Author: Support

What’s Wrong with Bluetooth Mesh?

Researchers from TU Darmstadt, Germany have a new paper Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept that looks into weaknesses in the security model underlying the Bluetooth mesh friendship mechanism.

Friendship allows a low-power IoT device to go to sleep with a separate higher-power node caching packets until the lower power device wakes up. The paper provides an overview of friendship and the Friendship Security Material(FSM) unique to this type of communication.

The researchers found three flaws in the Bluetooth friendship mechanism related to:

  • The possibility of eavesdropping on communication and selectively jamming based on size of the control messages.
  • The lack of protection of the friend security keys against an insider attack.
  • The possibility of misuse of Friend Clear messages to cause a form of denial of service attack through flattening the battery.

The paper includes a reference to tools that demonstrate these problems and discusses possible mitigations.

The Bluetooth SIG responded:

Compromise of the friendship relationship results only in a compromise of the availability of the low power node to the other nodes in the subnet.

It is the conclusion of the working group that the friendship relationship between an LPN and its friend within a mesh subnet is not intended to be secured against attack by a party already in possession of the network key.

It is the position of the Mesh Working Group and the Bluetooth SIG that neither scenario provides additional security risk for a user of the Mesh profile

In other words, the risks are appropriate to the level to which the mesh is expected to be used or attacked.

We have yet to come across any devices using friendship. Friendship is an edge case that isn’t required in most instances. Also, most existing low power devices can’t be upgraded to use mesh due to the higher memory requirement of Bluetooth Mesh.

Read about Beacons and the Bluetooth Mesh

nRF Connect Features

Nordic, the manufacturer of the System on a Chip (SoC) in most beacons, has a new blog post on Five Things You Didn’t Know About Nordic’s Mobile Development Apps. The post mentions less visible features of nRF Connect on iOS and Android. For example, you can get a useful RSSI graph by dragging the screen towards the right from the centre:

nRF Connect is the main app we recommend for testing beacons. iOS recently received a completely new version. nRF Connect also has macros that can speed up testing.

Battery Power Use When Advertising Multiple Bluetooth LE Channels

Most beacons can transmit more than one type of advertising , for example iBeacon, Eddystone and sensor data. In practice, no beacon can send more than one kind of data simultaneously. Instead, they send the different data sequentially, one transmission very shortly, milliseconds, after the other. Many manufacturers describe this as sending data in different channels which shouldn’t be confused with different Bluetooth LE frequency channels used to reduce the affects of wireless interference.

Some devices such as Minew and Sato can send 6 channels that can include iBeacon, Eddystone UID, Eddystone URL, Eddystone TLM, sensor, acceleration and device info:

Sato setup: Channel types are shown at the bottom

Transmitting one type of data takes of the order of 1 millisecond (ms) every configurable 100ms to 10secs period. It’s during the sending that the majority of the battery power is used with the beacon sleeping between transmissions. The following oscilloscope trace shows the battery power used, over time, with one channel:

Care should be taken to configure only those types of data that are required. If you configure more than one channel then there’s a corresponding, almost linear, increase in use of battery power for every extra channel.

Bluetooth 5 Range Tests

Unseen Tech has a recent whitepaper on Bluetooth 5 range. It describes some tests that were performed to assess Bluetooth 5 to see the improvements in range compared to Bluetooth 4’s typical 30m to 100m. The tests used development boards from Texas Instruments and Nordic that, used outside, achieved about 650m and 750m respectively.

While some companies are claiming Bluetooth 5 support in products, many don’t actually use Bluetooth 5 yet but instead offer an upgrade path to Bluetooth 5. Other’s do offer Bluetooth 5 but downgrade to Bluetooth 4 when communicating with Bluetooth 4 devices (e.g. smartphones) which are still the large majority of devices.

There are also some ultra long range Bluetooth 4 devices that include output power amplifers that can achieve ranges of hundreds of metres and we have one USB powered beacon that reaches up to 4Km.

TRBOnet Update

There’s been an update to TRBOnet to allow DIMETRA Express to use iBeacon-based Indoor Location.

TRBOnet is the system used by Motorola for managing 2-way radios and pinpoints handsets on maps:

The 2-way radios upload GPS data but this obviously doesn’t work indoors where iBeacons are used instead. TRBOnet works with any iBeacons.

Are you an established 2-way radio company?
Contact us for advice on which beacons we have supplied for use with TRBOnet.

Maximising Bluetooth Gateway Throughput

Our article on What are Beacons shows the kind of data sent by beacons. While this might be iBeacon or Eddystone, both are a subset of all Bluetooth advertising as sent out by all Bluetooth LE devices such as smartphones, Fitbits and even industrial machines. The Bluetooth LE advertising advertising is just a short series of numbers.

Gateways look for Bluetooth advertising and send this on to a web server together with the signal strength of the detected device, the gateway’s own Bluetooth MAC address and MAC address of the detected Bluetooth device.

Bluetooth WiFi Gateway

In some situations a very large number of devices can be detected, most of which aren’t the ones that need to be detected. This can cause either the gateway to become overloaded or too much extraneous data to be sent to the server.

All gateways have ways of filtering what advertising is sent to the server. This usually includes matching some or all of the advertising with a given hexadecimal string and the ability to ignore devices weaker than a given signal strength.

Even after filtering, it’s possible in extreme circumstances that a gateway processes too many beacons and becomes overloaded. In these cases it’s important to have a gateway that can support the highest throughput. Gateway specifications detail the typical maximum number of devices that can be detected which varies considerably between devices. Ethernet connected devices tend to be more performant than those connected by WiFi. Also consider setting the gateway to only detect beacons close by and use more gateways per given area. Consider using MQTT in preference to HTTP so as to cause the gateway to do less work.

TINY Bluetooth® Low Energy SoC and Module

Inside every Bluetooth sensor beacon is a System on a Chip (SoC) that’s a small computer that runs code. Dialog Semiconductor, the manufacturer of the SoC in some beacons, has just announced the world’s smallest (2.0mm x 1.7mm) and most power-efficient Bluetooth 5.1 SoC the DA14531.

The high level of integration means it only needs six additional electronic components and a power supply to make a complete Bluetooth low energy system. It’s expected to bring SoCs down to $0.50 in high volume.

While beacons tend to be limited by battery size rather than SoC size, the reduced price might bring downward pressure on cost. The small size is of more use in power harvesting/wearable scenarios such as printed Bluetooth sensors, connected injectors, glucose monitors and smart patches.

Differentiating Between Vehicles and Pedestrians Using Bluetooth Sensing

Javier Martínez Plumé, Juan José Marténez Durá, Ramón Vicente Cirilo Gimeno, Francisco Ramón Soriano García and Antonio García Celda of Universitat de Valencia, Spain have a recent paper on Evaluation of the Use of a City Center through the Use of Bluetooth Sensors Network.

The research looks into using the occurrences of detected Bluetooth MAC addresses to differentiate between vehicles and pedestrians. It’s based on a study that was carried out in the city of Valencia that presented significant complexity due to the large number of pedestrians and motor vehicles.

“Conditions sometimes cause travel times between pedestrians and vehicles to be very close or overlapping, making it impossible to distinguish between trips associated with a pedestrian or with a vehicle by just using travel times”

The researchers implemented a filtering algorithm for the classification of trips so as to distinguish between pedestrians and vehicles using the occurrences of detected MAC addresses.

The results of the study found that 60–70% of the vehicles, in a given itinerary, used the historic centre as a shortcut through the city. These findings caused the City Council of Valencia to take the decision of limiting the traffic speed in the historic centre to 30 km/h so as to encourage use of the city inner ring road where 50 km/h is allowed.

Sensing such as this is part of ‘Smart Cities’, with aims such as reducing pollution, easing traffic and encouraging walking and cycling.