SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing

Human-centered wireless sensing aims to understand the fine-grained environment and activities of a human using the diverse wireless signals around her. The wireless sensing community has demonstrated the superiority of such techniques in many applications such as smart homes, human-computer interactions, and smart cities. Like many other technologies, wireless sensing is also a double-edged sword. While the sensed information about a human can be used for many good purposes such as enhancing life quality, an adversary can also abuse it to steal private information about the human (e.g., location, living habits, and behavioral biometric characteristics). However, the literature lacks a systematic understanding of the privacy vulnerabilities of wireless sensing and the defenses against them. In this work, we aim to bridge this gap. First, we propose a framework to systematize wireless sensing-based inference attacks. Our framework consists of three key steps: deploying a sniffing device, sniffing wireless signals, and inferring private information. Our framework can be used to guide the design of new inference attacks since different attacks can instantiate these three steps differently. Second, we propose a defense-in-depth framework to systematize defenses against such inference attacks. The prevention component of our framework aims to prevent inference attacks via obfuscating the wireless signals around a human, while the detection component aims to detect and respond to attacks. Third, based on our attack and defense frameworks, we identify gaps in the existing literature and discuss future research directions

Artificial Intelligence and Systems Theory: Applied to Cooperative Robots

This paper describes an approach to the design of a population of cooperative robots based on concepts borrowed from Systems Theory and Artificial Intelligence. The research has been developed under the SocRob project, carried out by the Intelligent Systems Laboratory at the Institute for Systems and Robotics - Instituto Superior Tecnico (ISR/IST) in Lisbon. The acronym of the project stands both for "Society of Robots" and "Soccer Robots", the case study where we are testing our population of robots. Designing soccer robots is a very challenging problem, where the robots must act not only to shoot a ball towards the goal, but also to detect and avoid static (walls, stopped robots) and dynamic (moving robots) obstacles. Furthermore, they must cooperate to defeat an opposing team. Our past and current research in soccer robotics includes cooperative sensor fusion for world modeling, object recognition and tracking, robot navigation, multi-robot distributed task planning and coordination, including cooperative reinforcement learning in cooperative and adversarial environments, and behavior-based architectures for real time task execution of cooperating robot teams

Adversarial Attack on Radar-based Environment Perception Systems

Due to their robustness to degraded capturing conditions, radars are widely used for environment perception, which is a critical task in applications like autonomous vehicles. More specifically, Ultra-Wide Band (UWB) radars are particularly efficient for short range settings as they carry rich information on the environment. Recent UWB-based systems rely on Machine Learning (ML) to exploit the rich signature of these sensors. However, ML classifiers are susceptible to adversarial examples, which are created from raw data to fool the classifier such that it assigns the input to the wrong class. These attacks represent a serious threat to systems integrity, especially for safety-critical applications. In this work, we present a new adversarial attack on UWB radars in which an adversary injects adversarial radio noise in the wireless channel to cause an obstacle recognition failure. First, based on signals collected in real-life environment, we show that conventional attacks fail to generate robust noise under realistic conditions. We propose a-RNA, i.e., Adversarial Radio Noise Attack to overcome these issues. Specifically, a-RNA generates an adversarial noise that is efficient without synchronization between the input signal and the noise. Moreover, a-RNA generated noise is, by-design, robust against pre-processing countermeasures such as filtering-based defenses. Moreover, in addition to the undetectability objective by limiting the noise magnitude budget, a-RNA is also efficient in the presence of sophisticated defenses in the spectral domain by introducing a frequency budget. We believe this work should alert about potentially critical implementations of adversarial attacks on radar systems that should be taken seriously

Master of Science

thesisLocation of an object or person in in-door environments is a vital piece of in-formation. Traditionally, global positioning system-based devices do an excellent job in providing location information but are limited in in-door environments due to lack of an unobstructed line of sight. Wireless environments, with their extreme sensitivity to the positioning of objects inside them, provide excellent opportunities for obtaining location information of subjects. Received signal strength (RSS) based localization methods attract special attention as they can be readily implemented with "off-the-shelf" hardware and software. Device-free localization (DFL) presents a new and promising dimension in RSS-based localization research by providing a non-intrusive method of localization. However, existing RSS-based localization schemes assume a fixed or known transmit power. Any unexpected change in transmit power, not known to the receivers in the wireless network, can introduce errors in location estimate. Previous work has shown that meticulously planned power attacks can result in expected errors, in location of a transmitting sensor, in excess of 18 meters for an area of 75 X 50 m2. We find that the localization error in DFL can increase by four-fold when under power attack of 15 dB amplitude by multiple adversaries. Certain nonadversarial circumstances can also lead to unexpected changes in transmit power which would result in increased localization error. In this thesis, we focus on detection and isolation of wireless sensor nodes in a network which vary their transmit power to cause unexpected changes in RSS measurements and lead to increased localization errors in DFL. In the detection methods presented in this thesis, we do not require a training phase and hence, our methods are robust for use in dynamic environments where the training data may get obsolete frequently. We present our work with special focus on DFL methods using wireless sensor networks. However, the methods developed are generic and can be easily extended to active localization methods using both wireless sensor networks (WSN) and IEEE 802.11 protocols. To evaluate the effectiveness of our detection method, we perform extensive experiments in indoor settings using a network of 802.15.4 (Zigbee) compliant wireless sensor nodes and present evaluation results in the form of average detection rate, ROC curves, probability of missed detection and false alarm