Abstract--Office devices utilizing Bluetooth technology
simplify device configuration and communication. They provide
the means to wirelessly communicate over short distances
thereby eliminating the need for different vendor specific wires
and interfaces. One of the key concerns with new communication
technology is security and in particular wireless communication
interception. Studies focusing on IEEE 802.11b have shown
vulnerability zones that reflect the ranges at which wireless
communications can be intercepted. This research identifies the
vulnerability zones in which Bluetooth transmissions can
potentially be intercepted. Specifically, the orientation of
Bluetooth device antenna and the distance between devices are
varied to determine ranges at which set levels of throughput can
be achieved for a specific device configuration. Throughput
ranges are then mapped to graphically reflect vulnerability
zones. We show that the range at which Bluetooth
communication can occur with unmodified devices is more than
twice the minimum standard outlined in the core specification
without degradation of throughput level.
Index Terms--Distance measurement, information rates,
position measurement, wireless LAN.
I. INTRODUCTION
he continual rapid development of new technology
provides smaller, faster, and cheaper means of
communication. Office devices utilizing Bluetooth
technology simplify device configuration and communication.
They provide a means to wirelessly communicate over short
distances thereby eliminating the need for different vendor
specific cables and interfaces. Bluetooth provides a standard
interface that all equipped devices can access and
communicate through.
Incorporation of new technology into any existing
operation does not come without a price. One of the key
concerns involved in communication is security; the
fundamental security concern of wireless communication is
interception. There are many ways of increasing the difficulty
of interception such as implementation of spread spectrum
techniques or encryption. However, even with these measures
it is possible for communications to be intercepted.
The views expressed in this paper are those of the authors and do not
reflect the official policy or position of the United States Air Force,
Department of Defense, or the U.S. Government.
Studies focusing on IEEE 802.11b have shown
vulnerability zones that reflect the ranges at which wireless
communications using the 802.11b standard can be
intercepted. With the advent of Bluetooth technology and its
incorporation into the workplace, it is important that the same
concerns with 802.11b also be addressed for Bluetooth.
Specifically, the need exists to determine Bluetooth
transmission interception vulnerability zones.
Although these vulnerability zones are not easily exploited,
they are cause for concern. They are an inherent weakness of
wireless communications that is often exploited. When a
weakness cannot be eliminated, it must be managed to
minimize the possible effects of its exploitation.
The simplest way to manage the security weaknesses of the
Bluetooth protocol is to minimize the possibility of packet
transmission interception. This could be accomplished by
limiting the physical radius of transmission to within the
boundaries of a controlled area. If transmissions are not
receivable outside the controlled area, and the personnel and
equipment within the controlled area are trusted, then the
possibility of packet transmission interception is minimized.
Thus, the need to establish transmission reception ranges of
Bluetooth devices is clear.
The low transmission power of Bluetooth devices limits the
range over which two devices can communicate. The 10 m
range in the Bluetooth specification is assumed to be a
maximum line-of-sight distance between two devices. It
cannot be assumed that this is the maximum distance at which
Bluetooth transmissions can be reliably received or
intercepted.
The primary focus of this research is to provide a basic
measurement of the transmission range of commercially
available Bluetooth devices. This range measurement
provides an initial look at the capabilities of the Bluetooth
standard in regards to throughput over different distances. By
providing the ranges at which different levels of throughput
are possible, this study helps to define the proximity distance
needed to intercept Bluetooth transmissions.
The rest of this document is presented as follows. Section
2 outlines the methodology used for accomplishing the
objectives of this research. Section 3 discusses the
experiments conducted, the data gathered, and analysis of the
resulting data. In Section 4 a summary of the research and
conclusions are presented.
Performance Evaluation and Analysis of Effective Range and Data
Throughput for Unmodified Bluetooth Communication Devices
Timothy F. Kneeland, Richard A. Raines, Michael A. Temple, Rusty O. Baldwin
Department of Electrical and Computer Engineering
Air Force Institute of Technology
2950 Hobson Way, Bldg 642
Wright Patterson AFB Ohio 45433-7765
T
II. METHODOLOGY
The primary objectives of this study are to determine the
following:
1. The transmitter/receiver antenna orientation that
provides the best reception for a commonly used
configuration.
2. The ranges at which fixed levels of throughput can be
received.
We expected that the received signal power would decrease
as the distance between the transmitter and receiver increases.
This power decrease is due to path loss and destructive
interference caused by reflected transmission signals. We
expected that changing the relative orientation of the receiver
and transmitter antennas would cause an increase or decrease
in the received signal power dependent on which orientation
is used for the initial measurement. Increasing distance was
expected to decrease the throughput level. This decrease is
due to path loss, and hence bit errors are likely to be in the
signal. The decrease in throughput was not expected to occur
at the same rate as received signal power within Bluetooth’s
specified 10 m functional range. Instead, the throughput
should gradually decrease with more dramatic decreases at
greater separation distances.
To achieve the research goals of this study, measurements
of RSSI and throughput for transmissions in a free-space
environment were recorded. This data was analyzed to
determine the correlation between received power level,
antenna orientation, and throughput range.
This study was limited to only considering relative antenna
orientation in 90-degree increments. Additionally, the study
was limited to outdoor transmissions and free-space
propagation. The transmission power level was set at 1 mw. It
is infeasible to determine ranges for every Bluetooth
communication mode. Therefore, the experiment was limited
to File Transfer Protocol (FTP) traffic using the Data Medium
rate 5-slot (DM5) packet type. This packet type has a
theoretical maximum forward (asymmetric) throughput rate of
477.8 kbps [1]. Additionally, it was assumed that there was
no interference due to other transmissions.
The performance metrics were throughput and RSSI. The
size of the data (in bits) divided by the total time taken to
receive the data defines throughput. Throughput provides a
measure of network capacity and indicates how many
transmissions can be successfully sent under a given set of
circumstances.
The Received Signal Strength Indicator (RSSI) is an
optional capability for transceivers to support power-control
links. It provides the means “to measure the strength of the
received signal and determine if the transmitter on the other
side of the link should increase or decrease its output power
level” [2].
Each Bluetooth receiver has a Golden Receive Range
defined by two thresholds. The lower threshold “corresponds
to a received power between –56 decibel milliwatts (dBm)
and 6 decibels (dB) above the actual sensitivity of the
receiver” [2], which is defined as a minimum of –70 dBm
with a raw bit error rate (BER) of 10-3. The upper threshold
falls in the range of 14 dB to 26 dB above the lower threshold
as depicted in Figure 1.
The RSSI value is a whole number indicator in dB of the
approximate location (above or below) of the received signal
strength relative to the Golden Receive Range. When the
received signal strength is within the Golden Receive Range,
the RSSI returns a value of zero. “The Golden Receive Power
Range is normally around 20 dBm wide, crudely equating to a
physical range factor of ten” [3]. Thus, the returned RSSI
value can be zero for transmissions over 1 m to 10 m. This
corresponds to the 10 m operational range of Bluetooth
devices as outlined in the specification.
The RSSI returns a positive or negative value only when
the received signal strength is outside of the Golden Receive
Range. A positive value indicates the received signal power is
above the Golden Receive Range, while a negative value
indicates the received signal power below the Golden Receive
Range. Positive values are approximate dB values between
the upper Golden Range threshold and the actual received
signal strength. Negative values are approximate dB values
between the actual received signal strength and the lower
Golden Range threshold. All RSSI values are approximate
and “can be more than ±5 dB from the real value” [3].
Negative values are clipped to a minimum of –10 dB for CSR
chipsets and –15 dB for Ericsson chipsets.
The factors and corresponding values for this experiment
were:
• Antenna orientation – (90-degree, 180-degree, 270-
degree, and 360-degree) – Transmitter/receiver antenna
orientations were selected based on the minimum number
of different orientations needed to measure 360-degrees
around the transmitter or receiver
Fig. 1. RSSI Dynamic Range and Accuracy. The Golden Receive Range is
14 dB to 26 dB wide and falls between an upper and lower threshold. The
thresholds are not fixed at a set dBm, but fall within a range. This leads to
the very poor accuracy of the RSSI.
-30 dBm
-56 dBm
Actual
Sensitivity
Lower Threshold
Upper Threshold
20 dB +/- 6 dB
6 dB
Golden
Receive
Range
-64 dBm
-70 dBm
-50 dBm
• Transmitter distance from receiver – (1 meter increments
for RSSI until lower threshold is reached, 5 meter
increments for throughput with 1 meter refinements) –
Distances for RSSI measurement were based on the
narrow range over which the RSSI was expected to be
useful. Distances for throughput were based on initial
rough measures and refined as needed
The antenna orientations selected reflect the different axis in a
two-dimensional plane. It was expected that the gain of the
micro-strip patch antenna is not equal in all directions. It was
expected that orientations aligning the primary lobes would
produce the best RSSI values and throughput rate.
The distance between the transmitter and receiver was
expected to be the primary contributor to the decrease in
RSSI value and throughput rate. This is due to transmission
path attenuation.
The experiment was conducted using direct system
measurement. This technique was selected due to the
unknown nature of the effects of the factors and the
availability of a Bluetooth testbed. Direct measurement of
Bluetooth transmissions provided the simplest means for
determining a possible correlation between the factors and the
performance metrics. Measurement also provided the most
accurate representation of real world scenarios.
The results of implementing a measurement technique were
validated using the path loss analytical model for radio
frequency transmissions in open-air. Visual comparison
between the measured RSSI and the path loss graph provided
an easy, quick, low-cost method for validating the
measurements.
The factors varied were the transmission distance and the
orientation of the antenna. The distance the signal travels was
measured from the closest edge of the transmitting antenna to
closest edge of the receiving antenna. The power level of the
signal was set at 1 mw. For the orientation experiment, there
was no load on the system. The RSSI command measured the
signal strength of the current packet. In the orientation
experiment, a connection was established, but no data was
sent during the test. The packets were limited to polling
packets between the piconet master and slave.
For the throughput experiment, a 1001 KB JPEG file was
sent from the transmitter to the receiver via the file transfer
protocol. The file size of 1001 KB was selected simply for
ease of throughput calculation. An approximately 1 MB file
eased mental calculations of throughput estimates during the
experiment execution and provided enough time to determine
an accurate throughput measurement. The theoretical
minimum amount of time to transmit the file is 16.76s.
The file transfer protocol software accompanying the
Bluetooth cards used in the experiments utilizes DM5
packets. A constant workload of DM5 packet transmissions
provided a good means of measuring the throughput. The
workload consisted of DM5 packets broadcast until the file
transfer is complete and acknowledged.
The experimental design for the orientation experiment was
a two factor full factorial design with replications. A two
factor full factorial design allowed separation of the
interactions from experimental errors. Since RSSI values are
integers, it was clear that the hardware is either rounding or
truncating the actual signal strength. In order to give a better
estimate of the difference between received signal strength
and Golden Range threshold, 100 samples for each
orientation and distance were averaged.
The advantage of this design is that every possible
combination of configuration is examined. The effect of every
factor and their interaction can be determined. Additionally, a
confidence interval for experimental errors can be determined
for a selected confidence level.
Each experiment consisted of a unique combination of the
factors and corresponding levels. A baseline RSSI lower
threshold maximum range determination was made using
free-space transmissions and the Bluetooth PC card
manufacturer’s original unmodified hardware. This range is
the maximum range at which the RSSI value is above the
lower threshold of –15 dB for the Ericsson chipset used.
The experimental design for the throughput experiment was
a two factor full factorial design with replications. Since
throughput was expected to decrease at different ranges for
different orientations, the connection between the master and
slave failed and data was not collected beyond that distance
for that orientation. Thus, there was no way to compare
results between orientations. Therefore, the best-case
measurement was used. Each experiment was performed three
times and the best result was selected as the sample value.
III. EXPERIMENTS, DATA, AND ANALYSIS
Utilizing a pair of Armadillo Bluetooth CF Cards (Ericsson
chipsets), the first experiment sought to determine the effect
of receiver orientation on the RSSI in a free-space
environment. The transmitter orientation was kept constant
while the receiver was placed in four different orientations at
each distance. Distances were measured in one-meter
increments in a straight line from the transmitter. Cardboard
boxes at a height of 0.59055 m supported the transmitter and
receiver. A Linux script file was used to sample the RSSI 100
times at each orientation and distance.
The Armadillo Bluetooth CF cards used in the experiment
have an integrated microstrip patch antenna for transmissions.
It was expected that the antenna orientation would contribute
to the RSSI value. The extent to which the orientation
contributed to the variation in RSSI values was determined
through computation of effects and Analysis of Variance
(ANOVA) as described in [4].
The orientation was measured with respect to the
transmitter/receiver. The Bluetooth card was inserted on the
right-hand side of the laptop when facing the screen. Figure 2
depicts the orientations of the patch antenna on the Bluetooth
card when it was inserted in the laptop.
The computation of effects for the first experiment was
interpreted as follows. The mean distance with a mean
orientation had an RSSI value of –11.72 dB. The RSSI value
for the 90-degree orientation was 1.52 dB higher than that of
an average orientation. The 270-degree orientation RSSI
value was 1.36 dB higher on average than that of an average
orientation. The RSSI value for the 180-degree orientation
was 0.86 dB lower than that of an average orientation and the
360-degree orientation was 2.01 dB lower than that of an
average orientation. The RSSI value for the 90-degree
orientation was on average higher than any of the other
measured orientations.
The 90% confidence intervals for effects showed that each
orientation was significantly different from each other except
for one case. The 90% confidence interval for the contrasts
between the 90-degree orientation and the 270-degree
orientation was (-2.26, 2.59). Since this confidence interval
contains zero, the 90-degree orientation and the 270-degree
orientation were not significantly different from each other.
Hence, either orientation can be used for the throughput
experiment.
The ANOVA for Experiment 1 showed that distance
accounted for the majority of variation (77.72%) in the RSSI
values. This was expected simply due to path loss. The
receiver antenna orientation accounted for 13.92% of the
variation in RSSI value, while only 0.43% was accounted for
by errors. The remaining 7.94% of variation was due to
interaction between the factors (distance and orientation) in
the experiment.
Fig. 2. Microstrip Patch Antenna Orientations. Depicts the orientations of
the patch antenna on the Bluetooth card when it is inserted in the laptop. The
orientation is measured with respect to the transmitter/receiver. The
Bluetooth card is inserted on the right-hand side of the laptop when facing
the screen.
The F-ratio was used to test the significance of each factor.
Utilizing the degrees of freedom (DOF) for orientation and
distance, each factor’s respective F-value was computed and
compared to those contained in the table of quantiles of F-
variates [4]. Each factor was significant at level α = 0.01 (99-
percentile) since the computed F-value was greater than the
F-value from the table of quantiles.
Thus, the significance of receiver antenna orientation, as
indicated by the F-ratio test, combined with the computation
of effects, identified the 90-degree and 270-degree receiver
antenna orientations as the better receiver antenna
orientations for future best-case scenario experiments.
When viewed graphically, it was clear that received signal
strength did not decrease in a smooth manner as expected
from theoretical path loss. Instead, signal strength attenuated
markedly at approximately 3m and 6m as shown in Figure 3,
especially for the 90-degree and 270-degree antenna
orientations.
To determine whether this anomaly was due to
experimental error, even though not indicated by ANOVA,
three additional experiments were performed with the same
laptop configuration, but different Bluetooth PC Cards. Each
additional experiment showed the same attenuation in RSSI
values at the same distances.
Although the RSSI is only an approximation, and can vary
up to 5 dB within a range that is partially dependent on the
chipset maker, the continual occurrence of the received signal
strength drop off indicated this was not likely a hardwar
本文档为【蓝牙协议】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。