • Searchnu, on page 63 •
    [Show full text]
  • Resource Directory
    of Walworth County Resource Directory ADRC of Walworth County W4051 County Rd NN Elkhorn, WI 53121 Phone: (262) 741-3400 Toll-Free: (800) 365-1587 Fax: (262) 741-3436 [email protected] Effective: July 1, 2019 (Updated Annually) The ADRC cannot endorse or recommend any organization, product, or service. This directory is not all inclusive and is subject to change without notice. La información de recursos está disponible en español contactando al ADRC. INTRODUCTION The information in this booklet was compiled as a useful guide of available services and programs. While we do our best to ensure that the information is accurate and up-to-date, changes may occur after printing of this directory. For more detailed or current information, please contact the ADRC: Aging & Disability Resource Center (ADRC) of Walworth County W4051 County Rd NN Elkhorn, WI 53121 Phone: (262) 741-3400 Toll-Free: (800) 365-1587 Fax: (262) 741-3436 [email protected] The ADRC does not recommend or screen the business or service organizations in this publication. Please use your discretion when calling for services, requesting estimates, reviewing references and licensure. For professional license information, you can contact the Wisconsin Department of Regulation and Licensing by phone: 608-266-2112, or access their website: online.drl.wi.gov/LicenseLookup/LicenseLookup.aspx You can also contact the Better Business Bureau by phone: 800-273-1002 or access their website: www.wisconsin.bbb.org/ The ADRC cannot endorse or recommend any organization, product, or service. This directory is not all inclusive and is subject to change without notice.
    [Show full text]
  • Bluetooth Low Energy Beacons (Rev. A)
    Application Report SWRA475A–January 2015–Revised October 2016 Bluetooth® low energy Beacons Joakim Lindh ABSTRACT This application report presents the concept of beacons by using Bluetooth low energy technology. The important parameters when designing beacon solutions are elaborated on a detailed level throughout the document. With the use of the TI Bluetooth low energy-Stack, beacons can be done in a simple and intuitive way. Contents 1 What is a Beacon? .......................................................................................................... 2 2 Bluetooth low energy and Bluetooth Smart .............................................................................. 2 3 Designing a Bluetooth low energy Beacon ............................................................................... 9 4 iBeacon Implementation................................................................................................... 11 5 Proprietary Implementation ............................................................................................... 13 6 References .................................................................................................................. 14 List of Figures 1 Bluetooth low energy Data Packet ........................................................................................ 3 2 Bluetooth low energy Broadcast Data .................................................................................... 4 3 Beacon Address Types ....................................................................................................
    [Show full text]
  • Performance Evaluation of Bluetooth Low Energy for High Data Rate Body Area Networks
    Performance Evaluation of Bluetooth Low Energy for High Data Rate Body Area Networks José A. Afonso 1, António F. Maio 1, Ricardo Simoes 2,3 1 Centre for Microelectromechanical Systems (CMEMS-UMinho), University of Minho, Guimarães, 4800-058, Portugal 2 Institute for Polymers and Composites (IPC/I3N), University of Minho, Guimarães, Portugal 3 School of Technology, Polytechnic Institute of Cávado and Ave, Barcelos, Portugal 1 E-mail: [email protected], Phone: +351-253510190, Fax: +351-253510189 Abstract. Bluetooth Low Energy (BLE) is a promising wireless network technology, in the context of body area network (BAN) applications, to provide the required quality of service (QoS) support concerning the communication between sensor nodes placed on a user’s body and a personal device, such as a smartphone. Most previous BLE performance studies in the literature have focused primarily in networks with a single slave (point-to-point link) or traffic scenarios with relatively low data rate. However, many BAN sensors generate high data rate traffic, and several sensor nodes (slaves) may be actively sending data in the same BAN. Therefore, this work focuses on the evaluation of the suitability of BLE mainly under these conditions. Results show that, for the same traffic, the BLE protocol presents lower energy consumption and supports more sensor nodes than an alternative IEEE 802.15.4-based protocol. This study also identifies and characterizes some implementation constraints on the tested platforms that impose limits on the achievable performance. Universidade do Minho: RepositoriUM Keywords: Bluetooth Low Energy, Performanceprovided by Evaluation, Body Area View metadata, citation and similar papers at core.ac.uk CORE brought to you by Networks, Quality of Service.
    [Show full text]
  • Interference Simulation of Bluetooth Low Energy
    ATCZ175 INTEROP PROJECT Interference Simulation of Bluetooth Low Energy Version 1.1 Institute of Electrodynamics, Microwave and Circuit Engineering TECHNISCHE UNIVERSITÄT WIEN Advisor: Assoc. Prof. Dipl.-Ing. Dr.techn. Holger ARTHABER by Proj. Ass. Dipl.-Ing. Hamid KAVOUSI GHAFI March 5, 2018 Contents 1 Introduction to Bluetooth Low Energy 1 1.1 BLE Basic Concepts . 1 1.2 Modulation and Demodulation of BLE . 1 1.3 Noise Analysis . 1 1.4 Demodulation Algorithms . 3 1.5 Noise and Frequency Offset Effects on the Demodulator . 4 1.5.1 Simulation Results . 4 2 Interference Analysis 5 2.1 GFSK Signal as Interferer . 5 2.2 Comparison between Noise and GFSK Signal as Interferer . 6 2.3 Conclusion . 9 3 Revision History 11 Abstract Frequency utilization is hugely increasing in the communication systems, particularly in the ISM (Industrial, Scientific, and Medical radio) band. Consequently, interference seems to be a great impeding factor in the next wireless technologies including WiFi, Bluetooth, ZigBee, WiMax, and BLE (Bluetooth Low Energy). In simple words, as these technologies mostly work in the same frequency band, transmitted data signal of each system can be a source of interference for other ones. Moreover, even a same type adjacent system might cause interference with the desired signal. In this report, the interference effects on BLE systems are studied. First, the characteristics of BLE, particularly in the physical layer, are studied. Afterwards, the BLE system performance in the presence of different irritating signals is investigated. In particular, the BLE performance prone to two types of interfer- ing signal, AWGN (Additive White Gaussian Noise) and GFSK (Gaussian Frequency Shift Keying) signals (another BLE system acts as interfering source), is investigated.
    [Show full text]
  • Beyond Beaconing: Emerging Applications and Challenges of BLE
    Beyond Beaconing: Emerging Applications and Challenges of BLE Jian Yanga,∗, Christian Poellabauera, Pramita Mitrab, Cynthia Neubeckerb aDepartment of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN 46556, USA bResearch and Advanced Engineering, Ford Motor Company, Dearborn, MI 48121, USA Abstract As an emerging technology with exceptional low energy consumption and low-latency data transmissions, Bluetooth Low Energy (BLE) has gained significant momentum in various application domains, such as Indoor Positioning, Home Automation, and Wireless Personal Area Network (WPAN) communications. With various novel protocol stack features, BLE is finding use on resource-constrained sensor nodes as well as more powerful gateway devices. Particularly proximity detection using BLE beacons has been a popular usage scenario ever since the release of Bluetooth 4.0, primarily due to the beacons' energy efficiency and ease of deployment. However, with the rapid rise of the Internet of Things (IoT), BLE is likely to be a significant component in many other applications with widely varying performance and Quality-of-Service (QoS) requirements and there is a need for a consolidated view of the role that BLE will play in applications beyond beaconing. This paper comprehensively surveys state-of-the-art applications built with BLE, obstacles to adoption of BLE in new application areas, and current solutions from academia and industry that further expand the capabilities of BLE. Keywords: Bluetooth Low Energy, BLE, Communication, Applications, Low Power, Low Latency. 1. Introduction continuously broadcast an identifier to nearby BLE receivers [3]. This has enabled a multitude of prox- Bluetooth Low Energy (BLE), also known as imity detection solutions, i.e., the beacons allow de- Bluetooth Smart, is an emerging short-range wire- vices such as smartphones and tablets to perform less technology aiming at low-power, low-latency, certain actions when in close proximity to a bea- and low-complexity communications.
    [Show full text]