This article was first published onblog.nordicsemi.com
While Bluetooth mesh is related to Bluetooth, it does include some major differences that are reflected in the terminology. Here’s our guide to the must-know terms.
In July 2017, the Bluetooth SIG released the long-awaited Bluetooth mesh standard, introducing a many-to-many topology to the world of Bluetooth.
The Bluetooth mesh standard is not part of the core Bluetooth standard. Yet even though it’s defined in its own specification, it does utilize and build upon the Bluetooth Low Energy (LE) standard. It also introduces many concepts, some of which are standard in many-to-many topologies, with others unique to Bluetooth mesh.
If you’re just getting started with Bluetooth mesh development, we’ve put together this handy guide to lead you through the terminology, one term at a time.
Bluetooth LE devices operate in two states: advertising (or scanning), or in a connection. Bluetooth mesh utilizes only the advertising/scanning state of Bluetooth LE devices.
Mesh network. A non-hierarchical many-to-many network topology, as opposed to one-to-one or one-to-many.
Node. A Bluetooth LE device that has joined a Bluetooth mesh network via the process of provisioning.
Provisioning. The act of a device joining a Bluetooth mesh network to become a node. A device that is not (yet) part of a network is known as an unprovisioned device.
Elements. Separate parts within a node that may be controlled independently of the node itself. For example, a light fixture (node) may contain several bulbs that can be switched on/off independently of the node. In this example, the light bulbs are the separate elements.
States. The condition of an element. For example, an on/off value. States may be multi-dimensional.
Characteristic. Defines the data type and format values, such as degrees Celsius.
Properties. A device property is a collection of one or more format descriptors that interprets and adds context to an instance of a characteristic. In the example of a characteristic as a temperature, an example property could be the ‘Present Indoor Ambient Temperature’.
The way nodes communicate with one another is known as messaging. Messages are exchanged in a Bluetooth mesh network by the publish-subscribe mechanism.
Messages. Nodes within a mesh network send messages to control and/or relay information to one another. The three types of messages are:
Addresses. Messages must be sent to and from a specified address. The three types of addresses are:
Using group or virtual addresses has one substantial benefit: adding or removing nodes does not then require the reconfiguration of other nodes.
Publish. Sending a message.
Subscribe. A configuration used to allow select messages to be sent to specific addresses for processing, typically to group or virtual addresses. Nodes may subscribe to multiple addresses.
Mesh networks can use routing to relay messages across the network in a targeted way, or flood the network with messages without taking into account the optimal routes. Bluetooth mesh strikes a balance by using a technique known as managed flooding. This broadcasts messages to all nodes within range of the sender. That being said, there are a few additional points to be aware of:
TTL. Time to Live. This limits the number of nodes a message can be passed through.
Message caching. Required by all nodes. Messages received that are already cached get discarded. This prevents a message from circulating in a relay loop multiple times.
Heartbeat messages. Indicates to other nodes that the sender is active.
Friendship: The relationship between a friend node and a low-power node (LPN). A friend node serves as a proxy for a low-power node (LPN), which spends most of its time with the radio off to conserve power. When the LPN wakes, it contacts the friend node to receive messages it may have missed while sleeping.
Bluetooth mesh was designed from the ground-up to keep data about the network and users safe from prying eyes. This ‘privacy by design’ is a standout strength of Bluetooth mesh. Separation of concerns is the key concept. This means network security, application security, and device security are each addressed independently.
Area isolation. A Bluetooth mesh network can be broken into subnets that are cryptographically distinct from each other. For example, nodes in different hotel rooms can be kept isolated from one another.
Key refresh. The procedure by which security keys are changed during the life of the network.
Message obfuscation. Obfuscation of header values means that nodes and the people using them can’t be tracked by passive eavesdropping.
Replay attack protection. An eavesdropper can intercept messages and transmit them later for malicious purposes. Bluetooth mesh networking protects against replay attacks by using two network PDU fields: the Sequence Number (SEQ) and IV Index.
Network key (NetKey). A shared key from which two keys are derived: the network encryption key and the privacy key. With the NetKey, a node can authenticate up to the network layer. This allows message relaying, but not the decryption of application data.
Application Key (AppKey). Shared between a subset of nodes that is used to authenticate at the application level, but not across multiple networks. A Bluetooth mesh network can have multiple AppKeys in one network.
Device Key (DevKey). Used to secure communication in the provisioning process (see below). This allows the provisioner to communicate directly to the device being provisioned.
Continuing with the security and privacy theme, secure device provisioning is an important concept to understand. The secure process involves five steps:
Beaconing. The unprovisioned device sends the mesh beacon advertisements, a new type of data type introduced in Bluetooth mesh. Typically, this is done by a pre-configured series of button presses on the device.
Invitation. The provisioner sends an invitation to the unprovisioned device using a new PDU specific to Bluetooth mesh. The unprovisioned device then responds with information about its capabilities in a provisioning capabilities PDU.
Public Key Exchange. A security step using a combination of symmetric and asymmetric keys, done either directly over Bluetooth LE or via an out-of-band (OOB) channel.
Authentication. A step usually involving user input, with the precise authentication method depending on the capabilities of both devices used.
Provision Data Distribution. Once authenticated, each device derives a session key using their private key and the public key sent to it from the other device. The unprovisioned device then becomes a node.
This article was first published on Nordic's Get Connected Blog.