Wearable Device Bluetooth/BLE Physical Layer Dataset
Abstract
:1. Summary
- Advertising, during which only the device under test (DUT) transmits;
- Pairing, when the DUT initiates pairing with an Android smartphone;
- Data exchange, involving tasks such as audio playback or sensor reading;
- Disconnect, when the Bluetooth of the Android smartphone is deactivated.
2. Data Description
- radio.data - IQ data from SDR, with a bandwidth of 100 MHz
- top.yaml - YAML-formatted file containing metadata
- radio_25_n.chdata - Channelized versions of radio.data into four 25 MHz channels, where
- radio_05_n_m.chdata - Each channel from radio_25_n.chdata is further divided into five 5MHz channels,
- device_name_recording_k_scenario.json - Demodulated and decoded Bluetooth data for each radio recording, saved in JSON format. The filename includes the device name, recording index k (1 or 2), and the scenario (paired or unpaired).
3. Methods
3.1. Data Acquisition Setup
3.2. Device Selection
3.3. Acquisition Methodology
- Turn on DUT in advertising mode and position it within the anechoic chamber.
- Start SDR in receive mode.
- Enable Bluetooth on the Android device and establish a connection to the DUT using the Android Debug Bridge (ADB) [18].
- Exchange data with the DUT; for headphones, initiate audio playback, while for smartwatches/trackers, interact with specific apps to trigger sensor readings.
- Disable Bluetooth on the Android device.
- Terminate SDR receiving.
- Write metadata.
3.4. Data Quality
- Each 100 MHz wide recording was processed into four 25 MHz wide sample files with frequency shifts −30, −10, +10, +30 MHz, and decimated four times applying a Chebyshev type I filter of 10th order.
- Each 25 MHz wide sample file was processed into five 5 MHz wide sample files with frequency shifts −5, −2.5, 0, +2.5, +5 and decimated five times applying a Chebyshev type I filter of 10th order (each resulting sample file represents four Bluetooth Classic channels).
- Radio signals were detected using amplitude peak detection. Detecting included anything that was longer than the smallest BTC packet length and had an amplitude above a hard-coded multiplier of the average noise level.
- Based on the frequency with the highest amplitude, the specific Bluetooth Classic channel was extracted from the signal samples.
- Performing Gaussian frequency shift keying (GFSK) demodulation with multiple possible symbol start time shifts, generating multiple candidate demodulation results.
- Conducting correlation with the expected preamble, trailer, and the fixed bits of the access word (…001101 or 110010), and the result used to score the candidate demodulation alternatives.
- Where applicable, the header forward error correction (FEC) was decoded, and its error rate was also used to adjust the candidate demodulation score.
- The decoded bits of the highest-scoring demodulation candidate were recorded in a file of potential packets along with other metadata (sample start, length, channel, LAP, etc.).
- Since the resulting bits are whitened, further processing was performed to decode packets, e.g., detection of FHS packets, page central response packets, validation of possible de-whitening by checking FEC calculation, etc. This allowed decoding of the packet type, upper address part (UAP), and further processing of decoded packets (e.g., recovering payload).
4. User Notes
- Device model fingerprinting based on both physical layer and protocol aspects;
- Testing of algorithms for radio data analysis, packet detection and decoding;
- Exploration of Bluetooth protocol implementation differences in various chipsets;
- Vulnerability research on data encryption weaknesses based on observation of the pairing process.
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
ADB | Android Debug Bridge |
BD_ADDR | Broadcast Address |
BLE | Bluetooth Low Energy |
BTC | Bluetooth Classic |
DUT | Device Under Test |
EDR | Enhanced Data Rate |
FEC | Forward Error Correction |
GFSK | Gaussian Frequency Shift Keying |
PSK | Phase Shift Keying |
RF | Radio Frequency |
SDR | Software Defined Radio |
SoC | System-on-Chip |
UAP | Upper Address Part |
1 |
References
- Givehchian, H.; Bhaskar, N.; Herrera, E.R.; Soto, H.R.L.; Dameff, C.; Bharadia, D.; Schulman, A. Evaluating physical-layer ble location tracking attacks on mobile devices. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 22–26 May 2022; pp. 1690–1704. [Google Scholar]
- Jagannath, A.; Jagannath, J. Embedding-Assisted Attentional Deep Learning for Real-World RF Fingerprinting of Bluetooth. IEEE Trans. Cogn. Commun. Netw. 2023, 9, 940–949. [Google Scholar] [CrossRef]
- Jagannath, A.; Kane, Z.; Jagannath, J. RF Fingerprinting Needs Attention: Multi-task Approach for Real-World WiFi and Bluetooth. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), Rio de Janeiro, Brazil, 4–8 December 2022. [Google Scholar]
- Takanen, A.; DeMott, J.; Miller, C.; Kettunen, A. Fuzzing for Software Security Testing and Quality Assurance Second Edition; Artech House: Norwood, MA, USA, 2018. [Google Scholar]
- Great Scott Gadgets. Ubertooth One. Available online: https://ubertooth.readthedocs.io/en/latest/ubertooth_one.html (accessed on 8 January 2024).
- Texas Instruments. 2.4 GHz Low-Power RF Transceiver. Available online: https://www.ti.com/lit/ds/symlink/cc2400.pdf?ts=1704707041389 (accessed on 8 January 2024).
- Mike Ryan. Ice9-Bluetooth-Sniffer. 2022. Available online: https://github.com/mikeryan/ice9-bluetooth-sniffer (accessed on 16 January 2024).
- Uzundurukan, E.; Dalveren, Y.; Kara, A. A database for the radio frequency fingerprinting of Bluetooth devices. Data 2020, 5, 55. [Google Scholar] [CrossRef]
- Siddik, A.B.; Drake, D.; Wilkinson, T.; De Leon, P.L.; Sandoval, S.; Campos, M. WIDEFT: A corpus of radio frequency signals for wireless device fingerprint research. In Proceedings of the 2021 IEEE International Symposium on Technologies for Homeland Security (HST), Boston, MA, USA, 8–9 November 2021; pp. 1–7. [Google Scholar]
- Jagannath, A.; Jagannath, J. RF-Fingerprint-BT-IoT: Real-world Frequency Hopping Bluetooth dataset from IoT devices for RF fingerprinting. TechRxiv 2022, 9, 940–949. [Google Scholar] [CrossRef]
- Jagannath, A.; Kane, Z.; Jagannath, J. Real-world Commercial WiFi and Bluetooth Dataset for RF Fingerprinting. IEEE Dataport 2022. [Google Scholar] [CrossRef]
- Ettus Research. Ettus Research Products. Available online: https://www.ettus.com/all-products/x310-kit/ (accessed on 8 January 2024).
- Ettus Research. Ettus Research Products. Available online: https://kb.ettus.com/CBX (accessed on 8 January 2024).
- Zenodo. Zenodo Frequently Asked Questions. Available online: https://help.zenodo.org/faq/ (accessed on 9 January 2024).
- Core Specification Working Group. Bluetooth Core Specification v5.4. 2023. Available online: https://www.bluetooth.com/specifications/specs/core-specification-5-4/ (accessed on 8 January 2024).
- Bluetooth SIG. Part B. Baseband Specification. Available online: https://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-54/out/en/br-edr-controller/baseband-specification.html (accessed on 23 February 2024).
- GNU Radio Project. GNURadio. Available online: https://www.gnuradio.org/ (accessed on 15 January 2024).
- Android Developers. Android Debug Bridge (adb). Available online: https://developer.android.com/tools/adb (accessed on 8 January 2024).
Folder Name | Class | Bluetooth Version | Chipset |
---|---|---|---|
Amazfit_Band_5 | Activity Tracker | 5.0 | not disclosed |
Apple_AirPods_(3nd_generation) | Headset | 5.0 | Apple H1 |
Apple_AirPods_Pro_(2nd_generation) | Headset | 5.3 | Apple H2 |
Apple_Watch_SE_(2nd_Gen) | Activity Tracker | 5.3 | Apple S5 |
Apple_Watch_Series_8 | Activity Tracker | 5.3 | Apple S8 |
Beats_Solo3_Wireless | Headset | 4.0 | Apple W1 |
Bose_QuietComfort_Earbuds_II | Headset | 5.3 | Qualcomm QCC5171 |
eSense | Headset | - | not disclosed |
Fitbit_Charge_5 | Activity Tracker | 5.1 | not disclosed |
Fitbit_Versa_4 | Activity Tracker | 5.2 | not disclosed |
Garmin_Instinct_Crossover | Activity Tracker | 5.0 | not disclosed |
Garmin_Venu_SQ | Activity Tracker | 5.0 | Nordic Semiconductor nRF52810 |
Garmin_Vivoactive_4 | Activity Tracker | 5.0 | not disclosed |
Google_Pixel_Buds_Pro | Headset | 5.3 | Broadcom BCM43015A0WKUBG |
Google_Pixel_Watch | Activity Tracker | 5.2 | Exynos 9110+Cortex M33 |
Huawei_Band_3e | Activity Tracker | 4.2 | Ambiq Micro Apollo3 Blue |
I7-TWS | Headset | - | not disclosed |
JBL_TUNE510BT | Headset | 5.0 | Realtek RTL8763B |
Unknown_BT_headphones_black | Headset | - | not disclosed |
Mangoman | Headset | - | not disclosed |
noise | - | - | - |
Raycon_The_Everyday_Earbuds | Headset | 5.0 | Airoha AB1562M |
Redmi_Buds_3 | Headset | 5.0 | not disclosed |
Samsung_Galaxy_Buds2_Pro | Headset | 5.3 | BES BES2700YP |
Samsung_Galaxy_S20_FE | Smartphone | 5.0 | not disclosed |
Samsung_Galaxy_Watch5 | Activity Tracker | 5.2 | Exynos W920 |
Smart_Bracelet_LP715(G) | Activity Tracker | 4.0 | not disclosed |
Smart_Bracelet_XMSH07HM | Activity Tracker | 4.0 | not disclosed |
Sony_WF-1000XM4 | Headset | 5.2 | MediaTek MT2822SA |
Sony_WH-1000XM5 | Headset | 5.2 | MediaTek MT2822AA |
Xiaomi_Smart_Band_7 | Activity Tracker | 5.2 | Dialog DA14706 |
ZABBOW_Scorpion | Headset | - | not disclosed |
Key | Description |
---|---|
recording_date | The date the radio recording was made. |
recording_location | Location where the radio recording was made. |
recording_device | Parameters regarding the recording device. |
device_type | Type of device involved, for example, SDR. |
model | Model of device_type. |
daughterboard | RF Frontend, USRP’s use term daughterboard. |
attenuator | External attenuator (if) used. |
antenna | Antenna used. |
uhd_version | Driver version for SDR. |
sample_rate | Sample rate used. |
center_frequency | Center frequency, Hz. |
gain | Internal gain value for the recording device. |
DC_correction | Whether DC correction was used or not. In USRP UHD driver, this is “uhd.tune_request()” |
output_file | Output recording file with reference to metadata location. |
wearable_device | Parameters regarding the wearable device (DUT). |
device_type | Device type: Smartwatch/smartband or headphones, or smartphone. |
BD_ADDR | Wearable device Bluetooth address as shown in smartphone settings or master Bluetooth address. |
bluetooth_version | Bluetooth version used. |
android_app | Specific Android app used for data exchange, in this dataset used for smartwatches. |
android_app_version | Version of android_app |
master_device | Parameters regarding the master device, in this dataset Samsung Galaxy S20 FE. |
recording_duration_seconds | Duration of recording in seconds. |
recording_timeline_description | Events at which Android Debug Bridge triggered connection events in smartphone. Seconds. |
enabling_Bluetooth_on_smartphone | Time in recording at which Bluetooth was enabled on smartphone. Seconds. |
Bluetooth_connection_established | Time at which pairing with wearable device was complete. Seconds. |
start_data_exchange | Time at which data exchange with Wearable device was triggered. Seconds. |
stop_data_exchange | Time at which data exchange with Wearable device was stopped. Seconds. |
disconnected | Time at which Android Debug Bridge triggered to turn off smartphone’s Bluetooth. Seconds. |
event_scenario | Event as described in Section 3.2. Paired, unpaired or advertising. |
event_description | Description of what was happening during recording in free form. |
file_format | File format of output_file. |
channelized_data | Parameters regarding the channelized data. |
channels_25 | Parameters regarding the data channelized into four 25 MHz channels. |
output_file_ch25 | File names of channelized data with reference to metadata location. 25 MHz channels. |
sample_rate_ch25 | Sample rate of output_file_ch25. |
center_frequency_ch25 | Center frequencies of output_file_ch25 in same order as output_file_ch25. |
channels_05 | Parameters regarding the data channelized into twenty 5 MHz channels. |
output_file_ch05 | Filenames of channelized data with reference to metadata location. 5 MHz channels. |
sample_rate_ch05 | Sample rate of output_file_ch05. |
center_frequency_ch05 | Center frequencies of output_file_ch05 in same order as output_file_ch05. |
Key | Description |
---|---|
Packet | Packet sequence number within the radio recording |
sample_file | Path to the sample file containing the origin recording |
left | Packet first sample in sample file for this packet |
right | Packet final sample in sample file for this packet |
length | right–left, length of the signal in samples |
signal_max | Maximum amplitude of the detected signal |
signal_mean | Signal mean amplitude |
payload_std | Standard deviation of the signal amplitude. Calculated only if the overall length of the signal is sufficient for payload EDR payload |
index_25 | Which of the four 25 MHZ channelized recordings |
index_5 | Which of the five 5 MHZ channelized recordings |
local_freq | Local frequency within the 5 MHz sample file |
demod_start | Offset of performed GFSK demodulation start from the signal start |
bits | Decoded bits (if available) |
packet_lt_addr | Bluetooth logical transport address (LT_ADDR) |
packet_type | Header TYPE field |
packet_flow | Header FLOW field |
packet_arqn | Header ARQN field |
packet_seqn | Header SEQN field |
packet_hec | Header HEC field |
packet_id | Is the packet an ID packet? |
header_fec | Ratio of header FEC 1/3 bits, which are equal (higher number—more likely decoding is correct) |
clock | Starting sample in sample_file for demodulated packet (left + demod_start) |
lap | LAP (lower address part) |
comment | Additional comments (if any) |
header | Packet header |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Rusins, A.; Tiscenko, D.; Dobelis, E.; Blumbergs, E.; Nesenbergs, K.; Paikens, P. Wearable Device Bluetooth/BLE Physical Layer Dataset. Data 2024, 9, 53. https://doi.org/10.3390/data9040053
Rusins A, Tiscenko D, Dobelis E, Blumbergs E, Nesenbergs K, Paikens P. Wearable Device Bluetooth/BLE Physical Layer Dataset. Data. 2024; 9(4):53. https://doi.org/10.3390/data9040053
Chicago/Turabian StyleRusins, Artis, Deniss Tiscenko, Eriks Dobelis, Eduards Blumbergs, Krisjanis Nesenbergs, and Peteris Paikens. 2024. "Wearable Device Bluetooth/BLE Physical Layer Dataset" Data 9, no. 4: 53. https://doi.org/10.3390/data9040053