Network Computingwww.networkcomputing.com

Security for Bluetooth devices is less than wonderful. It provides link-level security plus encryption. Security in a Bluetooth network is entirely device-based, not user-based, as in traditional systems. Bluetooth has three levels of security:

• Level 1: No security.

• Level 2: Service-level-enforced security. Security is established after channel negotiation.

• Level 3: Link-level-enforced security.

In Bluetooth, most security issues are expected to occur above the link layer, in the application or protocol layers. However, problems can occur at a purely physical level. It is also possible to cause DoS (denial of service) attacks against a wireless network by flooding the 2.4-GHz band with interference. Wireless networks are also vulnerable to passive eavesdropping attacks.

In this scenario, a potential hacker could simply listen for Bluetooth packets and extract data from them. The frequency-hopping characteristic of Bluetooth largely eliminates this problem. The hacker would have to know the exact sequence of hops and channels at 1,600 hops per second. We recommend using an external encryption program to pre-encrypt the data before sending it across Bluetooth.

Other wireless solutions use more robust solutions like WEP (Wired Equivalent Privacy). However, implementing something like WEP on top of Bluetooth would once again restrict simplicity and ease of use. It is important to keep in mind Bluetooth's design intentions when considering security in the standard.

Radios in Bluetooth can be master or slave, or be in simultaneous scenarios. Two possible Bluetooth networks exist: piconet and scatternet. When you bring Bluetooth radios within range of each other, they connect and form a piconet. One unit becomes a master, the other a slave. The master controls all the traffic in a piconet. Bluetooth radios in a piconet frequency-hop together. Each piconet can have up to seven simultaneous or more than 200 active slaves.

Radios in a piconet can be in one of five states: standby, inquire, page, connect and park/hold. Standby is a radio waiting to join a piconet. Inquire is a radio seeking other radios to connect. Page is a master radio asking to connect to a specific radio. Connect is a radio active on a piconet as a master, slave or simultaneous. Park/hold is a low-power connected state. The master gives all the slaves in a piconet its clock-device ID and sets the unique hopping sequence based on the master's device address.

Scatternets occur when multiple masters exist in range of each other. A master radio may also be a slave radio on another piconet. Each piconet is hopping with a different sequence sharing the same 2.4-GHz band. Because of the different hopping sequences, there is very little chance that any master will hit a channel at the same time as another master.

Bluetooth cannot hand off a slave to another master unit. This is a problem if you are sending voice data to a device and switch piconets. A couple of seconds of voice or even the connection could be lost. The specification offers no solution, because of the cost and complexity involved. Bluetooth is not meant to be a replacement for wireless LAN networks, but a cable replacement and ad hoc network.

Interoperability High Points

It would be insane for a vendor to put out a Bluetooth radio device without proper interoperability. The Bluetooth SIG conducts certification and keeps a list of qualified products on its Web site. The Bluetooth SIG and Web site (www.bluetooth.com) give fledgling Bluetooth developers all the help they need to create a compliant product.

When thinking about deploying Bluetooth, you should consider several issues. Bluetooth is suitable for everything from SOHO (small office/home office) to full-scale enterprise use. Are you looking for a cable-replacement technology with phone and PDA benefits? Or are you looking for wireless networking?

Do you need a Bluetooth environment? Right now, no. Will you need a Bluetooth environment in the next two years? It's a real possibility. Company cell phones, PDAs and laptops will likely be equipped with this new technology. Your end users will ask for it, and executives will demand it.

When you deploy your Bluetooth environment, the first thing you have to determine is whether to make it a buildingwide deployment, a conference-room deployment or just a couple of desktops. Buildingwide deployments give you the advantage of Bluetooth everywhere. If you're going to deploy buildingwide and have a wireless LAN or are planning to deploy one, consider the interference that these two technologies could give each other.

Conference-room deployment gives you ad hoc file sharing and other benefits. However, conference-room deployments also could react with a wireless LAN environment, but on a much smaller scale.

The advantage of personal deployment is realized only if your Bluetooth commitment is very small. Personal deployments should have almost no effect on the wireless LAN environment. If you are going to do anything on a conference room scale or beyond, see what it would take to deploy this technology to the entire enterprise and design your implementations to take advantage of the conference-room equipment you are going to install.

Bluetooth will come through on its promise of interoperability in the next two years. This quarter will offer a few new products and a better perspective on how Bluetooth is going to affect us. Using Bluetooth now are Motorola's Timeport 270 cell phone and the GN Netcom GN9000 Bluetooth headset.

As the technology matures, the cost of Bluetooth devices will fall. Right now Toshiba offers a PC Card Bluetooth interface, called the PA3053U. These cards list for $169 on the company's Web site. I put one of the Toshiba cards in a Compaq Computer Corp. 1600 laptop and the other in a Dell Computer Corp. Latitude laptop. I loaded a few drivers, rebooted, and indeed experienced ad hoc file and print sharing just as advertised. The number of devices will increase quite a bit in the next six months. Be ready for the invasion.