doing bluetooth low energy on linux
play

Doing Bluetooth Low Energy on Linux Szymon Janc - PowerPoint PPT Presentation

Nov 17, 2022 •522 likes •800 views

Doing Bluetooth Low Energy on Linux Szymon Janc szymon.janc@codecoup.pl OpenIoT Summit Europe, Berlin, 2016 Agenda Introduction Bluetooth Low Energy technology recap Linux Bluetooth stack architecture Linux kernel

  1. Doing Bluetooth Low Energy on Linux Szymon Janc szymon.janc@codecoup.pl OpenIoT Summit Europe, Berlin, 2016

  2. Agenda ● Introduction ● Bluetooth Low Energy technology recap ● Linux Bluetooth stack architecture ○ Linux kernel ○ BlueZ 5 ● GAP (Scanning, Advertising, Pairing etc) ● GATT ● LE CoC and 6LoWPAN ● Custom solutions ● Tips ● Future work

  3. About me ● Embedded software engineer ● Works with embedded Linux and Android platforms since 2007 ● Focused on Local Connectivity (Bluetooth, NFC) ● Open Source contributor (BlueZ, Linux, Zephyr) ● In 2015 co-founded Codecoup ○ support in Bluetooth, Linux, Android, Open Source, embedded systems ○ Internet of Things projects ○ www.codecoup.pl

  4. Bluetooth Low Energy ● Introduced with Bluetooth 4.0 (2010) ● Short range wireless technology (10-100 meters) ● Operates at 2.4 GHz (IMS band) ● Designed for low power usage ● Profiles (applications) use GATT ● Further improvements in 4.1 and 4.2 specifications ○ Improved security (LE Secure Connections) ○ Connection Oriented Channels

  5. Linux Bluetooth Low Energy features ● Core Specification 4.2 ● Generic Access Profile (GAP) ○ central, peripheral, observer, broadcaster ○ privacy ● Security Manager ○ Legacy Pairing, Secure Connections, Cross-transport pairing ● Generic Attribute Profile (GATT) ● L2CAP Connection Oriented Channels ● 6LoWPAN ● HID over GATT (HoG) ● Multiple adapters support ● Others

  6. Linux Bluetooth LE Stack Architecture

  7. Linux Bluetooth LE Stack Architecture (kernel) ● Split between Linux kernel and userspace ● Kernel: ○ GAP ○ L2CAP ○ Security Manager ○ Hardware drivers ○ Provides socket based interfaces to user space ■ For data (L2CAP, HCI) ■ For control (MGMT, HCI) ○ https://git.kernel.org/cgit/linux/kernel/git/bluetooth/bluetooth-next.git/

  8. Linux Bluetooth LE Stack Architecture (user space) ● bluetoothd ○ Central daemon ○ D-Bus interfaces for UI and other subsystems ○ Reduces exposure to low level details ○ Handle persistent storage ○ Extendible with plugins (neard, legacy GATT plugins) ● Tools ○ bluetoothctl - command line agent ○ btmon - HCI tracer ○ Set of command line tools useful for testing, development and tracing

  9. Bluetooth Management interface ● Available since Linux 3.4 ● Replaces raw HCI sockets ● Allow userspace to control kernel operations ● Provides mostly Generic Access Profile functionality (adapter settings, discovery, pairing etc) ● Required by BlueZ 5 ● Specification available at doc/mgmt-api.txt in bluez.git ● http://www.bluez.org/the-management-interface/ ● btmgmt tool for command line

  10. BlueZ D-Bus API overview ● Use standard D-Bus ObjectManager and Properties interface ● Adapters and remote devices represented as objects ○ /org/bluez/hci0 ○ /org/bluez/hci0/dev_00_11_22_33_44_55 ● With versioned interfaces ○ org.bluez.Adapter1, org.bluez.Device1 etc ○ org.bluez.GattService1, org.bluez.GattCharacteristic1 etc ● Manager and Agent style interfaces for external components ○ org.bluez.AgentManager1, org.bluez.Agent1 ● As of BlueZ 5.42 GATT D-Bus interfaces are declared stable

  11. Basic operations (GAP) ● Adapter settings ● Device discovery ● Connection management ● Pairing ● org.bluez.Adapter1 - adapter control ● org.bluez.Device1 - device control ● org.bluez.Agent1 - UI pairing agent

  12. Scanning - devices discovery ● org.bluez.Adapter1 interface ● StartDiscovery() and StopDiscovery() methods control discovery sessions ● SetDiscoveryFilter(dict filter) for discovery session tuning ○ UUID based filtering ○ RSSI or Pathloss threshold ○ Transport (type of scan) ○ Multiple clients filters are internally merged ● Objects with org.bluez.Device1 interface represent remote devices ● While devices are being discovered new objects are created (or updated)

  13. Advertising ● Allows external applications to register Advertising Data ● Support for multiple advertising instances ● org.bluez.LEAdvertisement1 ○ Implemented by external application ○ Properties define advertising type and what to include ○ AD is constructed by stack (required data types are always included) ● org.bluez.LEAdvertisingManager1 on /org/bluez/hciX ○ RegisterAdvertisement() ○ UnregisterAdvertisement() ● Currently no support for configuring Scan Responses ● doc/advertising-api.txt

  14. Pairing ● bluetoothd relies on agents for user interaction ○ User can be a human where agent is UI ○ But it can also be any policy implementation ● org.bluez.AgentManager1 ○ RegisterAgent(object agent, string capability) - registers an agent handler with specified local capability ○ RequestDefaultAgent(object agent) - sets registered agent as default ● org.bluez.Agent1 ○ Implemented by application ○ Called by bluetoothd when user input is needed eg. to enter or confirm passkey ● Each application can register own agent ● Default agent used for incoming requests ● or for outgoing requests if application has no agent registered

  15. GATT ● Internal plugins (and their APIs) are deprecated ● Replaces profile specific APIs ● Stable since 5.42 ● Local and remote services share same D-Bus API ○ org.bluez.GattService1 ○ org.bluez.GattCharacteristic1 ○ org.bluez.GattDescriptor1 ● Remote hierarchy under device path ○ /org/bluez/hci0/dev_AA/serviceXX/charYYYY/descriptorZZZZ ● org.bluez.Device1.ServicesResolved=true indicates discovery has completed

  16. GATT (II) ● Register local profiles and services -> /com/example | - org.freedesktop.DBus.ObjectManager ○ org.bluez.GattManager1 | -> /com/example/service0 ■ RegisterApplication() | | - org.freedesktop.DBus.Properties ■ UnRegisterApplication() | | - org.bluez.GattService1 | | ● Local profile | -> /com/example/service0/char0 ○ org.bluez.GattProfile1 | | - org.freedesktop.DBus.Properties | | - org.bluez.GattCharacteristic1 ○ Bluetoothd will add matched devices to | | auto-connect list | -> /com/example/service0/char1 | | - org.freedesktop.DBus.Properties ● Local service | | - org.bluez.GattCharacteristic1 | | ○ Represented as objects hierarchy | -> /com/example/service0/char1/desc0 ■ Service is root node | - org.freedesktop.DBus.Properties | - org.bluez.GattDescriptor1 ■ Characteristic is child of service | ■ Descriptor is child of characteristic -> /com/example/service1 | - org.freedesktop.DBus.Properties ○ grouped under Object Manager | - org.bluez.GattService1 ○ Objects should not be removed | -> /com/example/service1/char0 - org.freedesktop.DBus.Properties - org.bluez.GattCharacteristic1

  17. HID over GATT (host) ● Supported by bluetoothd internally - ‘hog’ plugin ● Only host support ● ‘Claims’ HID service so it won’t be visible on D-Bus ● Requires uhid support in kernel ● “Just works” experience ○ Pair mouse/keyboard ○ Service is probed and connected ○ Input device is created ○ Device is added to whitelist for reconnection [15674.721290] input: BluetoothMouse3600 as /devices/virtual/misc/uhid/0005:045E:0916.0002/input/input18 [15674.721494] hid-generic 0005:045E:0916.0002: input,hidraw0: BLUETOOTH HID v1.00 Mouse [BluetoothMouse3600] on 5C:E0:C5:34:AE:1C

  18. Privacy ● Allows to use Resolvable Private Address (RPA) instead of Identity (public) address ● Address appears random for non-bonded devices ● Bonded devices can resolve RPA ● Prevents tracking ● Linux supports both local privacy and remote privacy ○ When device is paired its Identity Resolving Key (IRK) is stored and used for resolving RPAs ○ Providing IRK for local adapter allows kernel to generate and use RPAs ○ RPA is time rotated ● Bluetoothd handles remote device IRK storage and loading ○ After pairing Address property on org.bluez.Device1 is updated with resolved identity address ● No support for local privacy in bluetoothd yet ○ bluetoothd will create local random IRK (per adapter) and load it to kernel ○ Patch is available on linux-bluetooth mailing list

  19. LE Connection Oriented Channels ● Available since kernel 3.14 ● Easy to use, just like any L2CAP socket ● Set address type to LE and provide PSM number ○ Unfortunately obtaining address type from D-Bus is not possible struct sockaddr_l2 addr; sk = socket(PF_BLUETOOTH, type, BTPROTO_L2CAP); /* Bind to local address */ addr.l2_family = AF_BLUETOOTH; addr.l2_bdaddr = LOCAL_ADDR; addr.l2_bdaddr_type = BDADDR_LE_PUBLIC; bind(sk, (struct sockaddr *) &addr, sizeof(addr)); /* Connect to remote */ addr.l2_bdaddr = REMOTE_ADDR; addr.l2_psm = 0x80; connect(sk, (struct sockaddr *) &addr, sizeof(addr))

  20. 6LoWPAN over BT LE ● Available since kernel 3.16 ● No stable interface yet, need to use debugfs ● But simple to use ○ modprobe bluetooth_6lowpan ○ echo “1” > /sys/kernel/debug/bluetooth/6lowpan_enable ○ echo "connect 00:1B:DC:E0:36:BD 1" > /sys/kernel/debug/bluetooth/6lowpan_control ○ bt0 interface is created ○ ping6 -I bt0 fe80::21b:dcff:fee0:36bd

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San

Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San

Bluetooth on modern Linux Szymon Janc szymon.janc@codecoup.pl Embedded Linux Conference, San Diego, 2016 Agenda Introduction Bluetooth technology recap Linux Bluetooth stack architecture Linux kernel BlueZ 5

743 views • 28 slides
Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by

Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by

Using Bluetooth Low Energy for Location What is BLE? Bluetooth Low Energy Originally designed by Nokia as Wibree (2001) Bluetooth Smart Why has BLE been so Successful? Rapid adoption by vendors Apple Samsung Simple design Cheap in

422 views • 20 slides
Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth

Bluetooth Team 1 What is Bluetooth? Origins Ericsson, 1994 Harald Bluetooth Today Bluetooth Special Interests Group Compatible with a multitude of devices Widespread IEEE Standard Secure

230 views • 7 slides
BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy Jianliang Wu 1 , Yuhong Nan 1 , Vireshwar Kumar 1 , Dave (Jing) Tian 1 , Antonio Bianchi 1 , Mathias Payer 2 , Dongyan Xu 1 1 Purdue University 2 EPFL Motivation Bluetooth

626 views • 18 slides
Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC Partners USENIX Security / WOOT

Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC Partners USENIX Security / WOOT

Bluetooth: With Low Energy Comes Low Security Mike Ryan iSEC Partners USENIX Security / WOOT Aug 13, 2013 1 Mike Ryan Bluetooth Smart / Bluetooth LE USENIX WOOT, August 2013 Outline What is Bluetooth Low Energy? Protocol overview

570 views • 56 slides
A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

WAC workshop 2020 A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele Antonioli Daniele Antonioli ( @francozappa ) A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy 1

949 views • 69 slides
Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda

Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda

ITE Mid-Colonial District Annual Meeting April 29, 2010 Using Bluetooth to Determine Using Bluetooth to Determine Travel Times www.kmjinc.com 1 Agenda Bluetooth and How It Works The BlueTOAD TM Device Evaluation Project

270 views • 22 slides
Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique

Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique

Beacons 1 Beacon is continuous Bluetooth Low Energy (BLE) transmitter device with unique identifier at a known place. 2 The beacons manufacturers BlueCats BlueSense Estimote Gelo Kontact Sonic Notify

972 views • 11 slides
On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl,

On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl,

On Practical Selective Jamming of Bluetooth Low Energy Advertising S. Brauer, A. Zubow, S. Zehl, M. Roshandel, S. M. Sohi Technical University Berlin & Deutsche Telekom Labs Germany Outline Motivation, Problem Statement, System

655 views • 23 slides
Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander

Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander

Indoor Positioning: A Comparison of WiFi and Bluetooth Low Energy for Region Monitoring Alexander Lindemann, Bettina Schnor , Jan Sohre, Petra Vogel Potsdam University Institute of Computer Science Operating Systems and Distributed Systems

430 views • 29 slides
Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are

Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are

Presented By: Paul Misticawi VP of Sales, TrafficCast What is Bluetooth How are traveltimes derived from Bluetooth devices Turning Raw Data into Information Applications Using Bluetooth TravelTimes Using

198 views • 16 slides
Linux, PCs and Energy Efficiency Implications for Linux Developers, OEMs, and IHVs Tom Bolioli,

Linux, PCs and Energy Efficiency Implications for Linux Developers, OEMs, and IHVs Tom Bolioli,

Linux, PCs and Energy Efficiency Implications for Linux Developers, OEMs, and IHVs Tom Bolioli, Terra Novum, LLC Agenda Agenda Demand for Energy- -Efficient Electronics Efficient Electronics Demand for Energy ENERGY STAR Program

593 views • 31 slides
IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s

IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s

IoTSSC Bluetooth Bluetooth Classic (Basic Rate BR/Enhanced Data Rate EDR) In 1990s Ericsson wanted to connect other devices to mobile phone without cables Established a consortium which accumulated over the years 20k members (!)

933 views • 46 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Next Generation BlueZ & Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short

Next Generation BlueZ & Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short

Next Generation BlueZ & Bluetooth Smart Devices Johan Hedberg (Intel) Bluetooth Short Introduction Short range wireless technology operating at 2.4 GHz Originally announced in 1998 as a replacement for RS-232 but has evolved

346 views • 21 slides
CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Bluetooth Communication Bluetooth-enabled

343 views • 18 slides
Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing

Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing

Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing Intra-AS: RIP and OSPF (quick recap) Inter-AS: BGP and Policy Routing Internet Control Message Protocol: ICMP network management

888 views • 61 slides
Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel -

Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel -

312 views • 16 slides
BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. 2015-02-16 Proceedings

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. 2015-02-16 Proceedings

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. 2015-02-16 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada BIRD overview BIRD Internet Routing Daemon Routing protocols BGP, OSPF, RIP and BFD

630 views • 27 slides
Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique

Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique

Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique de Louvain, Belgium 1 Internet of Things 2 Internet of Things but, more generally 2 Edge Computation Logical extremes Pushing both

1.86k views • 168 slides
An Analysis of Facebooks Archive of Ads With Political Content Laura Edelson 1 , Shikhar

An Analysis of Facebooks Archive of Ads With Political Content Laura Edelson 1 , Shikhar

An Analysis of Facebooks Archive of Ads With Political Content Laura Edelson 1 , Shikhar Sakhuja 1 , and Damon McCoy 1 1 New York University ABSTRACT Facebook launched their searchable archive of U.S. advertisements with political content on

1.03k views • 8 slides
BGP A route too far Michael Silvin Fredrik Sderquist Contents Background

BGP A route too far Michael Silvin Fredrik Sderquist Contents Background

BGP A route too far Michael Silvin Fredrik Sderquist Contents Background GigaSunet Mechanics Security ASN Interconnecting iBGP Politics Route Reflection Policies Confederation

771 views • 60 slides
Web Security: 1) UI-based attacks 2) Tracking on the web CS 161: Computer Security Prof. Raluca

Web Security: 1) UI-based attacks 2) Tracking on the web CS 161: Computer Security Prof. Raluca

Web Security: 1) UI-based attacks 2) Tracking on the web CS 161: Computer Security Prof. Raluca Ada Popa November 15, 2016 Contains new slides, slides from past CS 161 offerings and slides from Dan Boneh Announcements Last core lecture,

2.06k views • 100 slides
Whats happened to the world of networking hardware offloads? Jesse Brandeburg Anjali Singhai

Whats happened to the world of networking hardware offloads? Jesse Brandeburg Anjali Singhai

Whats happened to the world of networking hardware offloads? Jesse Brandeburg Anjali Singhai Jain 1 Agenda Introductions A Brief History of Offloads Hardware Offloads Future Look Proposals 2 Photo by Gozha Net on Unsplash

376 views • 16 slides

More recommend