Security Analysis of WiFi-based Sensing Systems: Threats from Perturbation Attacks

TL;DR

This work analyzes the security of WiFi-based sensing systems against adversarial perturbations and introduces WiIntruder, a practical black-box attack that is universal across models, robust to over-the-air distortions, and stealthy through surrogate diversification. The authors formalize a perturbation generation framework that emphasizes cross-model transferability by perturbing state-specific features while accounting for desynchronization and propagation effects with PSO optimization and an energy-based GAN for diverse surrogates. Extensive experiments across gesture recognition, respiratory monitoring, user authentication, and indoor localization show substantial performance degradation, including gesture accuracy collapsing to 9.2%, demonstrating a real threat to common WiFi sensing services. The study also provides defense directions, such as adversarial training and protocol-level measures to reduce information leakage from LTS fields, underscoring the need for robust security designs in WiFi-based sensing deployments.

Abstract

Deep learning technologies are pivotal in enhancing the performance of WiFi-based wireless sensing systems. However, they are inherently vulnerable to adversarial perturbation attacks, and regrettably, there is lacking serious attention to this security issue within the WiFi sensing community. In this paper, we elaborate such an attack, called WiIntruder, distinguishing itself with universality, robustness, and stealthiness, which serves as a catalyst to assess the security of existing WiFi-based sensing systems. This attack encompasses the following salient features: (1) Maximizing transferability by differentiating user-state-specific feature spaces across sensing models, leading to a universally effective perturbation attack applicable to common applications; (2) Addressing perturbation signal distortion caused by device synchronization and wireless propagation when critical parameters are optimized through a heuristic particle swarm-driven perturbation generation algorithm; and (3) Enhancing attack pattern diversity and stealthiness through random switching of perturbation surrogates generated by a generative adversarial network. Extensive experimental results confirm the practical threats of perturbation attacks to common WiFi-based services, including user authentication and respiratory monitoring.

Figures (15)

• Figure 1: Attack scenario of WiIntruder: perturbation signals emitted from an attacker (Eve) to contaminate authentic ones (and hence CSIs) between one legitimate transmitter (Bob) to one receiver (Alice), thereby misleading sensing models to output false results.
• Figure 2: Perturbation signals ${\delta_1}$ and ${\delta_2}$ utilized to contaminate authentic CSI amplitude and phase patterns in four common sensing applications, showing that ${\delta_2}$ offers the superior attack performance.
• Figure 3: High-level features and their containmated versions corresponding to the random perturbation ${\delta_1}$ and the optimized one ${\delta_2}$, in (a) gesture recognition, (b) respiratory monitoring, (c) user authentication, and (d) indoor localization.
• Figure 4: The archiectural overview of WiIntruder, showing the process of utilizing public sensing models and data as the raw material to remould random perturbations with three merits to launch practical attacks.
• Figure 5: Illustration of importance weight-driven perturbation optimization.