3. BLE vs Bluetooth Classic
BLE is Bluetooth in a marketing sense only, implementation is totally
unrelated
Can be connectionless - invisible to user
Low power
4. BLE 4.0-4.2
BLE was introduced as Bluetooth Smart in Bluetooth 4.0
Data packets were limited to 20 bytes until 4.2 with packet length
extension which allows 244 bytes
Very low speed (~100kbps / ~250kbps)
5. BLE 5.0
Very little hardware/software support, but improving
Bluetooth Smart branding dropped
~2x data rate
LE Long Range (~4x)
LE Advertising Extensions (Larger advertising packets possible)
6. iOS BLE Support
Most current devices support Bluetooth 4.2
>= iOS 9.3
>= iPhone 6
>= iPad Air 2, iPad mini 4 (2015+)
Notable Exceptions:
iPhone 5s - 4.0
iPod touch 7G - 4.1
iPod touch 6G - 4.0
2019 iPads, iPhone 8, X, Xr, Xs, Xs Max Support Bluetooth 5.0
7. Resources
Bluetooth Low Energy: The Developer’s Handbook - Robin Heydon, Prentice Hall 2013
Bluetooth SIG
https://www.bluetooth.com/
Bluetooth 4.2 standard
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=441541
TI BLE-Stack User’s Guide for Bluetooth 4.2
http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_1_50_00_58/docs/blestack/ble_user_guide/html/ble-stack-3.x/
index.html
Apple Documentation
https://developer.apple.com/documentation/corebluetooth
https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/CoreBluetooth_concepts/
AboutCoreBluetooth/Introduction.html#//apple_ref/doc/uid/TP40013257-CH1-SW1
8. Tools
BLE Sniffing Hardware/Software
Xcode Bluetooth Explorer
nRF52 DK - https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF52-DK
TI CC2540 - http://www.ti.com/product/CC2540
Bluegiga BLED112
Apps
nRF Connect
LightBlue
10. BLE Fundamentals
BLE is Hierarchical
BLE is Asynchronous
BLE does nothing without you telling it to
Core Bluetooth doesn’t give you anything but the basic building
blocks.
11. BLE Fundamentals - Hierarchical
Source: https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/
Conceptual/CoreBluetooth_concepts/CoreBluetoothOverview/CoreBluetoothOverview.html
12. BLE Fundamentals
Central / Peripheral
Central scans / listens / commands
Peripheral advertises / responds to commands
Advertising and Scanning are core concepts.
Client / Server
Server has data
Client wants data
13. BLE Fundamentals - Security
Key exchange is broken in 4.0, 4.1, 4.2
Additional key exchange methodologies needed, relying on CMAC
which is not in CommonCrypto or Security framework
This is very difficult to do properly. Hire a BLE security expert to
define key exchange and to do security testing.
14. BLE Fundamentals - Protocol Stack
Source: http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_1_00_00_22/docs/blestack/html/ble-stack/index.html
Not quite right;
GAP is above GATT.
15. BLE Fundamentals - Protocols
Logical Link Control and Adaptation Protocol (L2CAP)
Allows segmentation and reassembly of packets (i.e. > 20B limit)
Security Manager (SM)
Attribute Protocol (AP / ATT)
All services above GATT (including GAP) use Attribute Protocol
16. BLE Fundamentals - Attributes
Attributes Defined by the Attribute Protocol (ATT / AP)
Defines Profiles / Services / Characteristics / Descriptors
All identified by UUID
Profiles
Generic Attribute Profile (GATT)
Defines how services, characteristics, descriptors can be discovered/used
Generic Access Profile (GAP)
Defines how devices can discover and connect with each other
17. BLE Fundamentals - Attribute Permissions
Permissions defined at the Attribute layer
Pertains to Services and Characteristics
Readable, Writable, Readable and Writable
When an attribute is read/written, then check is done for
Authentication and Authorization
18. BLE Fundamentals - Profiles
Generic Attribute Profile (GATT)
Defines how services, characteristics, descriptors can be
discovered/used
Generic Access Profile (GAP)
Defines how devices can discover and connect with each other
Advertising, Discover, Pair, Bond, Security, etc.
19. BLE Fundamentals - Services
Some defined by BLE Specification - https://www.bluetooth.com/specifications/
gatt/services/
Generic Access Service 0x1800
Battery Service 0x180F
Heart Rate Service 0x180D
etc.
Usually a custom Service is defined for the product
Essentially built on top of GATT
20. BLE Fundamentals - Characteristics
Data that is part of a service, typically a single value or control point
Device Name, Appearance, Peripheral Preferred Connection
Parameters are characteristics of Generic Access service.
Battery Level characteristic is part of Battery service
Heart Rate Measurement, Body Sensor Location, Heart Rate
Control Point characteristics are part of Heart Rate service
Usually many custom Characteristics are defined for the product
21. BLE Fundamentals - Operations
Read
Write
Notify / Indicate
Essentially a subscription or signing up for notification
Notification can be lost (think UDP or a broadcast)
Indication requires attribute confirmation (think TCP)
22. BLE Fundamentals - Connections
Advertising - Connectionless
A lot can be done with no connection
and just advertising packet
Read - only from Central perspective
Beacons use this
Connect
May or may not require user
interaction (depends on capabilities
matrix) Source: https://www.electronicdesign.com/communications/
ble-v42-creating-faster-more-secure-power-efficient-designs-
part-3
23. BLE Fundamentals - Connections
Pair
Required for encrypted characteristics
Authentication / Authorization / Shared secrets (Short-term / Long-term key
exchange)
Bond
Devices state / agree that they are saving keys in security database.
Very Rare
Issues around this on iOS
24. BLE Fundamentals - Byte Order
iOS uses Little Endian byte order
BLE Sends LSB first
Some devices use Big Endian byte order
Example: Value is 0x01234567 89ABCDEF
26. General iOS Process
Check Permissions (new in iOS 13)
NSBluetoothPeripheralUsageDescription in Info.plist - supposed to be required in iOS 10+
Check for Bluetooth Enabled
Scan
Connect
Discover Services/Characteristics
Pair / Bond (optional)
Interact
28. Core Bluetooth
Core Bluetooth is the Framework for BLE on all Apple devices
Incomplete but decent implementation of BLE capabilities.
Android can be more complete and have more control, but is
inconsistent device to device.
Can be Central or Peripheral
29. Core Bluetooth Classes to act as Central
CBCentralManager - “used to manage discovered or connected remote peripheral devices
(represented by CBPeripheral objects), including scanning for, discovering, and connecting
to advertising peripherals.”
CBCentralManagerDelegate
CBPeripheral - “represents remote peripheral devices that your app—by means of a central
manager (an instance of CBCentralManager)—has discovered advertising or is currently
connected to.”
CBPeripheralDelegate
Can act as a Peripheral by using CBPeripheralManager / CBCentral classes
30. Core Bluetooth Classes to act as Central - 2
These are the big ones.
CBPeripheral represents the Peripheral so most actions done with
this class.
CBPeripheralDelegate - “monitor the discovery, exploration, and
interaction of a remote peripheral’s services and properties.“