The Future of Bluetooth Technology by ZeldaMajorasMask


									   The Future of

Bluetooth Technology

       Justin Blasdel

       April 16, 2004

       Kian Pokorny


Section 1 - Introduction

1.1 Origin of the Name

Harald Blatand, also known as Harald Bluetooth, supposedly named for his

unusually dark complexion, was a Viking and also the King of Denmark from 940

to 981. He was known for his ability to get people to talk to each other and

during his reign Denmark and Norway were Christianized and united. Today,

Bluetooth wireless technology enables electronic devices to talk to each other,

but this time by means of a low-cost, short-range radio link. The developers of

the Bluetooth technology hoped that it would unite the world as Harald Bluetooth

united Norway and Denmark, and thus they decided to name this new technology

after the Viking King Harald Bluetooth.

1.2 Definition of Bluetooth

Bluetooth is a wireless technology that is composed of hardware, software, and

interoperability requirements.    According to Bluetooth is “A

specification for short-range radio links between mobile computers, mobile

phones, digital cameras, and other portable devices.” It has been adopted not

only by all major players in the telecom, computer and home entertainment

industry, but also in such diverse areas as the automotive industry, health care,

automation, and toy industries.

1.3 History of Bluetooth

The idea that resulted in the Bluetooth wireless technology was born in 1994

when Ericsson decided to investigate the feasibility of a low-power, low-cost

radio    interface   between     mobile     phones     and    their   accessories

( The idea was that a small radio built into both the cellular

telephone and the laptop would replace the cumbersome cable used today to

connect the two devices. Today, the Bluetooth wireless technology is supported

by the Bluetooth SIG (Special Interest Group). The main players in this group

include 3Com Corporation, Ericsson Technology Licensing AB, IBM Corporation,

Intel Corporation, Agere Systems, Inc., Microsoft Corporation, Motorola Inc.,

Nokia Corporation, and the Toshiba Corporation. In February of 2000, Bluetooth

SIG membership exceeded 1525 companies. The backing and support from

these companies insures that Bluetooth will receive a chance to gain acceptance

in today’s wireless market.

1.4 Future of Bluetooth

Many think that Bluetooth is a technology that is going to be here to stay,

however, just as many disagree. The main purpose of this report is to determine

if Bluetooth is going to be one of the major players in the wireless future of the

world.   This paper will use the resources that are available to research the

different areas of inquiry, which can be found later in the introduction. Through

this research the paper will show the information that will determine the future of

the Bluetooth technology and prove whether or not Bluetooth is here to stay as a

wireless technology.   It is believed by many that there is a huge future for

Bluetooth.   With more people and devices moving towards wireless, many

believe that Bluetooth will be able to compete with the other wireless

technologies, such as WiFi (which refers to the three 802.11 wireless protocols),

and it could possibly eliminate technologies, such as IrDA (Infrared Data

Association). Figure 1.1 shows where Bluetooth stands among some of the

competing wireless technologies.         As the figure shows Bluetooth has both

advantages, such as a low current and low cost, and disadvantages, such as a

low range and low data rate.

              Ideal                                 Current           Connection
Technology                      Range      Rate                Cost
              Application                           Required          Type
                                (m)        (Mbps)

Infrared      Synchronization   1          16       Low        10
              data transfer

Bluetooth     Replacement Ad    10-100     <1       Medium     10     FHSS
              Hoc PAN

              PCs to Consumer
HomeRF                          50         1-2      High       45     FHSS

802.11b       High speed LAN    100+       11       High       45     DSSS

Figure 1.1: Bluetooth versus competing wireless technologies

1.5 Bluetooth Advantages and Disadvantages

Bluetooth is a global standard that ideally has the following advantages,

which are:

•        Eliminates wires and cables between both stationary and mobile


•        Facilitates both data and voice communication

•        Offers the possibility of ad hoc networks and delivers the ultimate

         synchronicity between all your personal devices

•        It’s inexpensive

•        You don't have to think about it, the devices find one another and strike

         up a conversation without any user input at all

Potential and Current Problems with Bluetooth:

•        Compatibility between Bluetooth products

•        Security

•        Relatively short range

•        Interference with other devices that may use the same frequency, such

         as baby monitors, garage door openers, cordless phones, microwave

         ovens, and other wireless technologies which use the same frequency

•        Mediocre data transfer rate

1.6 Examples of Bluetooth Devices and Uses

Some examples of Bluetooth devices and uses include an Internet bridge, a

wireless headset, and automatic synchronization. An Internet bridge will give

constant access to the Internet, much like WiFi devices. This is a useful and

timesaving feature, especially when the bandwidth of mobile phones, which

Bluetooth is ideal for, is increasing rapidly. Bluetooth wireless technology lets a

user surf the Internet without any cable connections wherever they are, either by

using a computer or by using the phone itself.

The wireless headset, another Bluetooth device, would allow the user to use his

or her mobile phone even if it’s placed in a briefcase, thereby always keeping his

or her hands free for more important tasks when they are at the office or in their


A great use for Bluetooth technology is automatic synchronization. A user would

use this in order to synchronize his or her calendars and address books. Simply

by entering their office, the calendar in his or her phone or PDA would be

automatically updated to agree with the one in your desktop PC, or vice versa.

Phone numbers and addresses would always be correct in all their portable

devices without docking through cables or infrared. All of these examples show

that Bluetooth technology would have its obvious uses.

This report will be limited in that the funds are not what they need to be to

actually test some of the scenarios required for the research. Therefore, the

completed and published research of others will be used and conclusions will be

made based on the results of their research.

1.7 Areas of Inquiry

This report will cover four main areas of inquiry:

1.    Research as to how Bluetooth devices work.

2.    Research of Bluetooth security standards and those standards of the

      competing technologies to determine the advantages or disadvantages of


3.    Interference between Bluetooth and other devices and how it affects


4.    Researches about the ability of Bluetooth devices to create large wireless

      ad hoc networks through the use of scatternets (shown in Figure 1.2), and

      thereby determine the feasibility of using Bluetooth for such networks.

Figure 1.2: Piconets with a single slave operation (a), a multi-slave operation (b),

and a scatternet operation (c).


Section 2 - Data Section

2.1 How do Bluetooth devices work?

Once again, according to, Bluetooth is “A specification for short-

range radio links between mobile computers, mobile phones, digital cameras,

and other portable devices,” but exactly how does it work?

2.1.1 How Devices Communicate

All of the devices in an electronic discussion need to know what the bits being

transmitted and received mean and whether the message they receive is the

same message that was sent. In almost every case, this means developing a

large collection of commands and responses known as a protocol. Some types

of products have a standard protocol used by virtually all companies so that the

commands for one product will tend to have the same effect on another.

Modems fall into this category of having one protocol. Other products of the

same type each speak their own language, which means that commands

intended for one specific product will seem like gibberish if received by another

product.    Printers are like this, with multiple standards, such as PCL and

PostScript ( Bluetooth, more like modems than printers,

has a set standard of its own, which will be described in the following sections in

great detail.

2.1.2 Seven Protocols of Bluetooth

Any Bluetooth device needs exactly four parts to operate properly.          These

include a radio frequency for receiving and transmitting data, a module with a

baseband microprocessor, memory, and an interface to the host device.           To

make up these parts, the Bluetooth Special Interest Group has given Bluetooth

seven different protocols. For any device to be qualified as a Bluetooth device, it

must satisfy these seven protocols. These seven protocols include the radio

protocol, the baseband protocol, the LMP protocol, the HCI protocol, the L2CAP

protocol, the RFCOMM protocol, and the SDP protocol. Figure 2.1 shows how

these seven protocols work and fit together amongst each other and with other

protocols. First, the radio protocol will be examined.

Figure 2.1: The Bluetooth Protocol Stack


2.1.3 Radio Protocol

The radio protocol is basically what makes Bluetooth a wireless device by

serving as the digital signal-processing component of the system. It works very

similar to other wireless technologies we have today. Bluetooth devices transmit

data, which is made up of bits (ones and zeros), over a radio frequency, which is

an electromagnetic wave frequency found between audio and infrared


Figure 2.2: Example of Frequency Modulation


Bluetooth devices use Gaussian Frequency Shift Keying or GFSK for short. This

means that a binary one is represented by a positive frequency deviation and

that a binary zero is represented by a negative frequency deviation. This kind of

frequency deviation is demonstrated in Figure 2.2.        A receiver on another

Bluetooth device will pick up the bits that are being sent through air. This is how

the bits or data are transmitted and received.

The frequency assigned to Bluetooth devices in the United States and in Europe

is from 2,402 MHz to 2480 MHz. This frequency may differ in other places. For

example, in Japan, the frequency range is 2,472 to 2,497 MHz.            Bluetooth

devices share this range with all other industrial, scientific and medical devices

(ISM), which can cause some problems, but that will be covered in more detail in

a latter section. This range is then cut into 79 1 MHz channels. In Japan it is cut

into 23 1 MHz channels. Each one of these channels is broken down into time

slots of 625 microseconds. This makes for 1,600 different slots per second for

Bluetooth devices in the United States ( It is through these

channels and slots that Bluetooth transmits its data. The next question is, in

what form is this data?

2.1.4 Baseband Protocol

This brings us to the baseband, which processes the signals that are received

and transmitted by the radio. It also controls the links, packets, channels, error

correction, and flow control. Links

The two different types of links that Bluetooth devices are capable of making are

SCO (Synchronous Connection-Oriented) and ASL (Asynchronous Connection-

Less) packets. SCO is used primarily for voice packets, and ASL is used for

primarily data packets. It is easy to compare these two links with the way that

TCP and UDP work, with TCP, like SCO, being connection-oriented, and UDP,

like ASL, being connection-less.

The SCO link is symmetric, allowing for simultaneous uploads and downloads of

data between devices, and typically supports time-bounded voice traffic. SCO

packets are transmitted over reserved intervals.         Once the connection is

established, both master and slave units may send SCO packets at will. One

SCO packet types allows both voice and data transmission with only the data

portion being retransmitted when corrupted (

The ACL link is packet oriented and supports both symmetric and asymmetric

traffic.    The master unit controls the link bandwidth and decides how much

piconet bandwidth is given to each slave, and the symmetry of the traffic. A

piconet according to PaloWireless is:

           A collection of devices connected via Bluetooth technology
           in an ad hoc fashion. A piconet starts with two connected
           devices, such as a portable PC and cellular phone, and may
           grow to eight connected devices. All Bluetooth devices are
           peer units and have identical implementations. However,
           when establishing a piconet, one unit will act as a master
           and the others as slaves for the duration of the piconet

Slaves must receive permission from the master before they can transmit data.

The ACL link also supports broadcast messages from the master to all slaves in

the piconet. Packets

Like all other networking protocols, such as TCP, IP, UDP, and Ethernet,

Bluetooth transmits its data in packets. However, unlike the packets in the other

protocols, Bluetooth has thirteen different types of packets to handle many

different tasks, with these packet types falling under the two categories of links.

Bluetooth has a standard packet format that consists of 72 bits for the access

code, 54 bits for the header, and 0-2745 bits for the payload. This standard

packet format is shown in Figure 2.3. For simplicity we will just describe the

generic parts of the standard packet format because the other packets still

contain the same parts.      Each of the separate parts of the packet contains

different information that is necessary for the packet to be deciphered.

                 HEADER            PAYLOAD

72 Bits          54 Bits           0-2745 Bits

Figure 2.3: Standard Packet Format

The access code is used for timing synchronization, offset compensation, paging

and inquiry. There are three different types of Access code: Channel Access

Code, Device Access Code, and Inquiry Access Code. The Channel Access

Code identifies a unique piconet while the Device Access Code is used for

paging and its responses.      Inquiry Access Code is used for inquiry purpose


The header contains information for packet acknowledgement, packet numbering

(for out-of-order packet reordering), flow control, slave address and error check

for header (

The packet payload can contain a voice field, a data field, or both. If the packet

payload has a data field, it will also contain a payload header (

                                                 Asymmetric     Asymmetric
                Max Payload Symmetric
 Packet Type                                     Rate    (Kbps) Rate    (Kbps)
                (Bytes)     Rate (Kbps)
                                                 Forward        Reverse

 DM1            17                108.8          108.8             108.8

 DH1            27                172.8          172.8             172.8

 DM3            121               258.1          387.2             54.4

 DH3            183               390.4          585.6             86.4

 DM5            224               286.7          477.8             36.3

 DH5            339               433.9          723.2             57.6

 HV1            10                64             n/a               N/a

 HV2            20                64             n/a               N/a

 HV3            30                64             n/a               N/a

Figure   2.4:   List   of   all   types   of   packets   and   their   data   rates.


There are nine categories of packets that contain an access code, header and

payload just as in the standard packet format. Each of the nine packet types has

its own special purpose. Some of the packets differ in the fact that they are

specifically made for voice communication, while others are made for high-speed

data transfer. Each of the packets has different data rates depending on the type

of traffic they are sending. These statistics can be seen in Figure 2.4. Connection States

The baseband also controls the connection states that the devices use. The are

two states are Standby and Connection. The Standby state is the default low

power state in the Bluetooth unit. Only the native clock is running and there is no

interaction with anyother device whatsoever. This ability to use low power makes

Bluetooth ideal for use in cell phones and laptops where the amount of battery

power is limited. In the Connection state, the master and slave can exchange a

packet, using the channel access code and the master Bluetooth clock

( Error Correction

The last task the baseband handles is error correction, which is also handled by

the baseband protocol. There are three kinds of error correction schemes used

in the baseband protocol: 1/3 rate FEC (Forward Error Correction), 2/3 rate FEC,

and the Automatic Repeat Request scheme or ARQ, for short. In 1/3 rate FEC,

every bit is repeated three times for redundancy. In 2/3 rate FEC, a generator

polynomial is used to encode 10 bit code into a 15 bit code. In the ARQ scheme,

DM, DH, and the data field of DV packets are retransmitted until an

acknowledgement is received or until the timeout limit is exceeded. Bluetooth

uses fast, unnumbered acknowledgement in which it uses positive and negative

acknowledgements by setting appropriate ARQN (Automatic Repeat Request

Number) values. If the timeout value is exceeded, Bluetooth flushes the packet

and proceeds with the next (

2.1.5 Link Manager Protocol

Next, there is the LMP or the link manager protocol. The Link Manager controls

or manages link setup, authentication, link configuration and other low level

protocols. It discovers other remote link managers and communicates with them

via the Link Manager Protocol.      It basically, with the help of the Baseband,

establishes all the connections for all Bluetooth devices (

2.1.6 Host Controller Interface

Then, there is the HCI (host controller interface). The HCI provides a command

interface to the baseband controller and link manager. The HCI also provides

access to hardware status and control registers.        Essentially this interface

provides a uniform method of accessing the Bluetooth baseband capabilities,

which is important for all devices to be able to utilize the Bluetooth technology.

The HCI exists across three sections, the host, transport layer, and the host

controller. Each of the sections has a different role to play in the HCI system

(    The way in which this communication between host

controller interfaces works is shown in Figure 2.5.

Figure 2.5: Example of Host Controller Communication


2.1.7 Logical Link Control and Adaptation Layer Protocol

The Logical Link Control and Adaptation Layer Protocol (L2CAP) is layered over

the Baseband Protocol and resides in the data link layer, as can be seen in

Figure 2.1.     The L2CAP is basically a processor that provides connection-

oriented and connectionless data services to upper layer protocols with protocol

multiplexing capability, segmentation and reassembly operation, and group


In other words, other protocols, such as IP, can send their packets through the

Bluetooth device, and the L2CAP will break their packets down into the correct

size for Bluetooth transmission, which happens to have a maximum size of 64

kilobytes. When the packet passes through another Bluetooth device’s L2CAP, it

will be put back in its original form. L2CAP permits higher-level protocols and

applications to transmit and receive L2CAP data packets up to 64 kilobytes in

length. The L2CAP specification is defined for only ACL links and no support for

SCO links is planned (

2.1.8 RFCOMM

According to, RFCOMM is a simple transport protocol, which

provides emulation of RS232 serial ports over the L2CAP protocol. The protocol

is based on the ETSI standard TS 07.10. However, only a subset of the TS

07.10 standard is used by the RFCOMM.

The RFCOMM protocol supports up to 60 simultaneous connections between

two Bluetooth devices. These 60 different connections are similar to ports on a

server. There is a different service running on each of the ports. This allows two

Bluetooth devices to have up to 60 simultaneous connections. The number of

connections that can be used simultaneously in a Bluetooth device is

implementation-specific, meaning it is based on what profile is being used.

Some profiles will not ever use all of the 60 different ports. For the purposes of

RFCOMM, a complete communication path involves two applications running on

different devices with a communication segment between them.

2.1.9 Service Discovery Protocol

Finally, the Service Discovery Protocol, or SDP, is a simple protocol with minimal

requirements on the underlying transport. It can function over a reliable packet

transport. If the client implements timeouts and repeats requests as necessary,

SDP can function over an unreliable packet transport. SDP uses a

request/response model where each transaction consists of one request protocol

data unit (PDU) and one response PDU.

In the case where SDP is used with the Bluetooth L2CAP transport protocol, only

one SDP request PDU per connection to a given SDP server may be outstanding

at a given instant. In other words, a client must receive a response to each

request before issuing another request on the same L2CAP connection. Limiting

SDP to sending one unacknowledged request PDU provides a simple form of

flow control ( Figure 2.6 illustrates an example of how a client

and server application communicate using the SDP protocol.

Figure 2.6: SDP Communication


2.1.10 Profiles

Another vital part of how Bluetooth works has to deal with a thing called profiles.

Bluetooth contains a vast set of these profiles. Each profile defines a selection of

different messages and procedures according to the Bluetooth SIG.            A few

examples of profiles would be a Generic Access Profile, a Headset Profile, a File

Transfer Profile, and a LAN Access Profile. They all work a little differently, yet

all similarly.   The LAN Access Profile will be covered in more depth in the

security section.

2.1.11 Summary

Together all these protocols form a Bluetooth device.         As one can tell, a

Bluetooth device is a complicated machine, which requires a lot of work for it to

actually work.      This complexity has caused problems between devices of

different manufacturers because of the difficulty in making them compatible

across all devices.

2.2 Bluetooth Security Standards

2.2.1 Wireless Security

One of the major problems with wireless technologies is their security. Non-

wireless networking technologies require you to tap inot the acutal line to see the

flow of bits, however, with wireless all you have to do is be in the range of the

transmitting device.    This allows anyone with a receiver to pick up the bits

“flapping in the breeze”. This causes security to be one of the main areas of

concentration for all wireless technologies. What does Bluetooth do to keep its

transmitted data secure?

2.2.2 Four Essentials of Security

Security is made up of four essential parts: authentication, data integrity,

nonrepudiation, and confidentiality.       Authentication involves ensuring that

transmissions and messages, and their originators, are authentic, and a recipient

is eligible to receive specific categories of information. Data integrity consists of

ensuring that data is unchanged from its source and has not been accidentally or

maliciously altered. Nonrepudiation ensures that evidence is available to the

sender of the data that the data has been delivered. This includes the ability of a

third party to verify the integrity and origin of the data. The final essential part of

security is confidentiality, which ensures that information can be read only by

authorized entities.

2.2.3 How Bluetooth Ensure Security

Bluetooth, which is essentially a link layer device, performs all of its security at

the link layer. Here security is maintained by authentication of the peers and

encryption of the information. For basic security a public address is needed. The

public address, often simply referred to as a Bluetooth device address, is unique

for each device. In addition to the Bluetooth device address, two secret keys (the

authentication and encryption keys) and a random number generator are also


First, a device does the authentication by issuing a challenge and the other

device has to then send a response to that challenge which is based on the

original challenge, it's Bluetooth device address and a link key shared between

them. After authentication, encryption may be used to allow both devices to

communicate securely (        However, before encryption can

occur the two devices must have already set up a connection.

The Bluetooth system handles the security of transmission by using an

authentication process to first setup up a connection.         This authentication

process is based on a PIN (personal identification number), which is set through

a process called pairing or bonding. For example, if device A wants to connect

to device B and it does not have the correct PIN, then the authentication will fail.

The only way A can connect to B is if it knows the correct PIN. Without knowing

the PIN, one unit cannot logon to the other unit if authentication is activated. To

make matters easier, the PIN can be stored somewhere inside the unit, such as

in memory or on a hard drive. So, if you wish to establish the connection, a user

may not have to manually type in the PIN. However, requiring the reentry of the

PIN ensures better security.

There are examples in which Bluetooth security can be compromised.             For

example, say that an eavesdropper has heard all of the communication between

the devices during the key exchange and the first authentication between the

two. The person can then calculate from each passkey value the corresponding

link key. For each of these he can check the response value for the observed

challenge, and if he finds a match, he has obtained the correct link key. This can

be partially stopped by using a large passkey, which makes the computation to

find the link keys exponentially more complex. The only way to make sure this

never happens to be is 100% sure that the environment in which you perform the

bonding is secure and free from eavesdroppers.

2.2.4 Bluetooth SIG Recommendations

There are several shortcomings associated with Bluetooth security, thus it is

recommended, according to the Bluetooth SIG, to avoid the use of unit keys and

to perform bonding or pairing in a secure environment to protect against

eavesdroppers. Instead of using short unit keys, they recommend the use of

longer,   more   complex   combination     keys.    If   a   user    follows   these

recommendations, a higher level of security will be achieved.

2.2.5 SDP Issues

Another area in which users might think there needs to be security is with the

Service Discovery Protocol. This would allow unknown and untrusted devices to

communicate with your Bluetooth devices. This, however, is not a problem. The

Service Discovery Protocol only provides a record of what services are available,

not a mechanism to access these services. Much like a port scan of a computer,

it lists the services running, but gives the person running the scan no other

information or access to these services.

2.2.6 Example

Here is an example of how Bluetooth security actually works. The device we will

be looking at is a Local Area Network Access Point. It provides access to a

Local Area Network through Bluetooth wireless technology.           This is a usage

scenario in which a Bluetooth device may need actual security, as sensitive and

confidential data may be passed between a laptop and a computer on the

network. Bluetooth is capable of setting its security to various levels. In this

example the device’s security is as high as possible, which is the real test for

measuring Bluetooth security.

In this test the security mode will be set at level three, which ensures that all

connections toward the LAN access point are authenticated and encrypted.

Once again, the importance of pairing in a secure area remains the same. If an

eavesdropper has all the information from the pairing, then the eavesdropper will

be able to break the Bluetooth security. This is most definitely the weakest part

of Bluetooth security. It is possible to make the link keys harder to compute by

using a large passkey, this offers a small amount of added protection, but by no

means is a solution.

       Applications                                                Applications

       TCP & UDP                                                   TCP & UDP

       IP                  PPP Networking                          IP

 PPP                       PPP

 SDP        RFCOMM         SDP       RFCOMM

                                                      LAN          LAN

 L2CAP      LMP            L2CAP LMP

 Baseband                  Baseband

A Laptop Computer                LAN Access Point

Figure 2.7: Levels of Security on Bluetooth Communications


So, the use of Bluetooth security applies to all communication through the

device, as long as the security level is set high enough on the device. As long as

the pairing process has not been eavesdropped on, all the data should be

authenticated and encrypted efficiently.      Plus, if an eavesdropper were to

compromise the device, any communication of any importance should have other

forms of security applied to them already, such as applications that are similar to

SHTTP or SFTP, which are both application level security protocols. In Figure

2.7, it shows how these levels of security are layered throughout the whole


2.2.7 Known Attacks

There are several attacks that have been recently discovered that work on some

Bluetooth devices and allow for the data that they hold to be compromised. SNARF Attack

It is possible, on some Bluetooth devices, to connect to the device without

making the owner aware of the request. From here, they can gain access to

restricted portions of the stored data on the device, including the entire

phonebook, calendar, real-time clock, business card, properties, change log, and

the International Mobile Equipment Identity , which identifies the phone to the

mobile network, and is used in illegal phone 'cloning'. This is information most

Bluetooth users are not willing to easily part with (
                                                                                26 Backdoor Attack

The backdoor attack involves establishing a trust relationship through the

"pairing" process of Bluetooth devices. It accomplishes this by ensuring that it no

longer appears in the target's register of paired devices. In this way, unless the

owner is actually monitoring their device at the exact moment the connection is

made, they are unlikely to notice anything unusual, and the attacker may be free

to continue to use any resources the device grants access to trusted relationship

devices ( Bluejacking

Bluejacking is becoming a popular mechanism for exchanging anonymous

messages in public places. Bluejacking takes advantage of the Bluetooth pairing

protocol, which is the protocol by which Bluetooth devices authenticate each

other, to pass a message during the initial pairing phase. This is made possible

because the name of the initiating Bluetooth device is displayed on the target

device as part of the handshaking exchange, and, as the protocol allows for a

large user defined name field, up to 248 characters. This name field can be used

to pass the message. This seems fairly harmless, however, there is a down side.

There is a potential security problem with this, and the more this exploit grows

and is used by members of the community, the worse it will get.

The problem with this exploit is that the protocol being abused is designed for a

specific task, information exchange. The ability to connect with other devices and

exchange, update and synchronize data, is whole reason that Bluetooth exists.

This hack represents a loophole that can damage to total functionality of

Bluetooth technology.

2.2.8 Security Conclusion

In conclusion, Bluetooth technology has its flaws and can be cracked, but this

merely puts it along side all the other wireless technologies. So far, wireless has

been proven to be nearly impossible to safeguard against hackers. With simple

programs, all forms of wireless communication can be hacked, so although

Bluetooth is susceptible to these hacks, it does not seem to be any worse than

the other wireless technologies in regards to security.

2.3 Interference Between Bluetooth and Other Devices

2.3.1 Same Frequencies

One of the possible disadvantages of Bluetooth is that many devices use the

same frequency that it uses, 2.402-2.480 GHz. This includes even other devices

that may also be used by a user’s computer. As stated in section 2.1, Bluetooth

uses through a frequency-hopping algorithm, which allows is to occupy the whole

range. 802.11b uses direct sequence and only occupies approximately one third

of the 2.4 GHz band. As a result, Bluetooth hops all over 802.11b transmissions.

This can lead to performance degradation and could possibly be the “nail in the

coffin” for the future use of Bluetooth, especially since the 802.11b standard has

a far larger share of the wireless market.      Will the percent of performance

degradation be enough to keep the industry from using Bluetooth?

2.3.2 How 802.11 Works

An 802.11 station, either a client or access point, is polite and first listens to the

medium before transmitting. If the 802.11 station does not sense radio frequency

energy above a certain threshold, meaning that the medium is idle, the 802.11

station can transmit a frame. While the 802.11 station is sending the frame,

other 802.11 stations will hold off their transmissions by following the same

protocol. This provides a fairly good method of sharing a common radio

frequency channel among devices complying with the 802.11 standard without

experiencing performance-degrading interference.

2.3.3 Collisions

A critical problem is that Bluetooth and 802.11b neither understand each other

nor follow each other’s rules.       A Bluetooth radio may haphazardly begin

transmitting data while an 802.11 station is sending a frame. This results in a

collision and loss of the frame, which forces the 802.11 station to retransmit the

frame when it realizes that the receiving station is not going to send back an

acknowledgement.      Basically, 802.11 acts like a sort of wireless Ethernet, it

slows down and then tries again. Bluetooth on the other hand, just switches to

the next channel and tries again. In both of these instances, depending on the

data being transmitted, the result can be degraded data rates and in some cases

dropped packets.     This lack of coordination is the basis for radio frequency

interference between Bluetooth and 802.11.

2.3.4 Impact on Performance

The main issue here is whether the interference will be enough to affect the

performance of other devices or Bluetooth.         There have been many recent

studies that have investigated the amount of interference between Bluetooth and

the now leading wireless technologies 802.11b and 802.11g.

Because of the potential for collisions, 802.11 and Bluetooth networks can suffer

from performance degradation. An 802.11 station automatically lowers its data

rate and retransmits a frame when collisions occur. Consequently, the 802.11

protocol experiences delays in the presence of Bluetooth interference.

The full impact of radio frequency interference depends on the utilization and

proximity of Bluetooth devices. Interference can only occur when both Bluetooth

and 802.11b devices transmit at the same time.          Users may have Bluetooth

devices in their PDAs or laptops, but no interference will exist if their applications

are not using the Bluetooth radio to send data.

2.3.4 Results

In Madhujit Ghosh’s paper “Interference between Bluetooth and 802.11b,” the

amount of interference between the two types of devices are measured. To

measure this interference, Ghosh performed six separate tests. To examine the

effect that Bluetooth interference had on 802.11b performance, Ghosh performed

a baseline test with just two 802.11b devices that were in line of sight. Then,

Ghosh measured the throughput when an operating Bluetooth device was put

within close proximity (one meter) to the two devices. Next, he again tested the

throughput of the two 802.11b devices, but with the Bluetooth device in excess of

10 meters away. Figure 2.8 shows the results that were gained from these tests.

Ghosh concluded that “it can be noticed that the fall of the throughput of the

802.11b device was much faster when the Bluetooth device was closer than 10

meters to it as compared to the baseline. With the Bluetooth device in operation,

the 802.11b device loses about 66% of its bandwidth, which quickly drops off

with distance from the access point.”

Tests similar to these were performed to measure the affect of 802.11b

interference on Bluetooth device performance. Ghosh performed a baseline test

with two Bluetooth devices that had line of sight. He also performed a test with a

802.11b device in close proximity (one meter), and a test with a 802.11b device

in excess of 10 meters away. Figure 2.9 shows us the information that was

gathered from these tests.

These published test results show inconclusively that with the present

technological setup of Bluetooth and 802.11b, their co-existence on the same

device without further adjustments to the protocols, will only result in extreme

performance degradation, if not complete failure of the system.

Figure 2.8: Wi-Fi Throughput with Bluetooth Interference

(Madhujit Ghosh)

Figure 2.9: Bluetooth Throughput with Wi-Fi Interference

(Madhujit Ghosh)

2.3.5 The Future

For a couple years, the IEEE 802.15.2 task group, in conjunction with the

Bluetooth SIG, has been working on a "recommended practice" that describes

techniques to allow 802.11b and Bluetooth to coexist. Eventually the practices

will likely become part of the standard. They are currently analyzing methods

that will provide the best solution (Jim Geier).

Also, it seems that in many circumstances Bluetooth and 802.11 can coexist

effectively. In many cases, there is little or no interference because the devices

are not used at the same time or in such close proximity, such as one meter as

used in the previous experiment. In other cases, if there is any interference in

lasts for a short period of time and is minimal.

2.4 Bluetooth Ad Hoc Networks Through the Use of Scatternets

The real task that Bluetooth needs to accomplish to become a replacement for

current technology is to be used in a large ad hoc network. Bluetooth having

such a small range makes this task difficult. In order to accomplish this Bluetooth

has developed the ideas of scatternets, which can allow devices to bounce data

between them. We will look at Bluetooth to see if it can accomplish this and how

it could be done.

2.4.1 Requirements

Bluetooth needs to accomplish several things to accomplish a successful ad hoc

network. The tasks Bluetooth need to successfully accomplish are the use of

scatternets, intra and inter piconet scheduling, and packet forwarding within the

scatternet. If these tasks can be efficiently implemented Bluetooth may soon

have the ability to be used for large ad hoc networks.

2.4.2 Scatternets

When a PAN, personal area network, user wants to connect to other PANs, the

scatternet capability in Bluetooth will serve as the foundation for the IP network.

Similarly, if one or more PANs connect to an Internet access point on a LAN

(LAN access point, LAP) a scatternet will provide the underlying Bluetooth


The master unit of a piconet controls the traffic within the piconet by means of

polling. A polling algorithm determines how bandwidth capacity is to be

distributed among the slave units. The polling algorithm assesses the capacity

need of the units in the scatternet and ensures that capacity is shared fairly, or

according to a weighted capacity-sharing policy.

2.4.3 Intrapiconet and Interpiconet Scheduling

In a scatternet, at least one Bluetooth unit is member of more than one piconet.

These interpiconet nodes might have a slave role in numerous piconets but can

have the master role in only one of them. The main challenge is to schedule the

presence of the interpiconet node in its different piconets, in order to facilitate the

traffic flow both within and between piconets. Given that the interpiconet node is

a single transceiver unit, only one of its entities (master or slaves) can be active

at a time.

To manage scatternet traffic efficiently, the intrapiconet scheduler must consider

the interpiconet scheduler when it polls the slaves of a piconet. For instance, the

intrapiconet scheduler in a master unit might not schedule to poll a slave node

when the latter is active in another piconet. However, the interpiconet scheduler

might schedule this node more often, after it is once again active in the piconet.

2.4.4 Packet Forwarding

Packet forwarding becomes necessary when packets must traverse multiple

hops between the source and destination nodes, such as in Figure 2.10, if node

B wished to communicate with node G. Given that IP will be commonplace in

scatternet contexts, one might conclude that routing over the scatternet should

be handled within the IP layer. However, there are good arguments for taking

another course for Bluetooth scatternets of limited size, as is expected for

personal area networks.

Figure 2.10: Multiple Piconets with Node D acting as a Bridge Node.


2.4.5 The Future

As of now, there is no set in stone protocol for using Bluetooth as a large ad hoc

network. However, the protocol is being researched, and in several years, there

is no doubt that a network administrator will be able to use Bluetooth access

points to set up a large ad hoc network in his place of business. Also, most likely

in even less time, small ad hoc networks will be able to be used for personal area

networks by consumers with several Bluetooth devices.

Section 3 - Conclusion

3.1 New Technologies

A recent article may spell trouble for the future of Bluetooth. “At the Intel

Developer Forum on Wednesday Intel announced the company was giving up on

the deadlocked Ultrawideband IEEE task group and going it alone with a

derivative offering they are calling Wireless USB. This initiative, for them, does

everything that Bluetooth does and, effectively means that for PCs Bluetooth is

all but dead.   Ultrawideband provides a substantial performance benefit over

Bluetooth, and approaches the speeds of USB 2.0 and 1394. These faster

connections are increasingly required by peripherals like the Apple iPod, digital

cameras, and removable hard drives. This throughput, or the lack of it, is what

apparently ended the Intel/Bluetooth honeymoon.” (Rob Enderle).

3.2 Bluetooth’s Advantage

If these technologies were to be developed they would be in direct competition

with Bluetooth. If they were to possess more reliable compatibility, faster data

transfer rate, and the backing of a major manufacturer like Intel, then surely

Bluetooth technology would fall to the wayside. However, as of now Bluetooth

has begun to grab a share of the market and has a head start on whatever new

technology arises. This also means most likely a price advantage because the

research and design phase has already been completed. Also, as of now the

special interest group for the Ultrawideband is said to be in deadlock and no

progress on the device is being made. Also, no news of any developments in the

case of the wireless USB have been heard. So, as of now Bluetooth has a

monopoly on the short range, low power wireless technology.

3.3 Bluetooth Development

Bluetooth is also itself getting better. The Bluetooth SIG (Special Interest Group)

is always working on a new version of specifications. They are currently on

version 1.1. Also there is a group called Radio2 that is working on the problems

Bluetooth has with bandwidth, interference, and connection setup issues. If the

Radio2 group can significantly increase the bandwidth, significantly decrease the

interference with other technologies, and also correct most of the connection

setup issues, there will certainly be a future for Bluetooth. All the while they are

keeping it backward compatible with the current version. If this can be done,

Bluetooth will be able to compete well with the performance of new emerging


3.4 Conclusion

In conclusion, based on the evidence from this research that the Bluetooth

technology is definitely a technology with valuable uses in today’s world. If the

technology itself continues to go unchallenged in the market, even though it

possesses its drawbacks, it will grab a large share of the wireless device market.

With the backing of all the companies that have put money into researching and

developing Bluetooth products, it will be a extremely difficult obstacle for any

emerging technology to overcome.


1.    N. Golmie, R.E. Van Dyck, A. Soltanian, A. Tonnerre and O. Rebala,

      “Interference Evaluation of Bluetooth and IEEE 802.11b Systems” (2003)

2.    N. Golmie, “Bluetooth Dynamic Scheduling and Interference Mitigation”


3.    N. Golmie, “Interference of Bluetooth and IEEE 802.11: Simulation

      Modeling and Performance Evaluation”.

4.    Bluetooth Resource Center, (2004).

5.    Sven Mattisson, “Low-Power Considerations in the Design of Bluetooth”,


6.    Wah-Chun Chan, Jiann-Liang Chen, Po-Tsang Lin and Ka-Chin Yen,

      “Quality-of-Service in IP Services over Bluetooth Ad-Hoc Networks”


7.    Bluetooth SIG Security Expert Group, “Bluetooth Security White Paper”

      (April 2002).

8.    How Bluetooth Works,


9.    Vojislav B. Mišic´ and Jelena Mišic´, “Performance of Bluetooth bridges in

      scatternets with limited service scheduling” (February 2004).

10.   Gil Zussman and Adrian Segall, “Capacity assignment in Bluetooth

      scatternets: optimal and heuristic algorithms” (February 2004).

11.   Sachin Abhyankar, Rishi Toshiwal, Carlos Cordeiro and Dharma Agraqal,

      “Emerging technologies: WLANS and WPANS: On the Application of

      Traffic Engineering Over Ad Hoc Networks” (September 2003).

12.   Madhujit     Ghosh,   “Interference    between    Bluetooth     and   802.11b,”

      (Saturday, April 26, 2003).

13.   Ching Law, Amar K. Mehta, Kai-Yeung Siu, “A New Bluetooth Scatternet

      Formation Protocol,” Mobile Networks and Applications, Volume 8 Issue 5

      (October 2003).

14.   Ching Law, Amar K. Mehta, Kai-Yeung Siu, “Bluetooth: Performance of a

      New Bluetooth Scatternet Formation Protocol,” Proceedings of the 2nd

      ACM International Syposium on Mobile Ad Hoc Networking and

      Computing (October 2001).

15.   Serious Flaws in Bluetooth Security Lead to Disclosure of Personal Data, (2004).

16.   Jim    Geier,     “Minimizing      Bluetooth   Interference,”    http://www.wi- ( July 2, 2002).

17.   Rob Enderle, ”The Death of Bluetooth: Intel Moves to Ultrawideband,”,1761,a=119654,00.asp             (February

      19, 2004).

To top