Quantifying an Interference-Assisted Signal Strength Breathing Surveillance Attack

Abstract

A malicious attacker could, by taking control of internet-of-things devices, use them to capture received signal strength (RSS) measurements and perform surveillance on a person's vital signs, activities, audio in their environment, and other RF sensing capabilities. This paper considers an attacker who looks for periodic changes in the RSS in order to surveil a person's breathing rate. The challenge to the attacker is that a person's breathing causes a low amplitude change in RSS, and RSS is typically quantized with a significantly larger step size. This paper contributes a lower bound on an attacker's breathing monitoring performance as a function of the RSS step size and sampling frequency so that a designer can understand their relationship. Our bound considers the little-known and counter-intuitive fact that an adversary can improve their sinusoidal parameter estimates by making some devices transmit to add interference power into the RSS measurements. We demonstrate this capability experimentally. As we show, for typical transceivers, the RSS surveillance attack can monitor RSS with remarkable accuracy. New mitigation strategies will be required to prevent RSS surveillance attacks.