The IEEE 802.15.4 Standard and the ZigBee Specifications
Course T-110.5111 (Computer Networks II – Advanced Topics) Lecture about Wireless Personal Area Networks
Mario Di Francesco
Department of Computer Science and Engineering, Aalto University
Department of Computer Science and Engineering, University of Texas at Arlington
October 15, 2012
Architecture and objectives
Physical layer Data link layer Network layer Upper layers
IEEE 802.2 LLC
SSCS
Other LLC
IEEE 802.15.4 MAC IEEE 802.15.4
868/915 MHz PHY
IEEE 802.15.4 2400 MHz PHY
Architecture
two physical (PHY) layer MAC layer
ZigBee for the upper layers
Objectives
low-rate low-power
low-complexity
Components
Full Function Device (FFD)
Implements the entire standard Coordinator
manages (part of) the network
PAN coordinator
manages the whole PAN (unique in the network) (Regular) Device
communicates with FFDs and/or RFDs
Reduced Function Device (RFD)
Implements a reduced portion of the standard
cannot be a (PAN) coordinator
only communicates with FFDs
Topology
Star
C
FFD RFD PAN Coordinator C
all messages flow through the center (hub) of the star
Peer-to-peer
C
neighboring nodes can communicate directly only available to FFDs
Radio and modulation
(1 of 2)Two distinct physical layers
PHY 868/915 MHz PHY 2400 MHz
Shared features
direct sequence spread spectrum (DSSS)
ISM (Industrial, Scientific and Medical) bands
Radio and modulation
(2 of 2)PHY 868/915 MHz
2 MHz
868.0 868.6 902.0 928.0
Channel 0 Channels 1-10
f (MHz)
868 MHz (Europe) 1 channel (20 kbps) 915 MHz (USA)
8 channel (40 kbps) differential encoding (1 sym = 1 bit)
BPSK encoding
PHY 2400 MHz
Channels 11-26
2400.0 2483.5
f (MHz) 5 MHz
16 channels
250 kbps bandwidth orthogonal encoding (1 sym = 4 bits)
O-QPSK modulation
Format of the PHY frame
Preamble Start-of-frame
delimiter Frame length PHY Service Data Unit (PSDU)
4 bytes 1 byte 1 byte ≤ 127 bytes
Synchronization Header PHY Header
PHY Protocol Data Unit (PPDU)
Header
synchronization preamble delimiter of the PHY frame frame length
Payload
is the same as the MSDU maximum size of 127 bytes
Available primitives
Transceiver modes
RX_ON active in receive mode
TX_ON active in transmit mode
TRX_OFF inactive (idle mode)
Channel Selection
Energy Detection (ED)
Link Quality Indication (LQI)
“quality” of received frames SNR, ED, or both
Clear Channel Assessment (CCA)
Different modes
1. energy above threshold 2. carrier sense only
3. combination of 1 and 2
Addressing modes
PAN address
PANs can be co-located
16 bits chosen by the PAN coordinator
Device address
64-bit IEEE Extended Unique Identifier (EUI-64) 24-bit Organizationally Unique Identifier (OUI) 40 bits assigned by the manufacturer
16-bit short address
assigned by the PAN coordinator during association
Overhead reduction
flag in the frame control field
Format of the MAC frame
Frame control
Sequence
number Addressing fields Payload
2 bytes 1 byte Variable
MAC Header MAC Footer
MAC Protocol Data Unit (MPDU)
≤ 20 bytes
Frame check sequence
2 bytes MAC Service Data Unit (MSDU)
Header
frame control
sequence number addressing fields
Frame payload Footer
frame check sequence (FCS) ITU-T CRC-16
Frame types
Beacon frame
synchronization and management of the PAN list of devices with pending messages
superframe parameters
Acknowledgment frame
MAC payload
MAC command
command identifier (1 byte) command payload
Channel access methods
MAC
Non-beacon enabled Beacon enabled
Superframe Structure
Contention free
Reserved time slot
Contention based
Slotted CSMA-CA
Contention based
Unslotted CSMA-CA
Superframe structure
GTS GTS
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
CAP CFP
SD = aBaseSuperFrameDuration*2SO sym
BI = aBaseSuperFrameDuration*2BO sym
Inactive Active
Beacon Beacon
Active period
Contention Access Period (CAP)
always present in the superframe immediately follows the beacon slotted CSMA-CA protocol
Contention Free Period (CFP)
optional
contiguous slots at the end of the superframe without CSMA-CA
All transactions end within the CAP (CFP)
Superframe parameters
Beacon interval
BI = aBaseSuperFrameDuration· 2BO sym interval between subsequent beacons 0 ≤ BO ≤ 14, if BO = 15 no beacons
Superframe duration
SD = aBaseSuperFrameDuration· 2SO sym duration of the active part
0 ≤ SO ≤ BO ≤ 14, if SO = 15 only active period (no duty-cycle)
aBaseSuperFrameDuration= 960 sym ≈ 32 µs (2.4 GHz PHY)
Synchronization
Tracking mode
the device gets the first beacon
then activates the transceiver before the subsequent one
Non tracking mode
the device only gets a single beacon
it has to reactivate the transceiver for at most aBaseSuperframeDuration·(2BO + 1) sym
Orphaned device
does not detect beacons for aMaxLostBeacons (4) superframes
GTS management
Features of GTSs
unidirectional
at most 7, all in the CFP
each spanning one or more contiguous slots
GTS allocation
managed by the PAN coordinator
the device requests a GTS to the PAN coordinator
the PAN coordinator decides whether to assign it or not advertised in the GTS parameters of the superframe not always possible
no GTS available
cannot reduce the size of the CAP further
Frame spacing
Frames need to be separated by an Inter Frame Space (IFS)
Long frame Another frame
LIFS
Short frame Another frame
SIFS
if pframe ≤ aMaxSIFSFrameSize (18) bytes
then SIFS (Short IFS) ≥ aMinSIFSPeriod (12) sym if pframe > aMaxSIFSFrameSize bytes
then LIFS (Long IFS) ≥ aMinLIFSPeriod (40) sym
The CSMA-CA algorithm
Common features
wait before transmitting without RTS/CTS
Two variants
slotted (beacon enabled mode CAP) unslotted (non-beacon enabled mode)
Features
backoff period slot of 20 sym (6= superframe slot) slotted variant aligns rx/tx to backoff periods
Initialization
CSMA-CA
NB=0
CW=2
Battery Life Extension?
BE=min(2, macMinBE)
BE=macMinBE
Yes
No
Parameters
NB number of backoffs (i.e., backoff attempts) CW contention window BE backoff exponent
macMinBE = 3 (default)
Battery Life Extension
power saving mode
Main loop
Delay for a random backoff period
∈ [0, 2BE-1]
Perform CCA on backoff period
boundary
Channel idle?
CW=2, NB=NB+1 BE=min(BE+1,
aMaxBE)
CW=CW-1
NB >
macMaxCSMA Backoffs?
CW=0?
Success Failure
Yes
No
Yes No
Yes No
Slotted mode
waiting and CCAs are aligned to backoff periods
two CCAs before tx
backoff timer stopped at the end of the CAP and
reactivated at the beginning of the subsequent one
In both cases
default max backoffs is 4
Channel access example
Slotted CSMA-CA
Data
aUnitBackoffPeriod Backoff
Superframe Slot
12 13 14 15 0 1 2
B
Backoff Backoff Data
Packet arrival
Backoff CCA
Backoff timer paused C
A
B
Communication reliability
CRC (FCS) check
CRC-16 computed over header and payload checked against the FCS
Acks and retransmissions
at most aMaxFrameRetries = 3
ack waiting time is macAckWaitDuration (54 sym)
Acks and retransmissions
Ack timing
Frame Ack
tack
Frame
tack
aUnitBackoffPeriod Ack
tack = aTurnAroundTime (unslotted) aTurnAroundTime ≤ tack ≤
aTurnAroundTime + aUnitBackoffPeriod (slotted) t < SIFS < LIFS, at most aMaxFrameRetries = 3
Sending data
Beacon enabled (CAP)
Coordinator Device
Data
Acknowledgement Beacon
Non-beacon enabled
Coordinator Device
Data
Acknowledgement
Receiving data (indirect transfer)
Beacon enabled (CAP)
Coordinator Device
Beacon
Data request
Acknowledgement Data
Acknowledgement
Non-beacon enabled
Coordinator Device
Data request
Acknowledgement Data
Acknowledgement
Peer-to-peer communications
We have previously considered
star topology
FFD or RFD devices
Peer-to-peer topology
only between FFDs
according to the tx case already seen in the non-beacon enabled mode
synchronization not defined by the standard
Security
Unsecured mode
no security
delegated to the upper layers
ACL mode
based on Access Control Lists
Secured mode
access control
anti-replay protection
confidentiality and integrity of messages
Scanning modes
ED channel scan (only FFDs)
ED of the PHY layer
Active channel scan (only FFDs)
sends a beacon request command waits for a reply
Passive channel scan
waits for a beacon
Orphan channel scan
resynchronization of orphaned nodes
PAN creation
FFD intending to be a PAN coordinator
starts an active channel scan
selects a (possibly unused) channel selects a PAN identifier
starts transmitting beacons (in the beacon-enabled mode)
PAN identifier conflict
detection and resolution are supported by the MAC layer
Association
Coordinator Device
Association request Acknowledgement
Acknowledgement Data request
Association response
Acknowledgement
Message exchange
the first ack does not imply that the request has been accepted
it depends on available resources
replies obtained as an indirect transmission maximum waiting time aResponseWaitTime (30720 sym)
Dissociation
Coordinator Device
Dissociation notification Acknowledgement
Acknowledgement Data request
Disassociation notification
Acknowledgement
Spontaneous
Coordinator driven
Spontaneous
decided by the device ack not really needed
Forced
decided by the coordinator indirect transfer
ack not really needed
References
E. Callaway et al., Home Networking with IEEE 802.15.4: A Developing Standard for Low-Rate Wireless Personal Area Networks, IEEE Communications Magazine, August 2002 IEEE 802.15.4, Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (LR-WPANs), May 2003 Paolo Baronti, Prashant Pillai, Vince W.C. Chook, Stefano
Chessa, Alberto Gotta, Y. Fun Hu, Wireless sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee
standards, Computer Communications, Volume 30, Issue 7, 26 May 2007, Pages 1655–1695
The ZigBee consortium
Wireless Control That Simply Works
Objectives
interoperability between platforms of different vendors
low-energy low-cost
high node density
Reference scenarios
industrial and commercial consumer electronics and PC peripherals
personal healthcare and home automation
The protocol stack
(1 of 2)IEEE 802.15.4 defined
ZigBeeTM Alliance defined
End manufacturer defined
Layer function Layer interface
Physical (PHY) Layer
Medium Access Control (MAC) Layer Network (NWK) Layer
- Application Support Sublayer (APS)
APS Message Broker ASL Security
Management APS Security Management
Reflector Management Application
Object 240
Application Object 1
…
Application (APL) Layer
ZigBee Device Object (ZDO)
Endpoint 240 APSDE-SAP
Endpoint 1 APSDE-SAP
Endpoint 0 APSDE-SAP
NLDE-SAP
MLDE-SAP MLME-SAP
PD-SAP PLME-SAP
NWK Security Management
NWK Message Broker
Routing Management
Network Management
2.4 GHz Radio 868/915 MHz di
Security Service Provider
ZDO PublicInterfaces
Application Framework
ZDO Management Plane
APSME-SAPNLME-SAP
The protocol stack
(2 of 2)The layers
Application layer (APL) service discovery
binding between devices and services communication modes
Network layer (NWK) network topology
addressing and routing
physical and MAC layers defined by the IEEE 802.15.4 standard
Other elements
ZDO Management Plane Security Service Provider
ZigBee device model
Type Description Elements
Application Device Type
Represents the type of device from the user perspective
Motion detection sen- sor, light switch, etc.
ZigBee Logical Device Type
Represents the type of device from the net- work perspective
Network coordinator, router, end device
IEEE 802.15.4 Device Type
Represents the type of ZigBee hardware (ra- dio) platform
Full Function Device, Reduced Function De- vice
ZigBee products are a combination of
Application, Logical e Physical Device Types how to combine the different Device Types is defined by the vendor or by a profile
The application layer (APL)
Sublayers
Application Framework (AF)
contains the higher layer application components (application objects) defined by the vendor
Application Support Layer (APS)
links the application layer to the network layer ZigBee Device Object (ZDO)
is a special application object with management purposes
General concepts
(1 of 2)Profile
an agreement over messages, formats and actions
adopted by the applications running on different devices to create a given distributed application
Component
a physical object and the corresponding application profile
ZigBee device
a (set of) component(s) sharing a ZigBee transceiver each device has a unique 64-bit IEEE address
and a 16-bit network address
General concepts
(2 of 2)Attribute
an entity representing a physical quantity or state
Endpoint
a specific (sub)component within a ZigBee device each device supports up to 240 endpoints
with distinct addresses
Cluster
container of attributes or a message
has a unique 8-bit address within a certain profile
Sample addressing at the application layer
ZigBee Device ZigBee
Radio
ZigBee Device
ZigBee Radio
Home Control Profile
light control (on/off) dimmer
motion detection
Legend
Endpoint
Link
Cluster
Application Framework
(1 of 2)Features
contains application objects provides two data services
key value pair service (KVP) messsage service (MSG)
Observations
exploits services made available by the APS control and management of application objects are handled by the ZigBee Device Object (ZDO)
Application Framework
(2 of 2)Key Value Pair (KVP) service
allows to manipulate attributes defined within the application objects
takes an approach based on state variables with transitions get, get response commands
set, event (and eventual response) commands uses data structures in compressed XML format
Message (MSG) service
allows the application profile to use its own frame format has more flexibility than the KVP apprach
The application support layer (APS)
Objective
interfacing the application layer (AP) with the network layer
Features
generation of messages at the application layer (APDUs) binding between devices and services
transport of APDUs between different devices
Message transmission
Message format
Octets: 1 0/1 0/1 0/2 0/1 Variable
Frame control
Destination end- point
Cluster Identifier
Profile
Identifier Source endpoint
Frame payload Addressing fields
APS header APS payload
Transmission modes
direct or indirect transmissions
unicast or broadcast transmissions
acknowlegments and (optional) retransmissions
Binding
Definition
creation of a unidirectional link between devices and endpoints every devices keeps a binding table with entries in the format
(as,es,cs) = {(ad1,ed1),(ad2,ed2), . . . ,(adn,edn)} where
as address of the source device in the link es endpoint of the source device in the link cs cluster identifier used in the link
adi the i-th destination device address in the link edi the i-th destination endpoint address in the link
Features of the NWK layer
Objectives
ensures the proper functioning of the MAC layer provides an interface to the application level
Major features
services for creating a PAN (ZigBee Coordinator)
services for device association (ZigBee Router and End Devices) logical address assignment and routing (ZigBee Router)
Network management
Network creation, device association and dissociation
high-level primitives of the IEEE 802.15.4 standard
Additional functions
message filtering
broadcast transmissions
Message format
Octets: 2 2 2 1 1 Variable
Frame Con- trol
Destination Address
Source
Address Radiusa Sequence
Numberb Frame Payload Routing Fields
ZigBee devices
ZigBee Coordinator
manages the entire network
PAN coordinator in IEEE 802.15.4 (FFD)
ZigBee Router
manages device association routes the messages to devices
coordinator in IEEE 802.15.4 (FFD)
ZigBee End Device
regular device in the network RFD or FFD in IEEE 802.15.4
Network topologies
Tree network
non beacon-enabled mode of IEEE 802.15.4 beacon-enabled mode of IEEE 802.15.4
active periods of different superframes should not interfere
Beacon Interval
Inactive Period Superframe Duration
Beacon CAP
Mesh network
corresponds to the peer-to-peer network of IEEE 802.15.4 devices cannot use IEEE 802.15.4 beacons
Distributed address assignment
(1 of 2)Used in tree networks (nwkUseTreeAddrAlloc = TRUE)
Parameters
Cm max number of children (per parent) nwkMaxChildren Lm maximum depth of the tree nwkMaxDepth
Rm max number of routers (per parent) nwkMaxRouters The address block assigned by each parent at level d to their own (child) routers is
Cskip(d) =
1 + Cm · (Lm − d − 1) if Rm = 1 1 + Cm − Rm − Cm · RmLm−d−1
1 − Rm otherwise
Distributed address assignment
(2 of 2)Parent node
accepts children if Cskip(d) > 0
uses Cskip(d) as offset for router childrens the n-th address An is given by
An = Aparent + Cskip(d) · Rm + n
with 1 ≤ n ≤ (Cm − Rm) and Aparent the parent address
Observations
addresses are sequentially assigned
a block of addresses cannot be shared between multiple devices one parent can run out of addresses
Address assigned by upper layers
Used in the general case (nwkUseTreeAddrAlloc = FALSE)
Layer above the network
picks the block of addresses to assign next address to assign nwkNextAddress
number of available addresses nwkAvailableAddresses
step used when assigning addresses nwkAddressIncrement
Algorithm
a router accepts associations if nwkAvailableAddresses > 0 the device is assigned the address nwkNextAddress
the router decrements nwkAvailableAddresses
and adds nwkAddressIncrement to nwkNextAddress
Hierarchical routing
Finding the descendants
D is a descendant of A (at level d) if
A < D < A + Cskip(d − 1)
Forwarding towards descendants
if D is an End Device1 the next hop is N = D if D is a Router the next hop is
N = A + 1 +
D
− (A + 1) Cskip(d)
· Cskip(d)
Table-driven routing
Features
uses a simplified version of the
Ad Hoc On Demand Distance Vector Routing (AODV) protocol every device with enough memory resources
keeps a routing table
Hybrid solution
hierarchical and table-driven routing can be used together if the destination is in the routing table
then the corresponding entry is used
if the destination is not known and the routing table has room for a new entry then the device starts route discovery
otherwise messages are routed along the tree
Routing metric
(1 of 2)Definitions
P path of length L, i.e., (D1, D2, . . . ,DL) (Di, Di+1) link (sub-path of length 2)
C(Di, Di+1) cost of the link (Di,Di+1)
Cost of a link
cost of a link l
[0,1, . . . ,7] 3 C{l} =
7 min
7, round
1 pl4
where p is the probability of delivering a message over link l
Routing metric
(2 of 2)Path cost
path cost
C{P} =
L−1
X
i=1
C{(Di,Di+1)}
Observations
pl can be estimated
through the LQI of IEEE 802.15.4 use of the metric
route discovery route maintenance
References
ZigBee Alliance, ZigBee Specification, Version 1.0, December 2004
Don Sturek, ZigBee V1.0 Architecture Overview, ZigBee Open House Presentations, Oslo, June 2005
Ian Marsden, Network Layer Technical Overview, ZigBee Open House Presentations, Oslo, June 2005
Paolo Baronti, Prashant Pillai, Vince W.C. Chook, Stefano
Chessa, Alberto Gotta, Y. Fun Hu, Wireless sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee
standards, Computer Communications, Volume 30, Issue 7, 26 May 2007, Pages 1655–1695
Computer Networks II
Advanced Features (T-110.5111)
Bluetooth
Mario Di Francesco, PhD
Postdoctoral Researcher – DCS Research Group
Based on slides previously done by Matti Siekkinen and reused with permission
Bluetooth
Originally as cable replacement technology
Follows the main objectives of WPAN technologies
– low-cost, low-power, short range
Main features
– devices find and connect to each other via inquiry and paging processes
– pairing for authenticated use of services – master and slave devices
together form a piconet
– different application profiles (and stacks)
e.g. hands-free, streaming audio and video – secure data transfer
Piconets and scatternets
A master and up to 7 active slaves form a piconet
– up to 255 parked nodes in addition
Two piconets can be connected to form a scatternet
Bluetooth “flavors”
Version 2 + EDR
– a.k.a. Classic
– Enhanced Data Rate (EDR) adds 2 and 3 Mbps rates – basic rate is still 1 Mbps
Version 3 + HS
– adds alternate MAC + PHY (Wi-Fi) to provide higher speed data channels
Version 4
– adds Bluetooth low energy
– targets embedded low-power devices
runs up to two years on coin cell battery
Protocol stack
Layers
Radio layer
– channel access and modulation
Link control (or baseband)
– framing and management of time slots
Link manager
– establishment of logical channels between devices
Logical link control and adaptation protocol (L2CAP)
– framing of variable-length messages and reliability
Application profiles span almost the whole stack
Radio layer
License-free ISM band at 2.402 – 2.480 GHz
– 79 channels 1 MHz wide
Channel access
– Adaptive Frequency-Hopping (AFH) spread spectrum
up to 1600 hops/s
all nodes of piconet hop synchronously
– master dictates timing and decides the pseudorandom hop sequence
dynamically exclude channels with interference
– channel map update
Three modulations
– 1-bit symbol per μs for 1Mbps rate
– 2/3-bit symbol per μs (EDR) for 2/3 Mbps rates (respectively)
Other layers
Link control and timeslot management
– time division multiplexing with 625μs slots
– master transmission at each even slots and slaves at each odd slot
Link manager and link establishment
– secure simple pairing
– Synchronous Connection Oriented (SCO) link
master and slave set up a periodic schedule
real time data (e.g., phone calls)
– Asynchronous ConnectionLess (ACL) link
master polls, slave responds
packet data, best effort
L2CAP
– gets packets and outputs frames for the link manager – (de)multiplexes data for upper layers
Frame structure
Basic data rate
Enhanced data rate
higher rate modulation only here specifies the
master specifies
the slave
Establishment of a new connection
Inquiry
– discovers units in range
their device addresses and clocks
Paging
– establishes an actual connection
ID ID FHS ID ID FHS ID POLL NULL
M
S INQUIRY SCAN BACKOFF INQUIRY
INQUIRY RESPONSE
PAGE
PAGE SCAN
MASTER RESPONSE
SLAVE RESPONSE
CONNECTION
CONN
Inquiry
Inquiry Scan
– performed by device that wants to be discovered – periodically listens for inquiry packets
on a special inquiry hopping sequence of 32 frequencies
Inquiry
– sends an inquiry packet with a specific inquiry access code – the code indicates who should respond
either generic or dedicated to certain type of devices
Inquiry Response
– sends a response packet containing the responding device address after receiving inquiry message during the inquiry scan
– sends to corresponding inquiry hopping response sequence
for each inquiry hop there is a corresponding inquiry response hop
Paging
Page
– Master sends a page message to slave’s address
– Send to special page hopping sequence of 32 frequencies – Master uses the clock information from slave to be paged
Estimate where in the hop sequence slave is listening in page scan mode
Send to the frequencies just before and after
Page Scan
– Slave enters page scan state when it wishes to receive page packets – Slave listens to packets addressed to its DAC
Page Response
– Upon receiving page message, slave enters page response state – Send back a page response containing its DAC
– Use frequencies from corresponding page response sequence
For each page hop there is a corresponding page response hop
Pairing
Used to establish a link key
– e.g. to prevent eavesdropping an man-in-the-middle attacks – PIN code pairing (legacy pairing)
– Secure Simple Pairing
Authentication based on shared secret
Encryption of data based on shared secret
– based on SAFER+ block cipher 5478
5478
Bluetooth Low Energy Introduction
History
– Nokia initiated project
– Bluetooth Low End Extension (2004) – WiBree (2006)
– part of Bluetooth v4.0 (2009)
Characteristics
– very low-power consumption – cheap
– for small amounts of data – two implementations
single mode for low-power devices (e.g., sensors)
dual mode for less constrained devices (including Bluetooth Classic)
Bluetooth Low Energy Technical aspects
Radio characteristics
– same frequency band as Classic but only 40 channels 2 MHz wide – AFH similar to Classic and raw data rate of 1 Mbps
Simpler stack and protocols
– only L2CAP, link layer, and PHY – reduced number of states
Standby, Advertising, Scanning, Initiating, and Connection
– low-power achieved through a low duty-cycle mechanism
periodic wake-ups for connection events and then sleep
Market availability
– besides devkits, recently appeared in off-the-shelf smartphones
iPhone 4S and 5, iPad 3rd gen, Samsung Galaxy S3
