2 research outputs found
Wi-attack: Cross-technology Impersonation Attack against iBeacon Services
iBeacon protocol is widely deployed to provide location-based services. By
receiving its BLE advertisements, nearby devices can estimate the proximity to
the iBeacon or calculate indoor positions. However, the open nature of these
advertisements brings vulnerability to impersonation attacks. Such attacks
could lead to spam, unreliable positioning, and even security breaches. In this
paper, we propose Wi-attack, revealing the feasibility of using WiFi devices to
conduct impersonation attacks on iBeacon services. Different from impersonation
attacks using BLE compatible hardware, Wi-attack is not restricted by
broadcasting intervals and is able to impersonate multiple iBeacons at the same
time. Effective attacks can be launched on iBeacon services without
modifications to WiFi hardware or firmware. To enable direct communication from
WiFi to BLE, we use the digital emulation technique of cross technology
communication. To enhance the packet reception along with its stability, we add
redundant packets to eliminate cyclic prefix error entirely. The emulation
provides an iBeacon packet reception rate up to 66.2%. We conduct attacks on
three iBeacon services scenarios, point deployment, multilateration, and
fingerprint-based localization. The evaluation results show that Wi-attack can
bring an average distance error of more than 20 meters on fingerprint-based
localization using only 3 APs.Comment: 9 pages; 26 figures; 2021 18th Annual IEEE International Conference
on Sensing, Communication, and Networking (SECON), 202
Physical Layer Challenges and Solutions in Seamless Positioning via GNSS, Cellular and WLAN Systems
As different positioning applications have started to be a common part of our lives, positioning methods have to cope with increasing demands. Global Navigation Satellite System (GNSS) can offer accurate location estimate outdoors, but achieving seamless large-scale indoor localization remains still a challenging topic. The requirements for simple and cost-effective indoor positioning system have led to the utilization of wireless systems already available, such as cellular networks and Wireless Local Area Network (WLAN). One common approach with the advantage of a large-scale standard-independent implementation is based on the Received Signal Strength (RSS) measurements.This thesis addresses both GNSS and non-GNSS positioning algorithms and aims to offer a compact overview of the wireless localization issues, concentrating on some of the major challenges and solutions in GNSS and RSS-based positioning. The GNSS-related challenges addressed here refer to the channel modelling part for indoor GNSS and to the acquisition part in High Sensitivity (HS)-GNSS. The RSSrelated challenges addressed here refer to the data collection and calibration, channel effects such as path loss and shadowing, and three-dimensional indoor positioning estimation.This thesis presents a measurement-based analysis of indoor channel models for GNSS signals and of path loss and shadowing models for WLAN and cellular signals. Novel low-complexity acquisition algorithms are developed for HS-GNSS. In addition, a solution to transmitter topology evaluation and database reduction solutions for large-scale mobile-centric RSS-based positioning are proposed. This thesis also studies the effect of RSS offsets in the calibration phase and various floor estimators, and offers an extensive comparison of different RSS-based positioning algorithms