
Bluetooth SIG Announces Mesh Networking Capability for BLE 4.0+ - Tepix
https://blog.bluetooth.com/introducing-bluetooth-mesh-networking
======
Tepix
The actual specification:

[https://www.bluetooth.com/specifications/mesh-
specifications](https://www.bluetooth.com/specifications/mesh-specifications)

More coverage:

[https://www.bluetooth.com/what-is-bluetooth-
technology/how-i...](https://www.bluetooth.com/what-is-bluetooth-
technology/how-it-works/le-mesh)

[https://blog.bluetooth.com/introducing-bluetooth-mesh-
networ...](https://blog.bluetooth.com/introducing-bluetooth-mesh-networking)

[https://www.theverge.com/circuitbreaker/2017/7/18/15988362/b...](https://www.theverge.com/circuitbreaker/2017/7/18/15988362/bluetooth-
mesh-networking-standard-released-smart-home)

[https://www.cnet.com/news/bluetooth-
mesh/](https://www.cnet.com/news/bluetooth-mesh/)

[http://www.zdnet.com/article/bluetooth-gets-mesh-
functionali...](http://www.zdnet.com/article/bluetooth-gets-mesh-
functionality-to-enable-industrial-grade-device-networks/)

A standard by the Bluetooth SIG that (hopefully) stops the fragmented mesh
technologies for Bluetooth we've seen in the past was long overdue. It's also
great that it works with Bluetooth 4.0+.

------
MrQuincle
Some bullet points from a while ago when it was still confidential, but maybe
it helps someone who doesn't want to go through a few hundred pages:

\+ There are two types of keys: network layer and application layer. Not
having the first key type means that you can't send anything into the mesh.
The second key type can govern application specific control (like turning
on/off lights) and is different for locks, bulbs, etc..

\+ Separation of these two types of keys means that nodes can partake in the
sending / receiving of encrypted messages because they are authenticated on a
network level. I'll have to think through what this means for a denial of
service attack.

\+ Later on they suddenly also introduce a device key as a particular type of
application key. It is introduced to protect against a "trash can attack".

\+ "Friendship" is possible between neighbouring nodes to reduce the amount of
time that needs to be listened.

\+ There is a lot of "routing". It is possible to use unicast addresses, group
addresses, and broadcast addresses.

\+ The lower transport layer defines segments to be able to define data chunks
that are larger than a single packet. I don't think it's meant to put multiple
segments into one packet like we do.

\+ There is a Heartbeat to monitor nodes on the network and discover how far
nodes are apart from each other.

\+ There is a publish-subscribe mechanism.

\+ Encryption is using AES-CMAC and there is a network nonce, application
nonce, and device nonce (and proxy nonce).

\+ There is a Mesh Beacon format.

\+ There is a provisioning method to get new keys, switch to the new keys, and
revoke the old keys.

\+ There is a blacklist procedure to remove a node.

