10-02-2025

IOT PROTOCOLS

WI-FI

• Wi-Fi or WiFi is technically referred to by its standard, IEEE 802.11, and is a wireless
technology for wireless local area networking of nodes and devices built upon similar
standards (Figure 7.25).
• Wi-Fi utilizes the 2.4 GHz ultra high frequency (UHF) band or the 5.8 GHz super high
frequency (SHF) ISM radio bands for communication.
• For operation, these bands in Wi-Fi are subdivided into multiple channels.
• The communication over each of these channels is achieved by multiple devices
simultaneously using time-sharing based TDMA multiplexing. It uses CSMA/CA for channel
access.

1
 10-02-2025

• IEEE 802.11 is a set of PHY/MAC specifications for implementing wireless local area networks (WLAN)
in various frequency bands, including the 900 Mhz and the 2.4, 3.6 ,5,and 60GHz bands.
• The base version of the standard was released in 1997.
• Among the latest amendments are:
• IEEE802.11ac(2013):which guarantees very hight hroughput in the frequency band below 6 GHz, and brings
potential improvements over 802.11n, including a better modulation scheme, wider chan nels, and multi-user
MIMO;
• IEEE802.11ah(2016):for sub-GHz license-exempt operations, such as sensor networks and smart metering;
• IEEE802.11ai: which introduces fast initial link setup

• Various versions of IEEE 802.11 have been popularly adapted, such as a/b/g/n.
• The IEEE 802.11a achieves a data rate of 54 Mbps and works on the 5 GHz band using
OFDM for communication. IEEE 802.11b achieves a data rate of 11 Mbps and operates
on the 2.4 GHz band.
• Similarly, IEEE 802.11g also works on the 2.4 GHz band but achieves higher data rates of
54 Mbps using OFDM.
• Finally, the newest version, IEEE 802.11n, can transmit data at a rate of 140 Mbps on the 5
GHz band.

2
 10-02-2025

• An 802.11 LAN is based on a “cellular” architecture: the system is subdivided into cells.
• Each cell, referred to as a basic service set in the 802.11 nomenclature, is controlled by a base station,
known as an access point (AP).
• Although a wireless LAN may be formed by a single cell, with a single AP, most installations are formed
by several cells, with the APs connected through some backbone, denoted as the distribution system
(DS).
• Backbone is typically an Ethernet, and in some cases is wireless itself.
• The whole interconnected WLAN, including the different cells, their respective APs and the DS, is seen as
a single 802 network to the upper layers of the OSI model and is known as an extended service set.

3
 10-02-2025

2/10/2025

7
CARRIER SENSING

• Problems
• Hidden terminal problem
• Exposed terminal problem

2/10/2025

8
HIDDEN TERMINAL PROBLEM

• The two transmitters STA and STC are not in the

radio range of each other
• STA starts transmitting to station STB.
• STC is out of radio range of STA, it perceives that
the channel is free and starts transmitting to STB
• frames received by STC are garbled and collision
occurs
• Solution:The exposed terminal problem is solved
by the MAC (medium access control) layer
protocol IEEE 802.11 RTS/CTS.

4
 10-02-2025

EXPOSED TERMINAL PROBLEM

• Four stations A, B, C, and D.

• B and C are transmitters and A and D are receivers.
• Two transmitters B and C can hear each other but the
two receivers A and D cannot hear each other.
• When transmission from B to A is happening, C ceases
attempting to transmit to D assuming that it will cause
interference. Here C unnecessarily waits reducing
network efficiency
• Communication from C to D is outside of B’s range, hence
no interference will occur, and is known as exposed
terminal issue

RTS/CTS DIALOG (1) 2/10/2025

10

Defer

RTS

Any node hearing this RTS will defer medium access

10

5
 10-02-2025

2/10/2025

11
RTS/CTS DIALOG (2)

Defer
Defer

RTS
CTS

Any node hearing this CTS will defer medium access

11

2/10/2025

12
RTS/CTS/DATA/ACK DIALOG

Defer
Defer

Data
ACK

12

6
 10-02-2025

VIRTUAL CARRIER SENSING (RTS-CTS)

• Mechanism used to reduce the probability of collisions between two stations that are not within transmission range of each
other.
• A station wanting to transmit a packet first transmits a short control packet, referred to as a request to send (RTS).
• This includes the source, destination, and the duration of the following transaction; in other words, the packet and the
respective ACK packet.
• The Destination station then responds (If the medium is free) with a response control packet, referred to as the clear to send
(CTS), which includes the same duration information.
• All stations receiving either the RTS and/or the CTS, set their virtual carrier sense indicators (referred to as the network
allocation vector, NAV), for the given duration, and use this information together with the physical carrier sense when sensing
the medium.
• This mechanism reduces the probability of a collision in the receiver area by a station that is “hidden” from the transmitter to
the short duration of the RTS transmission.

13

• This is because the station hears the CTS and reserves the medium as busy until the end
of the transaction.
• The duration information on the RTS also protects the transmitter area from collisions
during the ACK (from stations that are out of range of the acknowledging station).
• It should also be noted that, because the RTS and CTS are short frames, the mechanism
also reduces the overhead of collisions, since these are recognized faster than if the
whole packet were to be transmitted– this is true if the packet is significantly bigger than
the RTS, so the standard allows for short packets to be transmitted without the RTS/CTS
transaction

14

7
 10-02-2025

HIDDEN TERMINAL (RTS-CTS)

• Before transmitting data, a sender (e.g., • Limitations:

STA) sends an RTS (Request to Send)
• If STC is too far and cannot hear STB’s
frame to the receiver (e.g., STB).
CTS message, it might still attempt
• If the channel is clear, the receiver (STB) transmission, causing interference.
responds with a CTS (Clear to Send)
• Additional overhead due to RTS-CTS
frame.
exchanges may reduce network
• Other nodes that overhear the CTS efficiency
(e.g., STC) defer their transmission,
reducing the risk of collisions..

15

EXPOSED TERMINAL (RTS-CTS)

• How Does RTS-CTS Help Mitigate the Exposed • limitations:

Terminal Problem?
• Overhearing CTS If C hears the CTS from A, it
• Before sending data, a node (e.g., C) sends an may still incorrectly assume that the channel is
RTS (Request to Send) to its receiver (D).D busy, leading to unnecessary deferral.
responds with a CTS (Clear to Send) if it is
• RTS-CTS Overhead
ready to receive.
• The additional control frame exchanges
• If C hears B’s transmission but does not receive
increase latency, reducing network efficiency.
a CTS from B’s receiver (A), it can still proceed
to send data to D. • Collision with CTS Frames: If multiple nodes
send RTS at the same time, CTS responses
• This mechanism reduces unnecessary waiting,
might collide, causing further delays.
allowing more simultaneous transmissions.

16

8
 10-02-2025

DCF

• The basic access mechanism, called the distributed coordination function, is basically a carrier sense
multiple access with collision avoidance technology (CSMA/CA).
• 802.11 standard uses a CA mechanism together with a positive acknowledgement scheme, as follows:
• 1) A station wanting to transmit senses the medium: if the medium is busy then it defers; if the medium is
free for a specified time (referred to as the distributed interframe space), then the station is allowed to
transmit.
• 2) The receiving station checks the cyclic redundancy check (CRC) of the received packet and sends an
acknowledgment packet (ACK). Receipt of the ACK indicates to the transmitter that no collision
occurred.
• If the sender does not receive the ACK then it retransmits the fragment until it receives the ACK or, if
after a given number of retransmissions, no ACK is received, the packet is discarded.

17

2/10/2025

18
IEEE 802.11 DCF

• Uses RTS/CTS exchange to avoid hidden terminal problem

• Any node overhearing a CTS cannot transmit for the duration of the transfer.
• Any node overhearing an RTS cannot transmit for the duration of the transfer (to avoid
collision with ACK)

• Uses ACK to achieve reliability

• CSMA/CA
• Contention-based random access
• Collision detection not possible while transmitting

18

9
 10-02-2025

2/10/2025

19
IEEE 802.11 DCF (CONT.)

• Carrier sense in 802.11

• Physical carrier sense
• Virtual carrier sense using Network Allocation Vector (NAV)
• RTS/CTS specify duration of subsequent DATA/ACK
• NAV is updated based on overheard RTS/CTS

• Collision avoidance
• Nodes stay silent when carrier sensed busy (physical/virtual)
• Backoff intervals are used to reduce collision probability

19

2/10/2025

20
BACKOFF INTERVAL

• When channel is busy, choose a backoff interval in the range [0, cw].
• Count down the backoff interval when medium becomes idle.
• Count down is suspended if medium becomes busy again.
• When backoff interval reaches 0, transmit RTS.
• Binary exponential backoff in 802.11 DCF:
• When a node fails to receive CTS, cw is doubled up (up to an upper bound).
• When a data transfer completes successfully, cw is reset to cwmin.

20

10
 10-02-2025

IEEE 802.11 CSMA/CA – EXAMPLE 2/10/2025

21

DIFS: DCF inter-frame space SISF: short inter-frame space

21

2/10/2025

22
DISADVANTAGES OF IEEE 802.11 DCF

• High power consumption

• Hidden terminal problem not totally solved (e.g., collision of RTS)
• Exposed terminal problem not solved
• Fairness problem among different transmitting nodes
• Only providing best-effort service

22

11
 10-02-2025

23

• Wi-Fi devices can network using a

technology referred to as wireless
LAN (WLAN)
• A Wi-Fi enabled device has to
connect to a wireless access point,
which connects the device to the
WLAN & then forwarding the
messages to the Internet.

24

12
 10-02-2025

25

MEDIA
ACCESS
CONTROL

25

POINT COORDINATION FUNCTION (PCF)

• Optional MAC method in IEEE 802.11. • Advantages

• Uses a centralized polling-based mechanism for access control. • Better for real-time applications – Provides QoS by prioritizing traffic.

• Contention-free: The AP (Point Coordinator) controls access to the • Collision-free transmission – Since only one station transmits at a time.
medium.
• Efficient use of channel – Reduces backoff overhead.
• Works only in infrastructure networks (AP-based).
• Disadvantages
• Superframe Structure: Alternates between Contention-Free Period (CFP)
(PCF active) and Contention Period (CP) (DCF active). • Not widely implemented

• Polling Mechanism: • Most Wi-Fi networks use DCF.

• The AP polls stations in CFP to allow them to transmit without • Inflexible – Requires a strict schedule, which can be inefficient in dynamic
contention. environments.

• Guaranteed Transmission: The AP schedules transmissions to prevent • AP bottleneck – The AP must manage all transmissions, leading to
collisions. scalability issues

26

13
 10-02-2025

27

BLUETOOTH

• Bluetooth is a standard wire-replacement communications protocol primarily designed for low-power consumption and short
communication ranges.
• Bluetooth technology operates in the unlicensed industrial, scientific and medical(ISM) band at 2.4 to 2.485 GHZ. Uses spread
spectrum hopping, full‐duplex signal at a nominal rate of 1600hops/sec.
• The transmission range is power dependent. Maintains high levels of security.
• Thes specifications were formalized by the Bluetooth Special Interest Group(SIG). The SIG was formally established by Ericsson,
IBM, Intel, Toshiba and Nokia in 1998: today it has a membership of over 30,000 companies worldwide.

• Bluetooth supports 1Mbps data rate for version 1.2 and 3 Mbps data rate for Version2.0 combined with Error Data
Rate.
• While Bluetooth 3.0, introduced in 2009, supported a data rate of 25Mbit/s with a transmission range of 10m, with the latest
Bluetooth 5.0, introduced in 2016, the data rate and transmission range have increased to 50 Mbit/s and 240 m.
• On top of the physical layer, link-layer services including medium access, connection establishment, error control, and flow
control are provided.

28

14
 10-02-2025

• The upper logical link control and adaptation protocol provides multiplexing for data channels, fragmentation and reassembly
of larger packets.
• The other upper layers are the Generic Attribute Protocol, which provides for efficient data collection from sensors, and the
generic access profile, which allows for configuration and operation in different modes, such as advertising or scanning, and
connection initiation and management.
• The Bluetooth Core Specification version 4.0 (known also as “Blue tooth Smart”) was adopted in 2010. Bluetooth 4.0 includes
classic Bluetooth, Bluetooth High Speed and Bluetooth Low Energy (BLE) protocols.
• Bluetooth High Speed is based on Wi-Fi, while classic Bluetooth consists of legacy Bluetooth protocols.
• BLE, previously known as Wibree, is a subset of Bluetooth 4.0 with an entirely new protocol stack for rapid build-up of simple
links.
• It is aimed at very low power applications running off a coin cell battery. Chip designs allow for two types of implementation:
dual-mode and single mode.

29

• Starting from version 4.2, IoT-oriented features have been introduced into Bluetooth.
• low energy secure connection with data packet length extension (v4.2);
• link layer privacy (v4.2);
• IP support profile (v6.0)
• readiness for Bluetooth Smart Things to support connected homes (v4.2);
• connectionless services, such as location-relevant navigation of low-energy Bluetooth connections (v5.0)

• Features: Bluetooth operating range depends on the device:

• Class 3 radios have a range of up to 1 meter or 3 feet
• Class 2 radios are most commonly found in mobile devices have a range of 10 meters or 30 feet
• Class 1 radios are used primarily in industrial use cases have a range of 100 meters or 300 feet

30

15
 10-02-2025

• BLE uses a short-range radio with minimal power use, which can operate for a much longer time (even
for years) compared to previous versions.
• Its range coverage (about 100 m) is ten times that of the classic Bluetooth while its latency is 15 times
shorter.
• BLE can be operated using a transmission power of between 0.01 and 10 mW. With these
characteristics, BLE is a good candidate for IoT applications.
• The BLE standard has been developed rapidly by smartphone makers and is now available in most
smartphone models.
• The feasibility of using this standard has been demonstrated in vehicle-to-vehicle communications as well
as in WSNs.

31

• Compared to ZigBee, BLE is more efficient in terms of energy consumption and the ratio
of transmission energy per transmitted bit.
• BLE allows devices to operate as masters or slaves in a star topology.
• For the discovery mechanism, slaves send advertisements over one or more dedicated
advertisement channels.
• To be discovered as a slave, these channels are scanned by the master.
• When they are not exchanging data, the devices are in sleep mode

32

16
 10-02-2025

CONNECTION ESTABLISHMENT

33

34

17
 10-02-2025

• Active Mode: Default mode • Sniff Mode (Low Power Mode)

• Master and slave are actively communicating. • Slave reduces its listening frequency to save power.
• Slave listens to every polling packet from the master. • listens at fixed time intervals which is configurable
• Consumes maximum power as radio is always on. • More time between sniffs = lower power consumption.
• Streaming music from a smartphone to a Bluetooth • Suitable for intermittent data transfer.
speaker.
• Higher latency, as the slave may not respond immediately.
• wireless keyboard actively sending keystrokes to a laptop.
• Example: A Bluetooth mouse or keyboard in idle mode,
waking up when the user moves or types.
• Smartwatches syncing notifications every few seconds
instead of continuously.

35

• Hold Mode (Temporary Pause Mode) • Park Mode (Deep Sleep Mode)
• Slave temporarily stops data transmission but remains • Slave disconnects from active participation but remains in
synchronized with the master. synchronization with the master.
• Used when the slave needs to perform another task (e.g., • The slave is assigned a Parking Access Request (PAR)
scanning for Wi-Fi). address, so it can quickly wake up when needed.
• Master and slave agree on a specific duration to pause • No data transfer occurs unless the master re-activates the
communication. slave.
• After the hold period ends, the device resumes • Maximum power savings compared to other modes.
communication without re-establishing a connection.
• Ideal for devices that don’t need frequent communication.
• Saves power without losing synchronization.
• High wake-up latency, as the slave must wait for the
• Useful when a device needs to perform another wireless master to reassign an active address.
task.
• E.g. :A Bluetooth-enabled TV remote that wakes up only
when a button is pressed.

36

18
 10-02-2025

37

38

19
 10-02-2025

• Radio (RF) Layer:

• Uses the 2.4 GHz ISM band to send and receive signals.
• Supports Adaptive Frequency Hopping (AFH) to avoid interference from Wi-Fi and microwaves
• .Classic Bluetooth: Uses 79 channels (1 MHz each).
• BLE: Uses 40 channels (2 MHz each) for power efficiency.
• It defines two types of physical links: connection-less and connection-oriented.
• Baseband Link Layer:
• The baseband is the digital engine of a Bluetooth system and is equivalent to the MAC sublayer in LANs.
• It performs the connection establishment within a piconet, addressing, packet format, timing and power control.

39

• Link Manager Protocol Layer:

• Manages link setup, authentication, and encryption .Controls power-saving modes (e.g., sniff mode to reduce power usage).
• Ensures secure communication with encryption.
• Example: A Bluetooth headset uses LMP to establish and maintain a secure connection with a phone.
• Logical Link Control and Adaption (L2CAP) Protocol Layer:
• It allows the communication between upper and lower layers of the Bluetooth protocol stack.
• It packages the data packets received from upper layers into the form expected by lower layers.
• Multiplexes multiple data streams over a single Bluetooth connection.
• Segmentation & Reassembly of large packets for transmission.
• Supports QoS (Quality of Service) for different types of data.
• Example: A Bluetooth speaker uses L2CAP to handle both music streaming (A2DP) and remote-control commands (AVRCP) at
the same time.

40

20
 10-02-2025

• Service Discovery Protocol (SDP) Layer:

• Allows devices to discover what services other Bluetooth devices offer. Ensures compatibility before connection.
• RF Comm Layer: (Radio Frontend Component)
• Provides serial communication over Bluetooth (similar to RS-232).
• Bluetooth baseband layer, i.e. it is a serial port emulation.
• RFCOMM provides a simple reliable data stream to the user, similar to TCP.
• Supports up to 60 simultaneous connections between two BT devices.
• Example:
• A Bluetooth-based barcode scanner sends scanned data to a PC via RFCOMM.
• It provides a serial interface with WAP and OBEX.
• It also provides emulation of serial ports over the logical link control and adaption protocol(L2CAP).

41

• OBEX: (Object Exchange. )

• It is a communication protocol to exchange objects between 2 devices.
• WAP: ( Wireless Access Protocol).
• It is used for internet access.
• TCS: (Telephony Control Protocol)
• It provides telephony service. The basic function of this layer is call control (setup & release) and group management for the
gateway serving multiple devices.
• Application Layer:
• Defines the user applications and how they interact with Bluetooth communication.
• Uses Bluetooth profiles to specify how devices communicate for specific use cases.

42

21
 10-02-2025

43

44

22
 10-02-2025

MIDDLEWARE LAYER (GAP & GATT)

• This layer provides a framework for device discovery, connection, and communication
• GAP (Generic Access Profile) Role:
• Defines how Bluetooth devices find and connect to each other.
• Controls advertising, scanning, pairing, and security.
• Key Functions of GAP:
• Advertising: A device broadcasts its presence.
• Scanning: Other devices listen for advertisements.
• Pairing & Bonding: Secure connection establishment.
• Roles in Communication:
• Broadcaster & Observer (BLE)
• Peripheral & Central (BLE)
• Master & Slave (Classic Bluetooth)

45

GATT (GENERIC ATTRIBUTE PROFILE) -

• Only in BLE :
• Used for Bluetooth Low Energy (BLE)
communication.
• Defines how data is exchanged between devices.
• Uses a client-server model:
• GATT Server: Stores data (e.g., sensor
values).
• GATT Client: Requests or writes data to
the server.

46

23
 10-02-2025

PICONETS

• Bluetooth technology is based on Ad‐hoc technology also known as Ad‐hoc Piconets

• Bluetooth enabled electronic devices connect and communicate wirelessly through short
range networks known as Piconets
• Bluetooth devices exist in small ad‐hoc configurations with the ability to act either as
master or slave.
• Provisions are in place, which allow for a master and a slave to switch their roles.
• The simplest configuration is a point-to-point configuration with one master and one
slave.

47

• When more than two Bluetooth devices communicate with one another, it is called a
PICONET
• A Piconet can contain up to seven slaves clustered around a single master.
• The device that initializes establishment of the Piconet becomes the master
• The master is responsible for transmission control by dividing the network into a series
of time slots amongst the network members, as a part of time division multiplexing
scheme.

48

24
 10-02-2025

49

FEATURES OF PICONET

• Within a Piconet, the clock and unique 48‐bit address of master determines the timing of
various devices and the frequency hopping sequence of individual devices.
• Each Piconet device supports 7 simultaneous connections to other devices.
• Each device can communicate with several piconets simultaneously.
• Piconets are established dynamically and automatically as Bluetooth enabled devices
enter and leave piconets.

50

25
 10-02-2025

• There is no direct connection between the slaves. All connections are either master‐to‐slave or
slave‐to‐master.
• Slaves are allowed to transmit once these have been polled by the master.
• Transmission starts in the slave‐to‐master time slot immediately following a polling packet from the
master.
• A device can be a member of two or more Piconets.
• A device can be a slave in one Piconet and master in another.
• It however cannot be a master in more than once Piconets.
• Devices in adjacent Piconets provide a bridge to support inner‐Piconet connections, allowing assemblies
of linked Piconets to form a physically extensible communication infrastructure known as Scatternet

51

• Applications

• ✓Audioplayers
• ✓Homeautomation

• ✓Smartphones

• ✓Toys
• ✓Handsfreeheadphones

• ✓Sensornetworks

52

26
 10-02-2025

53

IEEE 802.15.4

• Well‐known standard for low data‐rate WPAN

• Operates in the ISM band
• Developed for low‐data‐rate monitoring and control applications and extended‐life
low‐power‐consumption uses (run on batteries)
• Uses direct sequence spread spectrum (DSSS) modulation. Low‐speed versions use Binary
Phase Shift Keying (BPSK). High data‐rate versions use offset‐quadrature phase‐shift keying
(O‐QPSK)
• Uses carrier sense multiple access with collision avoidance (CSMA‐CA) for channel access
• Highly tolerant of noise and interference and offers link reliability improvement mechanisms.

54

27
 10-02-2025

• Power consumption is minimized due to infrequently occurring very short packet transmissions with low duty cycle (<1%). (99% sleep
mode)
• The minimum power level defined is 3 dBm or 0.5 mW. Transmission, for most cases, is Line of Sight (LOS)
• Standard transmission range varies between 10m to 75m. Best case transmission range achieved outdoors can be up to 1000m.
• Networking topologies defined are Star, and Mesh.
• Easy installation using a compact protocol stack while remaining both simple and flexible.
• Address a wide range of IoT use cases in both the consumer and business markets.
• IEEE 802.15.4 is commonly found in the following types of deployments:
■ Home and building automation
■ Automotive networks
■ Industrial wireless sensor networks
■ Interactive toys and remote controls

55

• This standard uses only the first two layers ( MAC) plus the logical link control LLC ) and service specific
convergence sub‐layer SSCS ) additions to communicate with all upper layers
• IEEE 802.15.4 lacks in MAC reliability, unbounded latency, and susceptibility to interference and multipath fading.
• The negatives around reliability and latency often have to do with the Collision Sense Multiple Access/Collision
Avoidance (CSMA/CA) algorithm.
• CSMA/CA is an access method in which a device “listens” to make sure no other devices are transmitting
before starting its own transmission. If another device is transmitting, a wait time (which is usually random)
occurs before “listening” occurs again.
• Interference and multipath fading occur with IEEE 802.15.4 because it lacks a frequency-hopping technique.
• Later variants of 802.15.4 from the IEEE start to address these issues.

56

28
 10-02-2025

STANDARDIZATION AND ALLIANCES

• IEEE 802.15.4 or IEEE 802.15 Task Group 4 defines low-data-rate PHY and MAC layer specifications for wireless personal area networks
(WPAN).
• This standard has evolved over the years and is a well-known solution for low-complexity wireless devices with low data rates that need
many months or even years of battery life.
• Since 2003, the IEEE has published several iterations of the IEEE 802.15.4 specification, each labeled with the publication’s year.
• IEEE 802.15.4-2003 was published in 2003, 802.15.4-2006 was released in 2006, and 802.15.4-2011 and 802.15.4-2015 were issued in
2011 and 2015, respectively.
• Newer releases typically supersede older ones, integrate addendums, and add features or clarifications to previous versions.
• While there is no alliance or promotion body for IEEE 802.15.4 per se, the IEEE 802.15.4 PHY and MAC layers are the foundations for
several networking protocol stacks.
• These protocol stacks make use of 802.15.4 at the physical and link layer levels, but the upper layers are different.
• These protocol stacks are promoted separately through various organizations and often commercialized.

57

58

29
 10-02-2025

ZIGBEE

• ZigBee; the name was inspired by the social behavior of bees, which work together to tackle complex
tasks
• Based on the idea of ZigBee-style networks in the late 1990s, the first ZigBee specification was ratified in
2004, shortly after the release of the IEEE 802.15.4 specification the previous year.
• ZigBee still had industry support from more than 100 companies upon its initial publication, now has
grown to more than 400 companies that are members of the ZigBee Alliance.
• Zigbee Alliance certify interoperability between vendors and committed to driving and evolving ZigBee
as an IoT solution for interconnecting smart objects.
• ZigBee solutions are aimed at smart objects and sensors that have low bandwidth and low power needs.
• ZigBee certified product interoperate between product of different vendors.

59

• In the 2006 revision, sets of commands and message types were introduced, and
increased in number in the 2007 (called Zigbee pro) iteration, to achieve different
functions for a device, such as metering, temperature, or lighting control.
• These sets of commands and message types are called clusters.
• These clusters from different functional domains or libraries form the building blocks of
Zigbee application profiles.
• Vendors implementing pre-defined Zigbee application profiles like Home Automation or
Smart Energy can ensure interoperability between their products.

60

30
 10-02-2025

61

IOT ACCESS TECHNOLOGIES: IEEE 802.15.4

Physical Layer:

• The 802.15.4 standard supports an extensive number of PHY options that range from 2.4
GHz to sub-GHz frequencies in ISM bands.

• The original IEEE 802.15.4-2003 standard specified only three PHY options based on direct
sequence spread spectrum (DSSS) modulation.

• DSSS is a modulation technique in which a signal is intentionally spread in the frequency

domain, resulting in greater bandwidth.

2/10/2025 EC Department, G.H.Patel 62

College of Engg. & Tech.

62

31
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Physical Layer:

• The original physical layer transmission options were as follows:

• 2.4 GHz, 16 channels, with a data rate of 250 kbps

• 915 MHz, 10 channels, with a data rate of 40 kbps

• 868 MHz, 1 channel, with a data rate of 20 kbps

• only the 2.4 GHz band operates worldwide.

2/10/2025 EC Department, G.H.Patel 63

College of Engg. & Tech.

63

64

32
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Physical Layer:

IEEE 802.15.4- 2006, 802.15.4-2011, and IEEE 802.15.4-2015 introduced additional PHY

communication options, including the following:

• OQPSK PHY:

• This is DSSS PHY, employing offset quadrature phaseshift keying (OQPSK) modulation.

• OQPSK is a modulation technique that uses four unique bit values that are signaled by phase
changes. For better BER
• An offset function that is present during phase shifts allows data to be transmitted more reliably.

2/10/2025 EC Department, G.H.Patel 65

College of Engg. & Tech.

65

IoT Access Technologies: IEEE 802.15.4

Physical Layer:
• BPSK PHY:

• This is DSSS PHY, employing binary phase-shift keying (BPSK) modulation.

• BPSK specifies two unique phase shifts as its data encoding scheme.

• ASK PHY:

• This is parallel sequence spread spectrum (PSSS) PHY, employing amplitude shift keying (ASK)
and BPSK modulation.

• PSSS is an advanced encoding scheme that offers increased range, throughput, data rates, and

signal integrity compared to DSSS. ASK uses amplitude shifts instead of phase shifts to signal different bit values 109

2/10/2025 EC Department, G.H.Patel 66

College of Engg. & Tech.

66

33
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Physical Layer:

2/10/2025 EC Department, G.H.Patel 67

College of Engg. & Tech.

67

IoT Access Technologies: IEEE 802.15.4

Physical Layer:

• The synchronization header for this frame is composed of the Preamble and the Start of
Frame Delimiter fields.

• The Preamble field is a 32-bit 4-byte (for parallel construction) pattern that identifies the
start of the frame and is used to synchronize the data transmission.

• The Start of Frame Delimiter field informs the receiver that frame contents start immediately
after this byte.

2/10/2025 EC Department, G.H.Patel 68

College of Engg. & Tech.

68

34
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Physical Layer:

• The PHY Header portion of the PHY frame shown in Figure is simply a frame length value.

• It lets the receiver know how much total data to expect in the PHY service data unit (PSDU)
portion of the 802.4.15 PHY.

• The PSDU is the data field or payload.

2/10/2025 EC Department, G.H.Patel 69

College of Engg. & Tech.

69

IoT Access Technologies: IEEE 802.15.4

MAC Layer:

The IEEE 802.15.4 MAC layer manages access to the PHY channel by defining how devices in the
same area will share the frequencies allocated.

The 802.15.4 MAC layer performs the following tasks:

• Network beaconing for devices acting as coordinators (New devices use beacons to join an 802.15.4
network)

• PAN association and disassociation by a device

• Device security

• Reliable link communications between two peer MAC entities

2/10/2025 EC Department, G.H.Patel 70
College of Engg. & Tech.

70

35
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

MAC Layer:

The MAC layer achieves these tasks by using Four types of MAC frames are specified in 802.15.4:

1. Data frame: Handles all transfers of data

2. Beacon frame: Used in the transmission of beacons from a PAN coordinator

3. Acknowledgement frame: Confirms the successful reception of a frame

4. MAC command frame: Responsible for control communication between

devices

2/10/2025 EC Department, G.H.Patel 71

College of Engg. & Tech.

71

IoT Access Technologies:

IEEE 802.15.4
MAC Layer:

Notice that the MAC frame

is carried as the PHY
payload.

The 802.15.4 MAC frame

can be broken down into
the MAC Header, MAC
Payload, and MAC Footer
fields.

2/10/2025 EC
Dr. Department, G.H.Patel
Syed Mustafa, HKBKCE 72
115
College of Engg. & Tech.

72

36
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

MAC Layer:

• The MAC Header field is composed of the Frame Control, Sequence Number and the
Addressing fields.

• The Frame Control field defines attributes such as frame type, addressing modes, and other
control flags.

• The Sequence Number field indicates the sequence identifier for the frame.

• The Addressing field specifies the Source and Destination PAN Identifier fields as well as the
Source and Destination Address fields.

2/10/2025 EC Department, G.H.Patel 73

College of Engg. & Tech.

73

• IoT Access Technologies: IEEE 802.15.4

• MAC Layer:
• The MAC Payload field varies by individual frame type.
• For example, beacon frames have specific fields and payloads related to beacons, while MAC command
frames have different fields present.
• The MAC Footer field is nothing more than a frame check sequence (FCS).
• An FCS is a calculation based on the data in the frame that is used by the receiving side to confirm the
integrity of the data in the frame.

2/10/2025 EC Department, G.H.Patel 74

College of Engg. & Tech.

74

37
 10-02-2025

• Topology:
• IEEE 802.15.4–based networks can be built as star, peer-to-peer, or mesh topologies.
• Mesh networks tie together many nodes. This allows nodes that would be out of range
if trying to communicate directly to leverage intermediary nodes to transfer
communications.
• Every 802.15.4 PAN should be set up with a unique ID. All the nodes in the same
802.15.4 network should use the same PAN ID.

2/10/2025 EC Department, G.H.Patel 75

College of Engg. & Tech.

75

IoT Access
Technologies:
IEEE 802.15.4

Topology:

76

38
 10-02-2025

77

ZIGBEE MESH

• In a mesh, any node can communicate with any other

node within its range.
• If nodes are not in range, messages are relayed through
intermediate nodes.
• This allows the network deployment over large areas.
• Meshes have increased network reliability.
• For example, if nodes C and F are down, the message
packets from A can still be relayed to G via B and E.
• ZigBee mesh networks are self‐ configuring and
self‐healing.

78

39
 10-02-2025

79

IoT Access Technologies: IEEE 802.15.4

Topology:

• Full-function devices (FFDs) and reduced-function devices (RFDs) are defined in IEEE
802.15.4.

• A minimum of one FFD acting as a PAN coordinator is required to deliver services that allow
other devices to associate and form a cell or PAN.

• Notice in Figure that a single PAN coordinator is identified for PAN ID 1.

• FFD devices can communicate with any other devices, whereas RFD devices can
communicate only with FFD devices.

2/10/2025 EC Department, G.H.Patel 80

College of Engg. & Tech.

80

40
 10-02-2025

ZIGBEE TYPES

• ZigBee Coordinator (ZC):

• The Coordinator forms the root of the ZigBee network tree and might act as a bridge
between networks.
• There is a single ZigBee Coordinator in each network, which originally initiates the
network.
• It stores information about the network under it and outside it.
• It acts as a Trust Center & repository for security keys.

81

ZIGBEE NODE TYPES

• ZigBee Router (ZR):

• Capable of running applications, as well as relaying information between nodes connected to
it.
• ZigBee End Device (ZED):
• It contains just enough functionality to talk to the parent node, and it cannot relay data from
other devices.
• This allows the node to be a sleep a significant amount of the time thereby enhancing battery
life.
• Memory requirements and cost of ZEDs are quite low, as compared to ZR or ZC.

82

41
 10-02-2025

• ZigBee Router enhance the mesh in the network. ZigBee Routers can extend the range of the network
and increase its reliability. ZRs like the ZigBee Coordinator route packets, and also allow other nodes to
join the network.
• ZigBee End-Device must be battery-operated and sleep during network inactivity.
• A ZED may sleep for long periods of time. There is no ZigBee-imposed limit on sleeping, but some
Application Profiles define a maximum, such as one hour in the Home Automation profile.
• ZED may wakes up and transmit immediately, poll its parent to see if any messages are waiting for it, then
go back to sleep. In either case, a ZED may transmit any time it wishes.
• Any application can reside in any ZigBee node type. For example, a ZC, ZR, or ZED could contain a light,
switch, temperature sensor, thermostat, gateway, or whatever is appropriate for the physical device.

83

ZIGBEE NETWORK LAYER

• The network layer uses Ad Hoc On‐Demand Distance Vector (AODV) routing.
• To find the final destination, the AODV broadcasts a route request to all its immediate
neighbors.
• The neighbors relay the same information to their neighbors, eventually spreading the
request throughout the network.
• Upon discovery of the destination, a low‐cost path is calculated and informed to the
requesting device via unicast messaging.

84

42
 10-02-2025

85

FEATURES OF ZIGBEE

• Most widely deployed enhancement of IEEE 802.15.4.

• The ZigBee protocol is defined by layer 3 and above. It works with the 802.15.4 layers 1
and 2.
• The standard uses layers 3 and 4 to define additional communication enhancements.
• These enhancements include authentication with valid nodes, encryption for security,
and a data routing and forwarding capability that enables mesh networking.
• The most popular use of ZigBee is wireless sensor networks using the mesh topology.

86

43
 10-02-2025

87

88

44
 10-02-2025

• The network layer supports star, tree and mesh topologies. Among other things, this is the
layer where networks are started, joined, left and discovered.
• When a coordinator attempts to establish a ZigBee network, it does an energy scan to find
the best RF channel for its new network.
• When a channel has been chosen, the coordinator assigns the logical network identifier, also
known as the PAN ID, which will be applied to all devices that join the network.
• A node can join the network either directly or through association. To join by association, a
node sends out a beacon request on a channel, repeating the beacon request on other
channels until it finds an acceptable network to join

89

90

45
 10-02-2025

APPLICATION
(APL) LAYER
• The APL layer is made up of
several sublayers. The
components of the APL layer
are shown in Figure 4.2.
• The ovals symbolize the
interface, called service access
points (SAP), between
different sublayer entities

91

92

46
 10-02-2025

APPLICATION SUPPORT SUBLAYER (APS)

• The key to interfacing devices at the need/service level is the concept of binding. Binding tables are kept by the
coordinator and all routers in the network.
• The binding table maps a source address and source end point to one or more destination addresses and
endpoints.The cluster ID for a bound set of devices will be the same.
• A device with temperature-sensing circuitry can advertise its service of providing the temperature as a
READ_TEMPERATURE cluster ID. A controller (for a furnace or a fan, perhaps) could discover the
temperature sensor device. The binding table would identify the endpoint on the temp sensor that accepts the
READ_TEMPERATURE cluster ID.
• One temperature sensor manufacturer might have end point 0x11 support this cluster ID, while another
manufacturer might use endpoint 0x72 to support this cluster ID.
• The controller would have to discover both devices and would then create two binding table entries, one for
each device.
• When the controller wants to read the temperature of all sensors, the binding table tells it which address and
endpoint the READ_TEMPERATURE packet should be sent to.

93

APPLICATION FRAMEWORK

• The application framework is an execution environment for application objects to send and receive data.
• Application object is at the top of the application layer and is determined by the device manufacturer.
• An application object implements the application; it can be a light bulb, a light switch, an LED, an I/O line,
etc.
• The application profile is run by the application objects.
• Each application object is addressed through its corresponding endpoint.
• Endpoint numbers range from 1to 240.
• Endpoint 0 is the address of the ZigBee Device Object (ZDO).
• Endpoint 255 is the broadcast address, i.e., message are sent to all of the endpoints on a particular node.
Endpoints 241 through 254 are reserved for future use.

94

47
 10-02-2025

ZIGBEE DEVICE OBJECT (ZDO)

• The ZDO is responsible for overall device management, specifically it is responsible for:
• initializing the APS sublayer and the NWK layer
• defining the operating mode of the device (i.e., coordinator, router, or end device)
• device discovery and determination of which application services the device provides
• initiating and/or responding to binding requests
• security management

• Device discovery can be initiated by any ZigBee device.

• In response to a device discovery inquiry end devices send their own NWK address (depending on the request).
• A coordinator or router will send their own NWK address plus all of the NWK addresses of the devices associated with it. (A device is
associated with a coordinator or router if it is a child node of the coordinator or router.)
• Service discovery is a process of finding out what application services are available on each node.
• This information is then used in binding tables to associate a device offering a service with a device that needs that service

• During the process of service discovery the node makes available its endpoint numbers and the cluster IDs associated with the
endpoint numbers.
• If a cluster ID has more than one attribute, the command is used to pass the attribute identifier

95

PAN ID NETWORK ADDRESS

• Each WPAN has a 16-bit number that is used as • When the device joins a Zigbee network, it
a network identifier. It is called the PAN ID. receives a 16-bit address called the NWK
address.
• The PAN coordinator assigns the PAN ID when
it creates the network. • NWK address used within the PAN to
communicate with a device.
• A device can try and join any network or it can
limit itself to a network with a particular PAN • The coordinator of a ZigBee network always
ID has a NWK address of “0.”

96

48
 10-02-2025

• Two ZigBee coordinators can exist on the same channel with NwkAddr 0x0000, because
they are on different PAN IDs.
• NwkAddr reflects its position in the network. For example, NwkAddr 0x0001 is the first
ZR that joined the network, and NwkAddr 0x796F is the first ZED
• Once a node is on the network, it can communicate to any other node in the network.
Simply transmit a packet to that node address.
• It is very common to send something to the ZigBee Coordinator (NwkAddr 0x0000),
because that node address is the same in every ZigBee network.

97

MAC ADDRESSES

• The MAC address, also called IEEE address, long address, or

extended address, is a 64 bit number that uniquely identifies
this board from all other ZigBee boards in the world.
• This number is large enough to allow for about 4 billion
ZigBee boards for every square meter of land on earth. ZigBee
believes that will be a large enough address space for the
foreseeable future.
• The 64-bit MAC addresses have no direct relationship to the
16-bit NwkAddr. If a node leaves one ZigBee network and
joins another, its MAC address will remain the same, but the
NwkAddr will likely change.

98

49
 10-02-2025

• MAC addresses are used in a number of ZigBee calls, most conspicuously in binding.
• The reason MAC addresses are used for binding is in case a node is mobile in the network,
and it changes its short address. An example of this would be a handheld remote control that
moves throughout the house.
• If the remote moves out of radio range of its parent, it must pick a new parent so that any
node which wants to send data to the remote can find where the remote polls for its
messages. When a ZED picks a new parent like this, it sends out a device to indicate its new
NwkAddr, along with its unique MAC address.
• Any other node in the network that cares updates its internal tables to reflect this new
NwkAddr for the node.

99

ADDRESSING WITHIN THE NODE

100

50
 10-02-2025

CLUSTERS

• Clusters, defined by a 16-bit identifier,

are application objects.
• Whereas the NwkAddr and endpoint
are addressing concepts, the cluster
defines application meaning.
• Clusters encapsulate both commands
and data.
• Clusters only have meaning within a
particular profile.

101

• ZigBee provides a way to address the • If a cluster ID has more than one
individual components on the device of a attribute, the command is used to pass
node through the use of endpoint the attribute identifier
addresses.
• During the process of service discovery
the node makes available its endpoint
numbers and the cluster IDs associated
with the endpoint numbers.

102

51
 10-02-2025

• Attributes
• An application read the attribute on cluster.
Attributes store the current “ state ” of a given
cluster. Collectively, a set of attributes on all
clusters supported by a device define the state of
that device. There are generic ZCL commands to
read and write attributes on any given cluster.

103

APPLIC ATIONS

• Building automation
• Remote control (RF4CE or RF for consumer electronics)
• Smart energy for home energy monitoring
• Health care for medical and fitness monitoring
• Home automation for control of smart homes
• Light Link for control of LED lighting
• Telecom services

104

52
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Security:

• The IEEE 802.15.4 specification uses Advanced Encryption Standard (AES) with a 128-bit key
length as the base encryption algorithm for securing its data.

• Established by the US National Institute of Standards and Technology in 2001, AES is a block
cipher, which means it operates on fixed-size blocks of data.

• The use of AES by the US government and its widespread adoption in the private sector has
helped it become one of the most popular algorithms used in symmetric key cryptography.

2/10/2025 EC Department, G.H.Patel 105

College of Engg. & Tech.

105

IoT Access Technologies: IEEE 802.15.4

Competitive Technologies:

• The IEEE 802.15.4 PHY and MAC layers are the foundations for several networking profiles
that compete against each other in various IoT access environments.

• These various vendors and organizations build upper-layer protocol stacks on top of an
802.15.4 core.

• A competitive radio technology that is different in its PHY and MAC layers is DASH7.

• DASH7 was originally based on the ISO18000-7 standard and positioned for industrial
communications, whereas IEEE 802.15.4 is more generic.

2/10/2025 EC Department, G.H.Patel 106

College of Engg. & Tech.

106

53
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

Competitive Technologies:

• Commonly employed in active radio frequency identification (RFID) implementations, DASH7

was used by US military forces for many years, mainly for logistics purposes.

• Active RFID utilizes radio waves generated by a battery-powered tag on an object to enable
continuous tracking.

• The current DASH7 technology offers low power consumption, a compact protocol stack,
range up to 1 mile, and AES encryption.

• Frequencies of 433 MHz, 868 MHz, and 915 MHz have been defined, enabling data rates up
to 166.667 kbps and a maximum payload of 256 bytes.

2/10/2025 EC Department, G.H.Patel 107

College of Engg. & Tech.

107

IEEE 802.15.4 Conclusions:

• The IEEE 802.15.4 wireless PHY and MAC layers are mature specifications that are the
foundation for various industry standards and products

• The PHY layer offers a maximum speed of up to 250 kbps, but this varies based on
modulation and frequency.

• The MAC layer for 802.15.4 is robust and handles how data is transmitted and received over
the PHY layer.

• Specifically, the MAC layer handles the association and disassociation of devices to/from a
reliable communication between devices, security and the formation of various toplogies

108

2/10/2025 EC Department, G.H.Patel 108

College of Engg. & Tech.

108

54
 10-02-2025

IoT Access Technologies: IEEE 802.15.4

IEEE 802.15.4 Conclusions:

• The topologies used in 802.15.4 include star, peer-to-peer, and cluster trees that allow for the
formation of mesh networks.

• IEEE 802.15.4 has an edge in the marketplace through all the different vendors and
organizations that utilize its PHY and MAC layers.

• For IoT sensor deployments requiring low power, low data rate, and low complexity, the IEEE
deserves strong coordination.

2/10/2025 EC Department, G.H.Patel 109

128
College of Engg. & Tech.

109

IoT Access Technologies: 802.15.4e

MAC Layer:

• The 802.15.4e MAC is similar to the 802.15.4 MAC

• The main changes shown in the IEEE 802.15.4e header are the presence of the Auxiliary Security Header
and Information Elements field.

• The Auxiliary Security header provides for the encryption of the data frame.

• This field is optionally supported in both 802.15.4e-2012 and 802.15.4, starting with the 802.15.4-2006
specification.

• the IE field contains one or more information elements that allow for additional information to be
exchanged at the MAC layer.

2/10/2025 EC Department, G.H.Patel 110

College of Engg. & Tech.

110

55
 10-02-2025

111

• Full Function Device (FFD)

• Can talk to all types of devices
• Supports full protocol
• Reduced Function Device (RFD)
• Can only talk to an FFD
• Lower power consumption
• Minimal CPU/RAM required

112

56
 10-02-2025

113

• Beacon Enabled Networks

• Periodic transmission of beacon messages
• Data‐frames sent via Slotted CSMA/CA with a super
• frame structure managed by PAN coordinator
• Beacons used for synchronization association of other nodes with the coordinator
• Scope of operation spans the whole network.

114

57
 10-02-2025

• Non Beacon Enabled Networks

• Data‐frames sent via un‐slotted CSMA/CA (Contention Based)
• Beacons used only for link layer discovery
• Requires both source and destination IDs.
• As 802.15.4 is primarily, a mesh protocol, all protocol addressing must adhere to mesh
configurations
• De‐centralized communication amongst nodes

115

116

58
 10-02-2025

117

59