学术文献库

A malicious attacker could, by taking control of internet-of-things devices, use them to capture received signal strength (RSS) measurements and perform surveillance on a person's vital signs, activities, and sound in their environment. This article considers an attacker who looks for subtle changes in the RSS in order to eavesdrop sound vibrations. The challenge to the adversary is that sound vibrations cause very low amplitude changes in RSS, and RSS is typically quantized with a significantly larger step size. This article contributes a lower bound on an attacker's monitoring performance as a function of the RSS step size and sampling frequency so that a designer can understand their relationship. Our bound considers the little-known and counter-intuitive fact that an adversary can improve their sinusoidal parameter estimates by making some devices transmit to add interference power into the RSS measurements. We demonstrate this capability experimentally. As we show, for typical transceivers, the RSS surveillance attacker can monitor sound vibrations with remarkable accuracy. New mitigation strategies will be required to prevent RSS surveillance attacks.