BLE Fundamentals

Bluetooth Low Energy (BLE) is a wireless communication protocol for energy-efficient IoT devices. This chapter explains the fundamental concepts.

BLE vs. Bluetooth Classic

Layer	Abbreviation	Function
Physical Layer	PHY	2.4 GHz ISM band, GFSK modulation, 40 channels
Link Layer	LL	Advertising, Scanning, Connection Management, Encryption
L2CAP	L2CAP	Logical Link Control - Multiplexing, Fragmentation
ATT	ATT	Attribute Protocol - Client-Server data model
GATT	GATT	Generic Attribute Profile - Services and Characteristics
GAP	GAP	Generic Access Profile - Discovery, Connection
SMP	SMP	Security Manager Protocol - Pairing, Bonding

State	Description	Typical Role
Standby	No radio activity, minimal power	All
Advertising	Sends periodic advertising packets on channels 37, 38, 39	Peripheral
Scanning	Receives advertising packets	Central
Initiating	Waits for advertising from specific device	Central
Connection	Active bidirectional data connection	Both

Role	Function	Examples
Central	Initiates connection, controls timing	Smartphone, Computer
Peripheral	Advertises, provides data	Sensors, Wearables
Broadcaster	Advertising only, no connection	Beacons
Observer	Scanning only, no connection	Presence Detection

Peripherals send advertising packets on three advertising channels:

PDU Type	Connectable	Scannable	Use Case
ADV_IND	✓	✓	Standard
ADV_DIRECT_IND	✓	✗	Fast Reconnection
ADV_NONCONN_IND	✗	✗	Beacons
ADV_SCAN_IND	✗	✓	Broadcast with data

Important

BLE is not secure by default!

Mistake	Description	Consequence
Just Works Pairing	No additional authentication	MITM attacks possible
No Access Controls	Characteristics without security level	Anyone can read/write
Sensitive Data in Advertising	Weight, ID, etc. public	Privacy violation
Hardcoded Keys	Keys in app/firmware	Easy extraction
Weak Encryption	XOR, Base64, ROT13	Trivial to break