research-article

An Imperceptible Eavesdropping Attack on WiFi Sensing Systems

Authors:

Kui RenAuthors Info & Claims

IEEE/ACM Transactions on Networking, Volume 32, Issue 5

Pages 4009 - 4024

https://doi.org/10.1109/TNET.2024.3403839

Published: 28 May 2024 Publication History

Abstract

Recent years have witnessed enormous research efforts on WiFi sensing to enable intelligent services of Internet of Things. However, due to the omni-directional broadcasting manner of WiFi signals, the activity semantic underlying the signals can be leaked to adversaries for surveillance, as demonstrated by our previous work. In this paper, we further extend the attack capability of ActListener to impersonation attack, which could eavesdrop on users’ behavioral uniqueness imperceptibly using a WiFi infrastructure in any location of user sensing area. In particular, ActListener detects each human activity and converts the eavesdropped signals to that by legitimate devices based on our proposed signal propagation models. To extract noise-resilient individual behavioral uniqueness from converted CSI of WiFi signals, we further add user identification models into the substitute model set for training the signal pattern calibration generative model. Experimental results demonstrate that ActListener could achieve over 80% accuracy in activity semantics retrieval and impersonation by using the converted signals.

References

[1]

Y. Ma, G. Zhou, and S. Wang, “WiFi sensing with channel state information: A survey,” ACM Comput. Surv., vol. 52, no. 3, p. 46, 2019.

[2]

O. C. News. (2020). U.S. Households Will Have an Average of 20 Connected Devices by 2025. [Online]. Available: https://www.cordcuttersnews.com/us-households-will-have-an-average-of-20-connected-devices-by-2025/

[3]

P. I. Technology. Perspicace Intelligent Technology—AI Creates Happy Life. [Online]. Available: https://www.perspicace-china.com

[4]

Y. Wang, J. Liu, Y. Chen, M. Gruteser, J. Yang, and H. Liu, “E-eyes: Device-free location-oriented activity identification using fine-grained WiFi signatures,” in Proc. ACM MobiCom, Maui, HI, USA, 2014, pp. 617–628.

[5]

K. Ali, A. X. Liu, W. Wang, and M. Shahzad, “Keystroke recognition using WiFi signals,” in Proc. ACM MobiCom, Sep. 2015, pp. 90–102.

[6]

W. Wang, A. X. Liu, M. Shahzad, K. Ling, and S. Lu, “Understanding and modeling of WiFi signal based human activity recognition,” in Proc. ACM MobiCom, New York, USA, 2015, pp. 65–76.

[7]

H. Abdelnasser, M. Youssef, and K. A. Harras, “WiGest: A ubiquitous WiFi-based gesture recognition system,” in Proc. IEEE Conf. Comput. Commun. (INFOCOM), Apr. 2015, pp. 1472–1480.

[8]

W. Wang, A. X. Liu, and M. Shahzad, “Gait recognition using WiFi signals,” in Proc. ACM UbiComp, Sep. 2016, pp. 363–373.

[9]

O. Zhang and K. Srinivasan, “Mudra: User-friendly fine-grained gesture recognition using WiFi signals,” in Proc. ACM CoNEXT, Dec. 2016, pp. 83–96.

[10]

S. Tan and J. Yang, “WiFinger: Leveraging commodity WiFi for fine-grained finger gesture recognition,” in Proc. ACM MobiHoc, Paderborn, Germany, 2016, pp. 201–210.

[11]

K. Kim, L. Boelling, S. Haesler, J. N. Bailenson, G. Bruder, and G. F. Welch, “Does a digital assistant need a body? The influence of visual embodiment and social behavior on the perception of intelligent virtual agents in AR,” in Proc. IEEE Int. Symp. Mixed Augmented Reality (ISMAR), D. Chu, J. L. Gabbard, J. Grubert, and H. Regenbrecht, Eds. Munich, Germany: IEEE, Oct. 2018, pp. 105–114.

[12]

H. Kong, L. Lu, J. Yu, Y. Chen, L. Kong, and M. Li, “FingerPass: Finger gesture-based continuous user authentication for smart homes using commodity WiFi,” in Proc. ACM MobiHoc, Catania, Italy, Jul. 2019, pp. 201–210.

[13]

H. Kong, L. Lu, J. Yu, Y. Chen, and F. Tang, “Continuous authentication through finger gesture interaction for smart homes using WiFi,” IEEE Trans. Mobile Comput., vol. 20, no. 11, pp. 3148–3162, Nov. 2021.

[14]

H. Kong et al., “MultiAuth: Enable multi-user authentication with single commodity WiFi device,” in Proc. ACM MobiHoc, Shanghai, China, Jul. 2021, pp. 31–40.

[15]

H. Kong et al., “Push the limit of WiFi-based user authentication towards undefined gestures,” in Proc. IEEE Conf. Comput. Commun. (INFOCOM), London, U.K., May 2022, pp. 410–419.

[16]

H. Kong, L. Lu, J. Yu, Y. Chen, X. Xu, and F. Lyu, “Toward multi-user authentication using WiFi signals,” IEEE/ACM Trans. Netw., vol. 31, no. 5, pp. 2117–2132, 2023.

[17]

C. Shi, J. Liu, H. Liu, and Y. Chen, “Smart user authentication through actuation of daily activities leveraging WiFi-enabled IoT,” in Proc. ACM MobiHoc, Chennai, India, 2017, pp. 1–10.

[18]

M. Shahzad and S. Zhang, “Augmenting user identification with WiFi based gesture recognition,” Proc. ACM Interact., Mobile, Wearable Ubiquitous Technol., vol. 2, no. 3, p. 134, 2018.

[19]

IEEE.(2020). IEEE P802.11—WLAN Sensing Study Group. [Online]. Available: https://www.ieee802.org/11/Reports/senstig_update.htm

[20]

E. Au, “New standards initiative for using Wi-Fi for sensing [Standards],” IEEE Veh. Technol. Mag., vol. 15, no. 1, p. 119, Mar. 2020.

[21]

L. Lu, Z. Ba, F. Lin, J. Han, and K. Ren, “ActListener: Imperceptible activity surveillance by pervasive wireless infrastructures,” in Proc. IEEE 42nd Int. Conf. Distrib. Comput. Syst. (ICDCS), Bologna, Italy, Jul. 2022, pp. 776–786.

[22]

P. Security. (2018). Thousands of Home Routers Hacked—What Can You do? https://www.pandasecurity.com/en/mediacenter/mobile-news/routers-hacked/

[23]

S. Tan, L. Zhang, Z. Wang, and J. Yang, “MultiTrack: Multi-user tracking and activity recognition using commodity WiFi,” in Proc. ACM CHI, May 2019, pp. 1–12.

[24]

R. H. Venkatnarayan, G. Page, and M. Shahzad, “Multi-user gesture recognition using WiFi,” in Proc. ACM MobiSys, Jun. 2018, pp. 401–413.

[25]

Y. Zeng, P. H. Pathak, and P. Mohapatra, “WiWho: WiFi-based person identification in smart spaces,” in Proc. 15th ACM/IEEE Int. Conf. Inf. Process. Sensor Netw. (IPSN), Vienna, Austria, Apr. 2016, pp. 1–12.

[26]

J. Zhang, B. Wei, W. Hu, and S. S. Kanhere, “WiFi-ID: Human identification using WiFi signal,” in Proc. Int. Conf. Distrib. Comput. Sensor Syst. (DCOSS), Washington, DC, USA, May 2016, pp. 75–82.

[27]

D. Halperin, W. Hu, A. Sheth, and D. Wetherall, “Tool release: Gathering 802.11n traces with channel state information,” ACM SIGCOMM Comput. Commun. Rev., vol. 41, no. 1, p. 53, 2011.

[28]

B. News. (2019). A Data Leak Exposed the Personal Information of Over 3,000 Ring Users. [Online]. Available: https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users

[29]

S. Media. (2021). Camera Tricks: Privacy Concerns Raised After Massive Surveillance Cam Breach. [Online]. Available: https://www.scmagazine.com/home/security-news/iot/camera-tricks-privacy-concerns-raised-after-massive-surveillance-cam-breach/

[30]

F. Zhang et al., “Towards a diffraction-based sensing approach on human activity recognition,” Proc. ACM Interact., Mobile, Wearable Ubiquitous Technol., vol. 3, no. 1, p. 33, 2019.

[31]

M. H. Weik, “Inverse square law,” Computer Science and Communications Dictionary, 2000, p. 834.

[32]

Y. Zhuo, H. Zhu, and H. Xue, “Identifying a new non-linear CSI phase measurement error with commodity WiFi devices,” in Proc. IEEE 22nd Int. Conf. Parallel Distrib. Syst. (ICPADS), Wuhan, China, Dec. 2016, pp. 72–79.

[33]

M. Kotaru, K. Joshi, D. Bharadia, and S. Katti, “SpotFi: Decimeter level localization using WiFi,” in Proc. ACM Conf. Special Interest Group Data Commun., London, U.K., Aug. 2015, pp. 269–282.

[34]

J. Xiong and K. Jamieson, “ArrayTrack: A fine-grained indoor location system,” in Proc. USENIX Symp. Netw. Syst. Design Implement., Boston, MA, USA, 2013, pp. 71–84.

[35]

R. Schmidt, “Multiple emitter location and signal parameter estimation,” IEEE Trans. Antennas Propag., vol. AP-34, no. 3, pp. 276–280, Mar. 1986.

[36]

H. Xue, J. Yu, Y. Zhu, L. Lu, S. Qian, and M. Li, “WiZoom: Accurate multipath profiling using commodity WiFi devices with limited bandwidth,” in Proc. 16th Annu. IEEE Int. Conf. Sens., Commun., Netw. (SECON), Boston, MA, USA, Jun. 2019, pp. 1–9.

[37]

A. Waibel, T. Hanazawa, G. Hinton, K. Shikano, and K. J. Lang, “Phoneme recognition using time-delay neural networks,” IEEE Trans. Acoust. Speech Signal Process., vol. 37, no. 3, pp. 328–339, 1989.

[38]

A. Krizhevsky, I. Sutskever, and G. E. Hinton, “ImageNet classification with deep convolutional neural networks,” in Proc. Adv. Neural Inf. Process. Syst., 2012, pp. 1097–1105.

[39]

S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” 2015, arXiv:1502.03167.

[40]

A. L. Maas, A. Y. Hannun, and A. Y. Ng, “Rectifier nonlinearities improve neural network acoustic models,” in Proc. ICML, Atlanta, GA, USA, 2013, pp. 1–16.

[41]

C. Blancher. (2005). Attacking WiFi Networks With Traffic Injection. [Online]. Available: http://axellec.chez.com/securite/LSM2005/WirelessInjection_CedricBlancher_LSM2005_slides.pdf

[42]

OpenWrt.(2020). Flashing OpenWrt With WiFi Enabled on First Boot. [Online]. Available: https://openwrt.org/docs/guide-user/installation/flashing_openwrt_with_wifi_enabled_on_first_boot

[43]

D. Halperin, W. Hu, A. Sheth, and D. Wetherall, “Predictable 802.11 packet delivery from wireless channel measurements,” ACM SIGCOMM Comput. Commun. Rev., vol. 40, no. 4, pp. 159–170, Aug. 2010.

[44]

F. Wang, S. Zhou, S. Panev, J. Han, and D. Huang, “Person-in-WiFi: Fine-grained person perception using WiFi,” in Proc. IEEE/CVF Int. Conf. Comput. Vis. (ICCV), Oct. 2019, pp. 5451–5460.

[45]

W. Jiang et al., “Towards environment independent device free human activity recognition,” in Proc. 24th Annu. Int. Conf. Mobile Comput. Netw., New Delhi, India, 2018, pp. 289–304.

Digital Library

[46]

Y. Zheng et al., “Zero-effort cross-domain gesture recognition with Wi-Fi,” in Proc. 17th Annu. Int. Conf. Mobile Syst. Appl. Services, Seoul, Republic of Korea, 2019, pp. 313–325.

[47]

J. Liu, Y. Wang, Y. Chen, J. Yang, X. Chen, and J. Cheng, “Tracking vital signs during sleep leveraging off-the-shelf WiFi,” in Proc. ACM MobiHoc, Hangzhou, China, 2015, pp. 267–276.

[48]

C. Yang and H.-R. Shao, “WiFi-based indoor positioning,” IEEE Commun. Mag., vol. 53, no. 3, pp. 150–157, Mar. 2015.

[49]

E. Shi and A. Perrig, “Designing secure sensor networks,” IEEE Wireless Commun., vol. 11, no. 6, pp. 38–43, Dec. 2004.

[50]

S. Fang, T. Wang, Y. Liu, S. Zhao, and Z. Lu, “Entrapment for wireless eavesdroppers,” in Proc. IEEE Conf. Comput. Commun. (INFOCOM), Paris, France, Apr. 2019, pp. 2530–2538.

[51]

S. Fang, I. Markwood, and Y. Liu, “Manipulatable wireless key establishment,” in Proc. IEEE Conf. Commun. Netw. Secur. (CNS), Las Vegas, NV, USA, Oct. 2017, pp. 1–9.

[52]

Y.-C. Tung, S. Han, D. Chen, and K. G. Shin, “Vulnerability and protection of channel state information in multiuser MIMO networks,” in Proc. ACM CCS, Scottsdale, AZ, USA, 2014, pp. 775–786.

[53]

A. Chaman, J. Wang, J. Sun, H. Hassanieh, and R. Roy Choudhury, “Ghostbuster: Detecting the presence of hidden eavesdroppers,” in Proc. 24th Annu. Int. Conf. Mobile Comput. Netw., New Delhi, India, Oct. 2018, pp. 337–351.

[54]

T. J. Pierson, T. Peters, R. Peterson, and D. Kotz, “Proximity detection with single-antenna IoT devices,” in Proc. ACM MobiCom, Los Cabos, Mexico, 2019, p. 21:1–21:15.

[55]

M. Alyami, I. Alharbi, C. Zou, Y. Solihin, and K. Ackerman, “WiFi-based IoT devices profiling attack based on eavesdropping of encrypted WiFi traffic,” in Proc. IEEE 19th Annu. Consum. Commun. Netw. Conf. (CCNC), Las Vegas, NV, USA, Jan. 2022, pp. 385–392.

[56]

M. Fomichev, F. Álvarez, D. Steinmetzer, P. Gardner-Stephen, and M. Hollick, “Survey and systematization of secure device pairing,” IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 517–550, 1st Quart., 2017.

[57]

J. Zhang et al., “Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality,” Mobile Inf. Syst., vol. 2016, Apr. 2016, Art. no.

[58]

Y. Meng, J. Li, H. Zhu, X. Liang, Y. Liu, and N. Ruan, “Revealing your mobile password via WiFi signals: Attacks and countermeasures,” IEEE Trans. Mobile Comput., vol. 19, no. 2, pp. 432–449, Feb. 2020.

[59]

Y. Zhou, H. Chen, C. Huang, and Q. Zhang, “WiADv: Practical and robust adversarial attack against WiFi-based gesture recognition system,” Proc. ACM Interact., Mobile, Wearable Ubiquitous Technol., vol. 6, no. 2, p. 92, 2022.

[60]

J. Liu, Y. He, C. Xiao, J. Han, L. Cheng, and K. Ren, “Physical-world attack towards WiFi-based behavior recognition,” in Proc. IEEE Conf. Comput. Commun. (INFOCOM), London, U.K., Jun. 2022, pp. 400–409.

[61]

L. Xu, X. Zheng, X. Li, Y. Zhang, L. Liu, and H. Ma, “WiCAM: Imperceptible adversarial attack on deep learning based WiFi sensing,” in Proc. 19th Annu. IEEE Int. Conf. Sens., Commun., Netw. (SECON), Stockholm, Sweden, Sep. 2022, pp. 10–18.

Cited By

Zhang MLu LWu YYan ZSun JLin FRen K(2025)DroneAudioID: A Lightweight Acoustic Fingerprint-Based Drone Authentication System for Secure Drone DeliveryIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.352781420(1447-1461)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TIFS.2025.3527814

Index Terms

An Imperceptible Eavesdropping Attack on WiFi Sensing Systems
1. Networks
  1. Network properties
    1. Network security
      1. Mobile and wireless security
  2. Network types
    1. Mobile networks
    2. Wireless access networks
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

WiCAM2.0: Imperceptible and Targeted Attack on Deep Learning based WiFi Sensing
With the widespread adoption of deep learning models in wireless sensing, substantial efforts have been made to develop sophisticated models that improve the accuracy and performance of sensing applications. However, the exploration of potential ...
Active eavesdropping via spoofing relay attack
2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
This paper studies a new active eavesdropping technique via the so-called spoofing relay attack, which could be launched by the eavesdropper to significantly enhance the information leakage rate from the source over conventional passive eavesdropping. ...
WiCAM: Imperceptible Adversarial Attack on Deep Learning based WiFi Sensing
2022 19th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)
With the popularization of deep learning models in wireless sensing, researchers have made considerable efforts to construct sophisticated models to improve the accuracy of related applications. But very few studies have addressed the potential ...

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 32, Issue 5

Oct. 2024

897 pages

Issue’s Table of Contents

1063-6692 © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 28 May 2024

Published in TON Volume 32, Issue 5

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
23
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)8

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang MLu LWu YYan ZSun JLin FRen K(2025)DroneAudioID: A Lightweight Acoustic Fingerprint-Based Drone Authentication System for Secure Drone DeliveryIEEE Transactions on Information Forensics and Security10.1109/TIFS.2025.352781420(1447-1461)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TIFS.2025.3527814

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents