Bluetooth Clock Recovery and Hop Sequence Synchronization Using Software Defined Radios

2008 IEEE Region 5 Conference Pub Date : 2008-04-17 DOI:10.1109/TPSD.2008.4562737

A. A. Tabassam, S. Heiss

{"title":"Bluetooth Clock Recovery and Hop Sequence Synchronization Using Software Defined Radios","authors":"A. A. Tabassam, S. Heiss","doi":"10.1109/TPSD.2008.4562737","DOIUrl":null,"url":null,"abstract":"Bluetooth communication is based on frequency hopping spread-spectrum and time division duplexing. Bluetooth devices must be properly synchronized so that they can hop together; the synchronization is done by using the same channel set as well as the same hopping sequence within that channel set along with the time synchronization. Frequency hopping sequences are derived from Bluetooth device addresses and clock values. During the inquiry procedure as well as in the page procedure, frequency hop synchronization (FHS) packets are exchanged which contain the device addresses and clock values for the derivation of the frequency hop sequences. This paper presents the different possibilities to intercept and demodulate the frequency hop synchronization packets exchanged during the inquiry or the page procedure. It also presents a complete SDR prototype solution to get the master's device address and its clock value, just listing for a short time on a fixed RF frequency out of the 79 Bluetooth channels, without capturing the FHS packet. The prototype system is build and interfaced with an Ettus's USRP mother board and RFX2400 daughter board using the GNU radio framework.","PeriodicalId":410786,"journal":{"name":"2008 IEEE Region 5 Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Region 5 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPSD.2008.4562737","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Bluetooth communication is based on frequency hopping spread-spectrum and time division duplexing. Bluetooth devices must be properly synchronized so that they can hop together; the synchronization is done by using the same channel set as well as the same hopping sequence within that channel set along with the time synchronization. Frequency hopping sequences are derived from Bluetooth device addresses and clock values. During the inquiry procedure as well as in the page procedure, frequency hop synchronization (FHS) packets are exchanged which contain the device addresses and clock values for the derivation of the frequency hop sequences. This paper presents the different possibilities to intercept and demodulate the frequency hop synchronization packets exchanged during the inquiry or the page procedure. It also presents a complete SDR prototype solution to get the master's device address and its clock value, just listing for a short time on a fixed RF frequency out of the 79 Bluetooth channels, without capturing the FHS packet. The prototype system is build and interfaced with an Ettus's USRP mother board and RFX2400 daughter board using the GNU radio framework.

查看原文本刊更多论文

使用软件定义无线电的蓝牙时钟恢复和跳序列同步

蓝牙通信基于跳频扩频和时分双工技术。蓝牙设备必须正确同步，这样它们才能一起跳;同步通过使用相同的信道集以及该信道集内的相同跳频序列以及时间同步来完成。跳频序列来源于蓝牙设备地址和时钟值。在查询过程和页面过程中，交换频率跳同步(FHS)数据包，其中包含用于派生频率跳序列的设备地址和时钟值。本文介绍了在查询或页面过程中交换的频率跳同步包的拦截和解调的不同可能性。它还提出了一个完整的SDR原型解决方案，以获得主设备地址及其时钟值，只需在79个蓝牙信道中的固定射频频率上短暂列出，而无需捕获FHS数据包。使用GNU无线电框架构建了原型系统，并与Ettus的USRP母板和RFX2400子板进行了接口。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 IEEE Region 5 Conference

自引率

0.00%

发文量