Advanced Particle Filter Methods

This chapter presents a set of algorithmic methods based on particle filter heuristics. We start with an introduction to particle filters, which covers the main motivation and related works. Then, the generic framework for particle filter algorithm is presented, followed by two important use cases regarding indoor positioning and multitarget tracking; for both problems, modified particle filter algorithms are presented followed by experimental results, implementation remarks, and a discussion. Finally, a short list of conclusion and future work are presented

Security of GPS/INS based On-road Location Tracking Systems

Location information is critical to a wide-variety of navigation and tracking applications. Today, GPS is the de-facto outdoor localization system but has been shown to be vulnerable to signal spoofing attacks. Inertial Navigation Systems (INS) are emerging as a popular complementary system, especially in road transportation systems as they enable improved navigation and tracking as well as offer resilience to wireless signals spoofing, and jamming attacks. In this paper, we evaluate the security guarantees of INS-aided GPS tracking and navigation for road transportation systems. We consider an adversary required to travel from a source location to a destination, and monitored by a INS-aided GPS system. The goal of the adversary is to travel to alternate locations without being detected. We developed and evaluated algorithms that achieve such goal, providing the adversary significant latitude. Our algorithms build a graph model for a given road network and enable us to derive potential destinations an attacker can reach without raising alarms even with the INS-aided GPS tracking and navigation system. The algorithms render the gyroscope and accelerometer sensors useless as they generate road trajectories indistinguishable from plausible paths (both in terms of turn angles and roads curvature). We also designed, built, and demonstrated that the magnetometer can be actively spoofed using a combination of carefully controlled coils. We implemented and evaluated the impact of the attack using both real-world and simulated driving traces in more than 10 cities located around the world. Our evaluations show that it is possible for an attacker to reach destinations that are as far as 30 km away from the true destination without being detected. We also show that it is possible for the adversary to reach almost 60-80% of possible points within the target region in some cities

Supporting Large Scale Communication Systems on Infrastructureless Networks Composed of Commodity Mobile Devices: Practicality, Scalability, and Security.

Infrastructureless Delay Tolerant Networks (DTNs) composed of commodity mobile devices have the potential to support communication applications resistant to blocking and censorship, as well as certain types of surveillance. In this thesis we study the utility, practicality, robustness, and security of these networks. We collected two sets of wireless connectivity traces of commodity mobile devices with different granularity and scales. The first dataset is collected through active installation of measurement software on volunteer users' own smartphones, involving 111 users of a DTN microblogging application that we developed. The second dataset is collected through passive observation of WiFi association events on a university campus, involving 119,055 mobile devices. Simulation results show consistent message delivery performances of the two datasets. Using an epidemic flooding protocol, the large network achieves an average delivery rate of 0.71 in 24 hours and a median delivery delay of 10.9 hours. We show that this performance is appropriate for sharing information that is not time sensitive, e.g., blogs and photos. We also show that using an energy efficient variant of the epidemic flooding protocol, even the large network can support text messages while only consuming 13.7% of a typical smartphone battery in 14 hours. We found that the network delivery rate and delay are robust to denial-of-service and censorship attacks. Attacks that randomly remove 90% of the network participants only reduce delivery rates by less than 10%. Even when subjected to targeted attacks, the network suffered a less than 10% decrease in delivery rate when 40% of its participants were removed. Although structurally robust, the openness of the proposed network introduces numerous security concerns. The Sybil attack, in which a malicious node poses as many identities in order to gain disproportionate influence, is especially dangerous as it breaks the assumption underlying majority voting. Many defenses based on spatial variability of wireless channels exist, and we extend them to be practical for ad hoc networks of commodity 802.11 devices without mutual trust. We present the Mason test, which uses two efficient methods for separating valid channel measurement results of behaving nodes from those falsified by malicious participants.PhDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120779/1/liuyue_1.pd

Machine Learning-assisted Bayesian Inference for Jamming Detection in 5G NR

The increased flexibility and density of spectrum access in 5G NR have made jamming detection a critical research area. To detect coexisting jamming and subtle interference that can affect legitimate communications performance, we introduce machine learning (ML)-assisted Bayesian Inference for jamming detection methodologies. Our methodology leverages cross-layer critical signaling data collected on a 5G NR Non-Standalone (NSA) testbed via supervised learning models, and are further assessed, calibrated, and revealed using Bayesian Network Model (BNM)-based inference. The models can operate on both instantaneous and sequential time-series data samples, achieving an Area under Curve (AUC) in the range of 0.947 to 1 for instantaneous models and between 0.933 to 1 for sequential models including the echo state network (ESN) from the reservoir computing (RC) family, for jamming scenarios spanning multiple frequency bands and power levels. Our approach not only serves as a validation method and a resilience enhancement tool for ML-based jamming detection, but also enables root cause identification for any observed performance degradation. Our proof-of-concept is successful in addressing 72.2\% of the erroneous predictions in sequential models caused by insufficient data samples collected in the observation period, demonstrating its applicability in 5G NR and Beyond-5G (B5G) network infrastructure and user devices

An Integrated Approach for Jammer Detection using Software Defined Radio

AbstractDue to shared nature of wireless communication any malicious user can easily monitored communication between two devices and emits false message to block communication. Nowadays increased use of software defined radio (SDR) technology makes any types of jammer device using same hardware with little modification in software. A jammer transmits radio signal to block legitimate communication either overlapping signal with more power or reducing signal to noise ratio. In this paper we have survey different jammer detection methods for efficient detection of jammers presence in system. Existing jammer detection methods like packet delivery ratio (PDR), packet send ratio (PSR), bad packet ratio (BPR) and signal to noise ratio (SNR) can effectively detects jammer, here we have proposed novel method for jammer detection using communication parameter used in SDR like synchronization indicator, iteration and adaptive signal to jammer plus noise ratio (ASNJR). This system uses that parameter which is readily available in system so computation has been reduced and ASNJR also has been adaptively updated with and without presence of jammer. Experimental result show that this system based on SDR effectively detects presence of jammer

Master of Science

thesisCurrent approaches to secret key extraction using Received Signal Strength Indicator (RSSI) measurements mainly use the WiFi interface. However, in the presence of jamming adversaries and other interfering devices, the efficiency of RSSI-based secret key extraction using WiFi degrades and sometimes the key extraction may even fail completely. A possible method to overcome this problem is to collect RSSI measurements using the Bluetooth interface. Bluetooth appears to be very promising for secret key extraction since the adaptive frequency hopping technique in Bluetooth automatically detects and avoids the use of bad or interfering channels. In order to collect Bluetooth RSSI values, we design a protocol where Alice and Bob use Google Nexus one phones to exchange L2CAP packets and then we measure the RSSI for each received packet. We use a prequantization interpolation step to reduce the probability of bit mismatches that are caused due to the inabililty to measure the time-duplex channel simultaneously by Alice and Bob. We then use the ASBG quantization scheme followed by information reconciliation and privacy amplification to extract the secret key bits. We conduct numerous experiments to evaluate the efficiency of Bluetooth for secret key extraction under two di↵erent mobile environments - hallways and outdoors. The secret bit rates obtained from these experiments highlight that outdoor settings are better suited for key extraction using Bluetooth when compared to hallway settings. Furthermore, we show that for very small distances such as 2 ft, the number of consecutive "0" RSSI values and bit mismatch is too high to extract any secret key bits under hallway settings. Finally, we also show that Bluetooth key extraction in outdoors achieves secret bit rates that are comparable toWiFi, even when using lower transmit power than WiFi

SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing

Human-centered wireless sensing aims to understand the fine-grained environment and activities of a human using the diverse wireless signals around her. The wireless sensing community has demonstrated the superiority of such techniques in many applications such as smart homes, human-computer interactions, and smart cities. Like many other technologies, wireless sensing is also a double-edged sword. While the sensed information about a human can be used for many good purposes such as enhancing life quality, an adversary can also abuse it to steal private information about the human (e.g., location, living habits, and behavioral biometric characteristics). However, the literature lacks a systematic understanding of the privacy vulnerabilities of wireless sensing and the defenses against them. In this work, we aim to bridge this gap. First, we propose a framework to systematize wireless sensing-based inference attacks. Our framework consists of three key steps: deploying a sniffing device, sniffing wireless signals, and inferring private information. Our framework can be used to guide the design of new inference attacks since different attacks can instantiate these three steps differently. Second, we propose a defense-in-depth framework to systematize defenses against such inference attacks. The prevention component of our framework aims to prevent inference attacks via obfuscating the wireless signals around a human, while the detection component aims to detect and respond to attacks. Third, based on our attack and defense frameworks, we identify gaps in the existing literature and discuss future research directions