Bluetooth mesh networking

Bluetooth Mesh is a computer mesh networking standard based on Bluetooth Low Energy that allows for many-to-many communication over Bluetooth radio. The Bluetooth Mesh specifications were defined in the Mesh Profile and Mesh Model specifications by the Bluetooth Special Interest Group (Bluetooth SIG). Bluetooth Mesh was conceived in 2014 and adopted on July 13, 2017.

Overview
Bluetooth Mesh is a mesh networking standard that operates on a flood network principle. It's based on the nodes relaying the messages: every relay node that receives a network packet that


 * authenticates against a known network key
 * is not in message cache
 * has a TTL ≥ 2

can be retransmitted with TTL = TTL - 1. Message caching is used to prevent relaying recently seen messages.

Communication is carried in the messages that may be up to 384 bytes long, when using Segmentation and Reassembly (SAR) mechanism, but most of the messages fit in one segment, that is 11 bytes. Each message starts with an opcode, which may be a single byte (for special messages), 2 bytes (for standard messages), or 3 bytes (for vendor-specific messages).

Every message has a source and a destination address, determining which devices process messages. Devices publish messages to destinations which can be single things / groups of things / everything.

Each message has a sequence number that protects the network against replay attacks.

Each message is encrypted and authenticated. Two keys are used to secure messages: (1) network keys – allocated to a single mesh network, (2) application keys – specific for a given application functionality, e.g. turning the light on vs reconfiguring the light.

Messages have a time to live (TTL). Each time message is received and retransmitted, TTL is decremented which limits the number of "hops", eliminating endless loops.

Architecture
Bluetooth Mesh has a layered architecture, with multiple layers as below.

Topology
Nodes that support the various features can be formed into a mesh network.

Theoretical limits
The practical limits of Bluetooth Mesh technology are unknown. Some limits that are built into the specification include:

Mesh models
As of version 1.0 of Bluetooth Mesh specification, the following standard models and model groups have been defined:

Foundation models
Foundation models have been defined in the core specification. Two of them are mandatory for all mesh nodes.
 * Configuration Server (mandatory)
 * Configuration Client
 * Health Server (mandatory)
 * Health Client

Generic models

 * Generic OnOff Server, used to represent devices that do not fit any of the model descriptions defined but support the generic properties of On/Off
 * Generic Level Server, keeping the state of an element in a 16-bit signed integer
 * Generic Default Transition Time Server, used to represent a default transition time for a variety of devices
 * Generic Power OnOff Server & Generic Power OnOff Setup Server, used to represent devices that do not fit any of the model descriptions but support the generic properties of On/Off
 * Generic Power Level Server & Generic Power Level Setup Server, including a Generic Power Actual state, a Generic Power Last state, a Generic Power Default state and a Generic Power Range state
 * Generic Battery Server, representing a set of four values representing the state of a battery
 * Generic Location Server & Generic Location Setup Server, representing location information of an element, either global (Lat/Lon) or local
 * Generic User/Admin/Manufacturer/Client Property Server, representing any value to be stored by an element
 * Generic OnOff Client & Generic Level Client
 * Generic Default Transition Time Client
 * Generic Power OnOff Client & Generic Power Level Client
 * Generic Battery Client
 * Generic Location Client
 * Generic Property Client

Sensors

 * Sensor Server & Sensor Setup Server, representing a sensor device. Sensor device may be configured to return a measured value periodically or on request; measurement period (cadence) may be configured to be fixed or to change, so that more important value range is being reported faster.
 * Sensor Client

Time and scenes

 * Time Server & Time Setup Server, allowing for time synchronization in mesh network
 * Scene Server & Scene Setup Server, allowing for up to 65535 scenes to be configured and recalled when needed.
 * Scheduler Server & Scheduler Setup Server
 * Time Client, Scene Client & Scheduler Client

Lighting

 * Light Lightness Server & Light Lightness Setup Server, representing a dimmable light source
 * Light CTL Server, Light CTL Temperature Server & Light CTL Setup Server, representing a CCT or "tunable white" light source
 * Light HSL Server, Light HSL Hue Server, Light HSL Saturation Server & Light HSL Setup Server, representing a light source based on Hue, Saturation, Lightness color representation
 * Light xyL Server & Light xyL Setup Server, representing a light source based on modified CIE xyY color space.
 * Light LC (Lightness Control) Server & Light LC Setup Server, representing a light control device, able to control Light Lightness model using an occupancy sensor and ambient light sensor. It may be used for light control scenarios like Auto-On, Auto-Off and/or Daylight Harvesting.
 * Light Lightness Client, Light CTL Client, Light HSL Client, Light xyL Client & Light LC Client

Provisioning
Provisioning is a process of installing the device into a network. It is a mandatory step to build a Bluetooth Mesh network.

In the provisioning process, a provisioner securely distributes a network key and a unique address space for a device. The provisioning protocol uses P256 Elliptic Curve Diffie-Hellman Key Exchange to create a temporary key to encrypt network key and other information. This provides security from a passive eavesdropper. It also provides various authentication mechanisms to protect network information, from an active eavesdropper who uses man-in-the-middle attack, during provisioning process.

A key unique to a device known as "Device Key" is derived from elliptic curve shared secret on provisioner and device during the provisioning process. This device key is used by the provisioner to encrypt messages for that specific device.

The security of the provisioning process has been analyzed in a paper presented during the IEEE CNS 2018 conference.

The provisioning can be performed using a Bluetooth GATT connection or advertising using the specific bearer.

Terminology used in the Bluetooth Mesh Model and Mesh Profile specifications

 * Destination: The address to which a message is sent.
 * Element: An addressable entity within a device.
 * Model: Standardized operation of typical user scenarios.
 * Node: A provisioned device.
 * Provisioner: A node that can add a device to a mesh network.
 * Relay: A node able to retransmit messages.
 * Source: The address from which a message is sent.

Free and open-source software implementations
Free software and open source software implementations include the following:
 * The official (included in Linux kernel by Linus Torvalds in 2001 ) Linux Bluetooth protocol stack BlueZ, dual free-licensed under the GPL and the LGPL, supports Mesh Profile, from release version 5.47, by providing meshctl tool (deprecated) to configure mesh devices. Release version 5.53 introduced mesh-cfgclient tool for configuring mesh networks. BlueZ was approved as a "qualified" software package by Bluetooth SIG in 2005. BlueZ is not considered to be a qualified Bluetooth Mesh stack as Bluetooth Mesh is not listed in aforementioned qualification record as a supported profile.
 * Apache Mynewt NimBLE, free-licensed under the Apache License 2.0, supports Bluetooth Mesh from release version 1.2.0. It was qualified on July 15, 2019 with QDID 131934.
 * Zephyr OS Mesh, free-licensed under the Apache License 2.0, supports Bluetooth Mesh from release version 1.9.0. Zephyr OS Mesh 1.14.x was qualified on September 20, 2019 with QDID 139259.