RISE: Robust Wireless Sensing Using Probabilistic and Statistical Assessments

Peer reviewe

Pushing the Physical Limits of IoT Devices with Programmable Metasurfaces

Small, low-cost IoT devices are typically equipped with only a single, low-quality antenna, significantly limiting communication range and link quality. In particular, these antennas are typically linearly polarized and therefore susceptible to polarization mismatch, which can easily cause 10-15 dBm of link loss on communication to and from such devices. In this work, we highlight this under-appreciated issue and propose the augmentation of IoT deployment environments with programmable, RF-sensitive surfaces made of metamaterials. Our smart meta-surface mitigates polarization mismatch by rotating the polarization of signals that pass through or reflect off the surface. We integrate our metasurface into an IoT network as LAMA, a Low-power Lattice of Actuated Metasurface Antennas, designed for the pervasively used 2.4 GHz ISM band. We optimize LAMA's metasurface design for both low transmission loss and low cost, to facilitate deployment at scale. We then build an end-to-end system that actuates the metasurface structure to optimize for link performance in real time. Our experimental prototype-based evaluation demonstrates gains in link power of up to 15 dBm, and wireless capacity improvements of 100 and 180 Kbit/s/Hz in through-surface and surface-reflective scenarios, respectively, attributable to the polarization rotation properties of LAMA'S metasurface

LungTrack: towards contactless and zero dead-zone respiration monitoring with commodity RFIDs

International audienceRespiration rate sensing plays a critical role in elderly care and patient monitoring. The latest research has explored the possibility of employing Wi-Fi signals for respiration sensing without attaching a device to the target. A critical issue with these solutions includes that good monitoring performance could only be achieved at certain locations within the sensing range, while the performance could be quite poor at other "dead zones." In addition, due to the contactless nature, it is challenging to monitor multiple targets simultaneously as the reflected signals are often mixed together. In this work, we present our system, named LungTrack, hosted on commodity RFID devices for respiration monitoring. Our system retrieves subtle signal fluctuations at the receiver caused by chest displacement during respiration without need for attaching any devices to the target. It addresses the dead-zone issue and enables simultaneous monitoring of two human targets by employing one RFID reader and carefully positioned multiple RFID tags, using an optimization technique. Comprehensive experiments demonstrate that LungTrack can achieve a respiration monitoring accuracy of greater than 98% for a single target at all sensing locations (within 1 st − 5 th Fresnel zones) using just one RFID reader and five tags, when the target's orientation is known a priori. For the challenging scenario involve two human targets, LungTrack is able to achieve greater than 93% accuracy when the targets are separated by at least 10 cm

Exploiting wireless received signal strength indicators to detect evil-twin attacks in smart homes

Evil-twin is becoming a common attack in Smart Home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel evil-twin attack detection method based on the received signal strength indicator (RSSI). Our key insight is that the location of the genuine AP rarely moves in a home environment and as a result the RSSI of the genuine AP is relatively stable. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the WIFI signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of an one-off, modest connection delay

Exploiting dynamic scheduling for VM-based code obfuscation

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed scheduling structure where the program follows a single, static execution path for the same input. Such approaches, however, are vulnerable to certain scenarios where the attacker can reuse knowledge extracted from previously seen software to crack applications using similar protection schemes. This paper presents DSVMP, a novel VM-based code obfuscation approach for software protection. DSVMP brings together two techniques to provide stronger code protection than prior VM-based schemes. Firstly, it uses a dynamic instruction scheduler to randomly direct the program to execute different paths without violating the correctness across different runs. By randomly choosing the program execution paths, the application exposes diverse behavior, making it much more difficult for an attacker to reuse the knowledge collected from previous runs or similar applications to perform attacks. Secondly, it employs multiple VMs to further obfuscate the relationship between VM bytecode and their interpreters, making code analysis even harder. We have implemented DSVMP in a prototype system and evaluated it using a set of widely used applications. Experimental results show that DSVMP provides stronger protection with comparable runtime overhead and code size when compared to two commercial VMbased code obfuscation tools

Protect sensitive information against channel state information based attacks

Channel state information (CSI) has been recently shown to be useful in performing security attacks in public WiFi environments. By analyzing how CSI is affected by the finger motions, CSI-based attacks can effectively reconstruct text-based passwords and locking patterns. This paper presents WiGuard, a novel system to protect sensitive on-screen gestures in a public place. Our approach carefully exploits the WiFi channel interference to introduce noise into the attacker's CSI measurement to reduce the success rate of the attack. Our approach automatically detects when a CSI-based attack happens. We evaluate our approach by applying it to protect text-based passwords and pattern locks on mobile devices. Experimental results show that our approach is able to reduce the success rate of CSI attacks from 92% to 42% for text-based passwords and from 82% to 22% for pattern lock

Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed scheduling structure where the program always follows a single, deterministic execution path for the same input. Such approaches, however, are vulnerable in certain scenarios where the attacker can reuse knowledge extracted from previously seen software to crack applications protected with the same obfuscation scheme. This paper presents Dsvmp, a novel VM-based code obfuscation approach for software protection. Dsvmp brings together two techniques to provide stronger code protection than prior VM-based approaches. Firstly, it uses a dynamic instruction scheduler to randomly direct the program to execute different paths without violating the correctness across different runs. By randomly choosing the program execution path, the application exposes diverse behavior, making it much more difficult for an attacker to reuse the knowledge collected from previous runs or similar applications to launch an attack. Secondly, it employs multiple VMs to further obfuscate the mapping from VM opcode to native machine instructions, so that the same opcode could be mapped to different native instructions at runtime, making code analysis even harder. We have implemented Dsvmp in a prototype system and evaluated it using a set of widely used applications. Experimental results show that Dsvmp provides stronger protection with comparable runtime overhead and code size, when it is compared to two commercial VM-based code obfuscation tools

Find Me A Safe Zone:A Countermeasure for Channel State Information Based Attacks

Recently, channel state information (CSI) is shown to be an effective side-channel to perform attacks in public environments. Prior work has demonstrated that by analyzing how the CSI measurements of the wireless signal are affected by the mobile user's finger movements or gestures, an attacker can recover the user's input with a high success rate. Furthermore, the setup of this new attack is trivial, where the adversary only needs to place one or two malicious wireless devices near the target user. It would be difficult for many users to identify the nearby malicious devices while they want to continue to use mobile applications in public places. This dilemma makes protection of CSI-based attacks an urgent need. This article presents the first countermeasure for CSI-based attacks. Our key insight is that the success of any CSI-based attack requires high-quality CSI measurements; and we can significantly reduce the risk of information leakage by directing the user to a nearby location where the CSI readings are inherently noisy. To this end, we develop a regression based method to assess the risk of CSI-based attacks and exploit a well-established localization technique to identify potential malicious wireless devices. We then use this information to guide the user to a safe zone. We evaluate our approach by applying it to protect pattern lock and keystrokes in various indoor and outdoor environments. Experimental results show that our approach can effectively protect mobile users against CSI-based attacks