557 research outputs found
Advanced Particle Filter Methods
This chapter presents a set of algorithmic methods based on particle filter heuristics. We start with an introduction to particle filters, which covers the main motivation and related works. Then, the generic framework for particle filter algorithm is presented, followed by two important use cases regarding indoor positioning and multitarget tracking; for both problems, modified particle filter algorithms are presented followed by experimental results, implementation remarks, and a discussion. Finally, a short list of conclusion and future work are presented
Security of GPS/INS based On-road Location Tracking Systems
Location information is critical to a wide-variety of navigation and tracking
applications. Today, GPS is the de-facto outdoor localization system but has
been shown to be vulnerable to signal spoofing attacks. Inertial Navigation
Systems (INS) are emerging as a popular complementary system, especially in
road transportation systems as they enable improved navigation and tracking as
well as offer resilience to wireless signals spoofing, and jamming attacks. In
this paper, we evaluate the security guarantees of INS-aided GPS tracking and
navigation for road transportation systems. We consider an adversary required
to travel from a source location to a destination, and monitored by a INS-aided
GPS system. The goal of the adversary is to travel to alternate locations
without being detected. We developed and evaluated algorithms that achieve such
goal, providing the adversary significant latitude. Our algorithms build a
graph model for a given road network and enable us to derive potential
destinations an attacker can reach without raising alarms even with the
INS-aided GPS tracking and navigation system. The algorithms render the
gyroscope and accelerometer sensors useless as they generate road trajectories
indistinguishable from plausible paths (both in terms of turn angles and roads
curvature). We also designed, built, and demonstrated that the magnetometer can
be actively spoofed using a combination of carefully controlled coils. We
implemented and evaluated the impact of the attack using both real-world and
simulated driving traces in more than 10 cities located around the world. Our
evaluations show that it is possible for an attacker to reach destinations that
are as far as 30 km away from the true destination without being detected. We
also show that it is possible for the adversary to reach almost 60-80% of
possible points within the target region in some cities
Supporting Large Scale Communication Systems on Infrastructureless Networks Composed of Commodity Mobile Devices: Practicality, Scalability, and Security.
Infrastructureless Delay Tolerant Networks (DTNs) composed of
commodity mobile devices have the potential to support communication
applications resistant to blocking and censorship, as well as certain
types of surveillance. In this thesis we study the utility,
practicality, robustness, and security of these networks.
We collected two sets of wireless connectivity traces of commodity
mobile devices with different granularity and scales.
The first dataset is collected through active installation of
measurement software on volunteer users' own smartphones, involving 111 users of a DTN microblogging application that we developed. The second dataset is collected through passive observation of WiFi association
events on a university campus, involving 119,055 mobile devices.
Simulation results show consistent message delivery performances of the
two datasets. Using an epidemic flooding protocol, the large network
achieves an average delivery rate of 0.71 in 24 hours and a median delivery delay of 10.9 hours. We show that this performance is appropriate for sharing information that is not time sensitive, e.g., blogs and photos. We also show that using an energy efficient variant of the epidemic flooding protocol, even the large network can support text messages while only consuming 13.7% of a typical smartphone battery in 14 hours.
We found that the network delivery rate and delay are robust to
denial-of-service and censorship attacks. Attacks that randomly remove
90% of the network participants only reduce delivery rates by less than 10%. Even when subjected to targeted attacks, the network suffered a less than 10% decrease in delivery rate when 40% of its participants were removed.
Although structurally robust, the openness of the proposed network
introduces numerous security concerns. The Sybil attack, in
which a malicious node poses as many identities in order to gain
disproportionate influence, is especially dangerous as it breaks the assumption underlying majority voting. Many defenses based on spatial variability of wireless channels exist, and we extend them to be practical for ad hoc networks of commodity 802.11 devices without mutual trust. We present the Mason test, which uses two efficient methods for separating valid channel measurement results of behaving nodes from those falsified by malicious participants.PhDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120779/1/liuyue_1.pd
Machine Learning-assisted Bayesian Inference for Jamming Detection in 5G NR
The increased flexibility and density of spectrum access in 5G NR have made
jamming detection a critical research area. To detect coexisting jamming and
subtle interference that can affect legitimate communications performance, we
introduce machine learning (ML)-assisted Bayesian Inference for jamming
detection methodologies. Our methodology leverages cross-layer critical
signaling data collected on a 5G NR Non-Standalone (NSA) testbed via supervised
learning models, and are further assessed, calibrated, and revealed using
Bayesian Network Model (BNM)-based inference. The models can operate on both
instantaneous and sequential time-series data samples, achieving an Area under
Curve (AUC) in the range of 0.947 to 1 for instantaneous models and between
0.933 to 1 for sequential models including the echo state network (ESN) from
the reservoir computing (RC) family, for jamming scenarios spanning multiple
frequency bands and power levels. Our approach not only serves as a validation
method and a resilience enhancement tool for ML-based jamming detection, but
also enables root cause identification for any observed performance
degradation. Our proof-of-concept is successful in addressing 72.2\% of the
erroneous predictions in sequential models caused by insufficient data samples
collected in the observation period, demonstrating its applicability in 5G NR
and Beyond-5G (B5G) network infrastructure and user devices
An Integrated Approach for Jammer Detection using Software Defined Radio
AbstractDue to shared nature of wireless communication any malicious user can easily monitored communication between two devices and emits false message to block communication. Nowadays increased use of software defined radio (SDR) technology makes any types of jammer device using same hardware with little modification in software. A jammer transmits radio signal to block legitimate communication either overlapping signal with more power or reducing signal to noise ratio. In this paper we have survey different jammer detection methods for efficient detection of jammers presence in system. Existing jammer detection methods like packet delivery ratio (PDR), packet send ratio (PSR), bad packet ratio (BPR) and signal to noise ratio (SNR) can effectively detects jammer, here we have proposed novel method for jammer detection using communication parameter used in SDR like synchronization indicator, iteration and adaptive signal to jammer plus noise ratio (ASNJR). This system uses that parameter which is readily available in system so computation has been reduced and ASNJR also has been adaptively updated with and without presence of jammer. Experimental result show that this system based on SDR effectively detects presence of jammer
Master of Science
thesisCurrent approaches to secret key extraction using Received Signal Strength Indicator (RSSI) measurements mainly use the WiFi interface. However, in the presence of jamming adversaries and other interfering devices, the efficiency of RSSI-based secret key extraction using WiFi degrades and sometimes the key extraction may even fail completely. A possible method to overcome this problem is to collect RSSI measurements using the Bluetooth interface. Bluetooth appears to be very promising for secret key extraction since the adaptive frequency hopping technique in Bluetooth automatically detects and avoids the use of bad or interfering channels. In order to collect Bluetooth RSSI values, we design a protocol where Alice and Bob use Google Nexus one phones to exchange L2CAP packets and then we measure the RSSI for each received packet. We use a prequantization interpolation step to reduce the probability of bit mismatches that are caused due to the inabililty to measure the time-duplex channel simultaneously by Alice and Bob. We then use the ASBG quantization scheme followed by information reconciliation and privacy amplification to extract the secret key bits. We conduct numerous experiments to evaluate the efficiency of Bluetooth for secret key extraction under two di↵erent mobile environments - hallways and outdoors. The secret bit rates obtained from these experiments highlight that outdoor settings are better suited for key extraction using Bluetooth when compared to hallway settings. Furthermore, we show that for very small distances such as 2 ft, the number of consecutive "0" RSSI values and bit mismatch is too high to extract any secret key bits under hallway settings. Finally, we also show that Bluetooth key extraction in outdoors achieves secret bit rates that are comparable toWiFi, even when using lower transmit power than WiFi
SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing
Human-centered wireless sensing aims to understand the fine-grained
environment and activities of a human using the diverse wireless signals around
her. The wireless sensing community has demonstrated the superiority of such
techniques in many applications such as smart homes, human-computer
interactions, and smart cities. Like many other technologies, wireless sensing
is also a double-edged sword. While the sensed information about a human can be
used for many good purposes such as enhancing life quality, an adversary can
also abuse it to steal private information about the human (e.g., location,
living habits, and behavioral biometric characteristics). However, the
literature lacks a systematic understanding of the privacy vulnerabilities of
wireless sensing and the defenses against them.
In this work, we aim to bridge this gap. First, we propose a framework to
systematize wireless sensing-based inference attacks. Our framework consists of
three key steps: deploying a sniffing device, sniffing wireless signals, and
inferring private information. Our framework can be used to guide the design of
new inference attacks since different attacks can instantiate these three steps
differently. Second, we propose a defense-in-depth framework to systematize
defenses against such inference attacks. The prevention component of our
framework aims to prevent inference attacks via obfuscating the wireless
signals around a human, while the detection component aims to detect and
respond to attacks. Third, based on our attack and defense frameworks, we
identify gaps in the existing literature and discuss future research
directions
- …