SlideShare a Scribd company logo

Wi-Fi Sensing: Attack on Privacy & Countermeasures

Download as PPTX, PDF
Speck&Tech
Speck&Tech

Wi-Fi signals can be used to sense and track a person's location without consent by analyzing the channel state information (CSI) of packets. This poses a privacy risk. The document proposes obfuscating the CSI through randomization techniques at the transmitter to "blur" location fingerprints while maintaining communication performance. Experiments show basic randomization reduces correct localization from over 90% to under 20% for a single receiver. Advanced techniques balance privacy and packet delivery rate. Proper CSI manipulation can help counter unwarranted Wi-Fi tracking while allowing normal operation.

Technology
1 of 24
Wi-Fi Sensing: Attack on Privacy &Countermeasures Advanced Networking Systems, DII University of Brescia – Italy https://ans.unibs.it/ Renato Lo Cigno with the fundamental contribution of • Francesco Gringoli • Marco Cominelli • Lorenzo Ghiro
Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 1
Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 2
Common view of Wi-Fi But we are interested in Wi-Fi packets and signals, not the network! Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 3 AP AP AP Wired LAN / Eth Switch AP: Access Point "INTERNET" Router
Wi-Fi packets & signals - 1 • 802.11 comes in many flavors: g/a/h/ac/ax ... • They define different packet formats and transmission technologies, including MIMO Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 4 h11 h22
Wi-Fi packets & signals - 2 • 802.11 comes in many flavors: g/a/h/ac/ax ... • Some fields in the packets remain fixed and are used to help the correct reception Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 5 L-STF L-LTF L-SIG VHT-SIG-A VHT-STF VHT-LTF VHT-SIG-B DATA 8µs 8µs 4µs 8µs 4µs 4µs 8µs 4µs 4µs ... 20MHz 20MHz 20MHz 20MHz 256 carriers 80MHz IDFT X {...,SIN n,...} I/Q samples central carrier modulated signal s(t) to antenna {...,Sout n,...} randomizer
Wi-Fi packets & signals - 3 Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 6 • 802.11 comes in many flavors: g/a/h/ac/ax ... • All versions use OFDM as modulation technique
Wi-Fi ChannelStateInformation(CSI) Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 7 • Packet decoding happens thanks to the knowledge of the distortion introduced by the channel (multipath, refractions, ...) • This knowledge (CSI) is obtained thanks analyzing known portions of the packets
Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 8
Wi-Fi PositionSensing Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 9 input filter sampling equalizer decoding localization system received bits estimated position CSI extraction input filter sampling equalizer decoding received bits CSI extraction RX1 RX2 U • CSI is essential for equalization and high throughput • Once extracted the CSI can also be used to sense & probe the environment • People (& objects) change the channel response
Wi-Fi PositionSensing Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 10 • CSI most evident characteristic is the amplitude change in frequency • Amplitude heatmap with the same person in two different positions in our lab • Question: how to exploit this information?
CNN Fingerprinting • Most recent "trend" is using supervised learning with a Convolutional Neural Network • CSI I/Q samples are fed to the CNN that returns a position classification Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 11 Conv. Layer 1 Conv. Layer 2 Fully-Conn. Layer 1 Fully-Conn. Layer 2 Fully-Conn. Layer 3 CNN CSI values (real / imag) 8 Indoor Locations • It works, we'll see results • Still fragile, but AI is improving VERY fast
Localization • Tracking a person without her/his consent • Violate privacy • Often violate laws / rules • Channel State Information (CSI) carries details on the propagation environment Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 12 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 ` BIG BROTHER IS SENSING YOU
Localization • Big Brother • Controls one (or more) receivers • Knows the position of Tx (e.g., an Access Point) • The victim • Is unaware of the system • Does not need to hold a Wi-Fi device Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 13 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 ` BIG BROTHER IS SENSING YOU
Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 14
CSI Randomization • Proper manipulation at the transmitter "blur" the fingerprints • Different manipulations result in different "blurring" • Manipulation should not hamper communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 15
ManipulationPrinciples 1. Do not alter power emission 2. Guarantee that the pre-distortion random changes are compatible with human (time correlation) 3. Guarantee that the pre-distortion random changes in frequency are compatible with the real channel 4. Hide distortion information to prevent reverse engineering within a reasonable time horizon 5. Do not change the communication performance of the system Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 16
Basic Manipulation • Multiply the samples amplitude by a Uniform-Markov random process Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 17
Localization Results • Performance of single receivers Percentage of correct decision: random choice = 12.5% Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 18 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 Rx1 Rx2 Rx3 Rx4 Rx5 Clean 90.6 89.6 93.1 83.1 67.6 Obfuscate 17.6 41.9 15.4 33.6 15.6 C&F, nm 12.9 57.4 30.6 60.5 21.4 F&C 8.8 28.0 7.4 15.2 0.0 F&Cm nm 24.5 37.8 22.1 44.9 22.6
Localization Results • Majority vote with Nr receivers, average of all combinations • Correct decision (not decided) Percentage of correct (not decided) localization Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 19 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 Nr=2 Nr = 3 Nr = 4 Nr = 54 Clean 71.1 (28.9) 95.7 ( 4.3) 99.1 ( 0.1) 100.0 ( 0.0) Obfuscate 8.7 (72.5) 18.1 (39.1) 19.2 (22.9) 18.2 (20.1) C&F, nm 13.7 (75.0) 29.8 (42.0) 36.4 (24.4) 34.0 (23.0) F&C 1.1 (70.2) 3.1 (35.9) 2.6 (23.2) 1.5 (31.2) F&Cm nm 18.2 (60.6) 25.4 (33.1) 27.3 (23.9) 31.4 (16.5)
Packet Delivery Rate • PDR is influenced by manipulation MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 20 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean
Packet Delivery Rate • PDR is influenced by manipulation MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 21 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean Filter & Clip Filter & Clip no Max
Packet Delivery Rate • PDR is influenced by manipulation • Proper analysis of the properties can reduce the impact MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 22 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean Filter & Clip Filter & Clip no Max Clip & Filter Clip & Filter no Max
Wi-Fi Sensing: Attack on Privacy &Countermeasures Advanced Networking Systems, DII University of Brescia – Italy https://ans.unibs.it/ Renato Lo Cigno ¡Thanks for theAttention!

Recommended

Seeing Through Walls Using Wi-Vi
Seeing Through Walls Using Wi-ViSeeing Through Walls Using Wi-Vi
Seeing Through Walls Using Wi-ViIRJET Journal
 
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...South Tyrol Free Software Conference
 
Rfid based localization
Rfid based localizationRfid based localization
Rfid based localizationMehjabin Sultana
 
Border security
Border securityBorder security
Border securityFarah Naaz
 
5G-Range Project
5G-Range Project 5G-Range Project
5G-Range Project ATMOSPHERE .
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...South Tyrol Free Software Conference
 
Using ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionUsing ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionITU
 

Recommended

Seeing Through Walls Using Wi-Vi
Seeing Through Walls Using Wi-ViSeeing Through Walls Using Wi-Vi
Seeing Through Walls Using Wi-ViIRJET Journal
 
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...
SFScon 2020 - Gabriele Scarton - The Blueslemon project using short-range wir...South Tyrol Free Software Conference
 
Rfid based localization
Rfid based localizationRfid based localization
Rfid based localizationMehjabin Sultana
 
Border security
Border securityBorder security
Border securityFarah Naaz
 
5G-Range Project
5G-Range Project 5G-Range Project
5G-Range Project ATMOSPHERE .
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...Stefano Salsano
 
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...
SFScon21 - Gabriele Scarton - droneONtrap project: smart traps for remote fie...South Tyrol Free Software Conference
 
Using ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionUsing ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionITU
 
Sigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CitySigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CityNicolas Lesconnec
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usRISC-V International
 
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLSA SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLSijcsa
 
Ingrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the projectIngrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the projectimec.archive
 
DEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblinsDEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblinsFelipe Prado
 
Wardiving and Network-Sniffing
Wardiving and Network-SniffingWardiving and Network-Sniffing
Wardiving and Network-SniffingAn Dy L
 
Adaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating SupportAdaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating SupportMDC_UNICA
 
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa ConnectivityGlobal Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa ConnectivityAndri Yadi
 
Gigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technologyGigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technologyNimisha Radhakrishnan
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4Chaesub Lee
 
NI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINALNI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINALbinjon
 
Sub10 presentation
Sub10 presentationSub10 presentation
Sub10 presentationAdvantec Distribution
 
Sub10 presentation
Sub10 presentationSub10 presentation
Sub10 presentationAdvantec Distribution
 
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...IRJET Journal
 
Near Field Communication (NFC)
Near Field Communication (NFC)Near Field Communication (NFC)
Near Field Communication (NFC)deepak171991
 
2-3-IoT Deployments: Smart City Case Study - Marc Nader
2-3-IoT Deployments: Smart City Case Study - Marc Nader2-3-IoT Deployments: Smart City Case Study - Marc Nader
2-3-IoT Deployments: Smart City Case Study - Marc NaderElectrical Consultant Engineers Branch - Order of Engineers & Architects - Beirut
 
Towards Telepresence
Towards TelepresenceTowards Telepresence
Towards TelepresenceLarry Smarr
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
The Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement IndoorsThe Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement IndoorsTELKOMNIKA JOURNAL
 
Internet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart BuildingsInternet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart BuildingsFaheem Zafari
 
What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresSpeck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Speck&Tech
 

More Related Content

Similar to Wi-Fi Sensing: Attack on Privacy & Countermeasures

Sigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CitySigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CityNicolas Lesconnec
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usRISC-V International
 
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLSA SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLSijcsa
 
Ingrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the projectIngrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the projectimec.archive
 
DEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblinsDEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblinsFelipe Prado
 
Wardiving and Network-Sniffing
Wardiving and Network-SniffingWardiving and Network-Sniffing
Wardiving and Network-SniffingAn Dy L
 
Adaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating SupportAdaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating SupportMDC_UNICA
 
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa ConnectivityGlobal Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa ConnectivityAndri Yadi
 
Gigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technologyGigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technologyNimisha Radhakrishnan
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4Chaesub Lee
 
NI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINALNI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINALbinjon
 
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...IRJET Journal
 
Near Field Communication (NFC)
Near Field Communication (NFC)Near Field Communication (NFC)
Near Field Communication (NFC)deepak171991
 
Towards Telepresence
Towards TelepresenceTowards Telepresence
Towards TelepresenceLarry Smarr
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
The Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement IndoorsThe Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement IndoorsTELKOMNIKA JOURNAL
 
Internet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart BuildingsInternet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart BuildingsFaheem Zafari
 

Similar to Wi-Fi Sensing: Attack on Privacy & Countermeasures (20)

Sigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CitySigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico City
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
 
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLSA SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
A SURVEY ON QUANTUM KEY DISTRIBUTION PROTOCOLS
 
Ingrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the projectIngrid moerman isbo ng wi nets - overview of the project
Ingrid moerman isbo ng wi nets - overview of the project
 
DEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblinsDEF CON 23 - Desfigies Brierton Islam - guests n goblins
DEF CON 23 - Desfigies Brierton Islam - guests n goblins
 
Wardiving and Network-Sniffing
Wardiving and Network-SniffingWardiving and Network-Sniffing
Wardiving and Network-Sniffing
 
Adaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating SupportAdaptable AES Implementation with Power-Gating Support
Adaptable AES Implementation with Power-Gating Support
 
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa ConnectivityGlobal Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
Global Azure Bootcamp 2017 - Azure IoT Hub with LoRa Connectivity
 
Gigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technologyGigabit Fidelity: The next generation wireless technology
Gigabit Fidelity: The next generation wireless technology
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4
 
NI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINALNI_Wireless_Research_Handbook_May_2016_FINAL
NI_Wireless_Research_Handbook_May_2016_FINAL
 
Sub10 presentation
Sub10 presentationSub10 presentation
Sub10 presentation
 
Sub10 presentation
Sub10 presentationSub10 presentation
Sub10 presentation
 
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
IRJET- Underground Cable Fault Detection and Transmission of Intimation t...
 
Near Field Communication (NFC)
Near Field Communication (NFC)Near Field Communication (NFC)
Near Field Communication (NFC)
 
2-3-IoT Deployments: Smart City Case Study - Marc Nader
2-3-IoT Deployments: Smart City Case Study - Marc Nader2-3-IoT Deployments: Smart City Case Study - Marc Nader
2-3-IoT Deployments: Smart City Case Study - Marc Nader
 
Towards Telepresence
Towards TelepresenceTowards Telepresence
Towards Telepresence
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
 
The Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement IndoorsThe Locator Framework for Detecting Movement Indoors
The Locator Framework for Detecting Movement Indoors
 
Internet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart BuildingsInternet of Things (IoT): Micro-location and Smart Buildings
Internet of Things (IoT): Micro-location and Smart Buildings
 

More from Speck&Tech

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresSpeck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Speck&Tech
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaSpeck&Tech
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesSpeck&Tech
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designSpeck&Tech
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerSpeck&Tech
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsSpeck&Tech
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Speck&Tech
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Speck&Tech
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with careSpeck&Tech
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsSpeck&Tech
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computersSpeck&Tech
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computersSpeck&Tech
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsSpeck&Tech
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologySpeck&Tech
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating WoodSpeck&Tech
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXSpeck&Tech
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceSpeck&Tech
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right routeSpeck&Tech
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Speck&Tech
 

More from Speck&Tech (20)

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIX
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for science
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right route
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Wi-Fi Sensing: Attack on Privacy & Countermeasures

  • 1. Wi-Fi Sensing: Attack on Privacy &Countermeasures Advanced Networking Systems, DII University of Brescia – Italy https://ans.unibs.it/ Renato Lo Cigno with the fundamental contribution of • Francesco Gringoli • Marco Cominelli • Lorenzo Ghiro
  • 2. Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 1
  • 3. Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 2
  • 4. Common view of Wi-Fi But we are interested in Wi-Fi packets and signals, not the network! Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 3 AP AP AP Wired LAN / Eth Switch AP: Access Point "INTERNET" Router
  • 5. Wi-Fi packets & signals - 1 • 802.11 comes in many flavors: g/a/h/ac/ax ... • They define different packet formats and transmission technologies, including MIMO Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 4 h11 h22
  • 6. Wi-Fi packets & signals - 2 • 802.11 comes in many flavors: g/a/h/ac/ax ... • Some fields in the packets remain fixed and are used to help the correct reception Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 5 L-STF L-LTF L-SIG VHT-SIG-A VHT-STF VHT-LTF VHT-SIG-B DATA 8µs 8µs 4µs 8µs 4µs 4µs 8µs 4µs 4µs ... 20MHz 20MHz 20MHz 20MHz 256 carriers 80MHz IDFT X {...,SIN n,...} I/Q samples central carrier modulated signal s(t) to antenna {...,Sout n,...} randomizer
  • 7. Wi-Fi packets & signals - 3 Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 6 • 802.11 comes in many flavors: g/a/h/ac/ax ... • All versions use OFDM as modulation technique
  • 8. Wi-Fi ChannelStateInformation(CSI) Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 7 • Packet decoding happens thanks to the knowledge of the distortion introduced by the channel (multipath, refractions, ...) • This knowledge (CSI) is obtained thanks analyzing known portions of the packets
  • 9. Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 8
  • 10. Wi-Fi PositionSensing Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 9 input filter sampling equalizer decoding localization system received bits estimated position CSI extraction input filter sampling equalizer decoding received bits CSI extraction RX1 RX2 U • CSI is essential for equalization and high throughput • Once extracted the CSI can also be used to sense & probe the environment • People (& objects) change the channel response
  • 11. Wi-Fi PositionSensing Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 10 • CSI most evident characteristic is the amplitude change in frequency • Amplitude heatmap with the same person in two different positions in our lab • Question: how to exploit this information?
  • 12. CNN Fingerprinting • Most recent "trend" is using supervised learning with a Convolutional Neural Network • CSI I/Q samples are fed to the CNN that returns a position classification Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 11 Conv. Layer 1 Conv. Layer 2 Fully-Conn. Layer 1 Fully-Conn. Layer 2 Fully-Conn. Layer 3 CNN CSI values (real / imag) 8 Indoor Locations • It works, we'll see results • Still fragile, but AI is improving VERY fast
  • 13. Localization • Tracking a person without her/his consent • Violate privacy • Often violate laws / rules • Channel State Information (CSI) carries details on the propagation environment Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 12 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 ` BIG BROTHER IS SENSING YOU
  • 14. Localization • Big Brother • Controls one (or more) receivers • Knows the position of Tx (e.g., an Access Point) • The victim • Is unaware of the system • Does not need to hold a Wi-Fi device Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 13 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 ` BIG BROTHER IS SENSING YOU
  • 15. Outline& Goals • Wi-Fi Fundamentals • CSI-based Wi-Fi Localization & Sensing • Learning positions with CNNs fingerprinting • Obfuscation through CSI randomization • Proper manipulation of the CSI at the transmitter or with and intelligent ambient can hide position information & maintain communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 14
  • 16. CSI Randomization • Proper manipulation at the transmitter "blur" the fingerprints • Different manipulations result in different "blurring" • Manipulation should not hamper communication performance Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 15
  • 17. ManipulationPrinciples 1. Do not alter power emission 2. Guarantee that the pre-distortion random changes are compatible with human (time correlation) 3. Guarantee that the pre-distortion random changes in frequency are compatible with the real channel 4. Hide distortion information to prevent reverse engineering within a reasonable time horizon 5. Do not change the communication performance of the system Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 16
  • 18. Basic Manipulation • Multiply the samples amplitude by a Uniform-Markov random process Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 17
  • 19. Localization Results • Performance of single receivers Percentage of correct decision: random choice = 12.5% Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 18 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 Rx1 Rx2 Rx3 Rx4 Rx5 Clean 90.6 89.6 93.1 83.1 67.6 Obfuscate 17.6 41.9 15.4 33.6 15.6 C&F, nm 12.9 57.4 30.6 60.5 21.4 F&C 8.8 28.0 7.4 15.2 0.0 F&Cm nm 24.5 37.8 22.1 44.9 22.6
  • 20. Localization Results • Majority vote with Nr receivers, average of all combinations • Correct decision (not decided) Percentage of correct (not decided) localization Speck&Tech- Trento, Sept.29, 2022. Wi-FiSensing:Attack ... renato.locigno@unibs.it 19 6.60 m Tx Rx2 7.00 m P1 P2 P3 P8 P4 P7 P6 P5 Rx5 Rx1 Rx3 Rx4 Nr=2 Nr = 3 Nr = 4 Nr = 54 Clean 71.1 (28.9) 95.7 ( 4.3) 99.1 ( 0.1) 100.0 ( 0.0) Obfuscate 8.7 (72.5) 18.1 (39.1) 19.2 (22.9) 18.2 (20.1) C&F, nm 13.7 (75.0) 29.8 (42.0) 36.4 (24.4) 34.0 (23.0) F&C 1.1 (70.2) 3.1 (35.9) 2.6 (23.2) 1.5 (31.2) F&Cm nm 18.2 (60.6) 25.4 (33.1) 27.3 (23.9) 31.4 (16.5)
  • 21. Packet Delivery Rate • PDR is influenced by manipulation MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 20 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean
  • 22. Packet Delivery Rate • PDR is influenced by manipulation MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 21 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean Filter & Clip Filter & Clip no Max
  • 23. Packet Delivery Rate • PDR is influenced by manipulation • Proper analysis of the properties can reduce the impact MedComNet'21- PassiveDevice Free... marco.cominelli@unibs.it 22 0 1 2 3 4 5 6 7 8 9 MCS 0 20 40 60 80 100 PDR [%] Clean Filter & Clip Filter & Clip no Max Clip & Filter Clip & Filter no Max
  • 24. Wi-Fi Sensing: Attack on Privacy &Countermeasures Advanced Networking Systems, DII University of Brescia – Italy https://ans.unibs.it/ Renato Lo Cigno ¡Thanks for theAttention!

Editor's Notes

  1. - Describe the scenario - How come we can localize people with WiFi? Not everyone knows it. - STRESS the person does not neet to wear a device
  2. - Describe the scenario - How come we can localize people with WiFi? Not everyone knows it. - STRESS the person does not neet to wear a device - Skip detailed description of the lab here, it comes later
  3. - Very quik presentation, refer to the paper for details
  4. - The figure is just for exemplification, doesn't matter if it has not been obtained with the specific technique of this paper – Highlight on the picture that keeping Principle 3 is not trivial - The formula is used only to refer to the paper for the math
  5. Explain that there are collisions due to the missing MAC in the SDR
  6. Highlight that maximum obfuscation obtained with rule of thumb ruins communications, but does not destroy them
  7. Stress that this correction is a first attempt based on the observation that clipping at the very end may introduce high frequency components, and even this "small correction" leads to very good results.