Hiding Signal Strength Interference from Outside Adversaries

Mingxuan Han University of Utah
School of Computing
Email: [email protected] Jeff M. Phillips University of Utah
School of Computing
Email: [email protected] Sneha Kumar Kasera University of Utah
School of Computing
Email: [email protected]

Abstract

The presence of people can be detected by passively observing the signal strength of Wifi and related forms of communication. This paper tackles the question of how and when can this be prevented by adjustments to the transmitted signal strength, and other similar measures. The main contribution of this paper is a formal framework to analyze this problem, and the identification of several scenarios and corresponding protocols which can prevent or limit the inference from passive signal strength snooping.

I Introduction

Wifi is the dominant last leg of connecting devices to the internet, and is ubiquitous in households and businesses. However, recent work [22, 17, 13] has shown that these wifi signals can leak the location of occupants in those homes and businesses, even if the occupants are passive and do not have devices sending signals. The presence of a person can reduce the Wifi signal strength, and an adversary outside of a home or business can detect this reduction, inferring the presence and even location of the person.

This paper examines if and when it is possible to prevent the leaking of the presence of a person using only passive reduced signal strength of Wifi and other wireless transmissions. Different from, for instance, [8, 7], we assume the messages can be encrypted, and for high security settings equipment can even continually fill the channel with messages in a regular (or random) pattern to avoid detection of the presence of signals. The only information leaked is the magnitude of the signals.

This is a challenging domain with many possible strategies an adversary could use [12, 6, 23, 18]. As such, this paper starts with a very simple model where a formal analysis can be developed. Then it builds on these basic ideas to create a more comprehensive array of possible modeling assumptions. The first model is in 1 dimension where the sender has full information, then when the model does not know if a person interferes or not. We ultimately consider 2-dimensional (spatial) models, and if the sender knows the state of potentially interfering people or adversaries. We empirically demonstrate the effectiveness of our models in the simple controlled scenarios. While these models do not reach the specification of the transmission protocol and hardware devices, they develop a characterization of which factors are essential to models, and which are less pertinent.

Hence, the main contribution of this paper is the formalization of how to protect against signal strength inference attacks, which outcomes are possible, and a series of modeling assumptions and corresponding protocols and analysis to protect against inference. Our methods are based on information theoretic and statistical information arguments, and given modeling assumptions are impervious to any adversarial attack, or show a certain amount of transmissions must be made before the presensence of the person can be identified with sufficient (e.g., $95\%$ ) confidence.

I-A Related Works

Previous related work mostly provides methods to detect the presence of people using RSS or similar signals. This includes work based on the moving average [22], and similar to our noisy model, claims there is detection if the moving average is greater than some threshold. Abid et.al. [3] shows that witrack, a system that tracks the 3D motion of a user from the radio signals reflected off a body, can localize the center of a human body to within a about 10 to 13 cm. This group also shows [4] that they can track a human by treating the motion of a human body as an antenna array and tracking the resulting RF beam and show how one can use MIMO (Multiple Input Multiple Output) interference nulling to eliminate reflections off static objects and focus the receiver on a moving target.

Another line of work related to statistical inference in signal strength [19] estimates the parameters of a single-frequency complex tone from a finite number of noisy discrete-time observations. Moschitta et.al. [15] provide a Cramer-Rao Lower Bound (CRLB) for the parametric estimation of quantized sinewaves. Similarly, Abrar et.al. [2] contributes a CRLB on an attacker’s monitoring performance as a function of the RSS step size and sampling frequency. Similar models use change point detection statistics [20], information theory and signal processing problem [10, 14], or machine learning [5, 1].

In contrast our work provides a rigorous framework for characterizing when a person might or statistically cannot be detected by any method, or bounds the rate of potential detection up to some statistical confidence. A different tact to characterizing when detection is or is not possible uses game-theoretic approaches [16, 9, 21], as opposed to our statistical/information theory approach.

II Structural Properties

We begin with some basic properties about distributions which will guide our characterization of various scenarios and the corresponding protocols. The “signal” is a bit $b$ , if a person interferes with a signal ( $b=1$ ) or not ( $b=0$ ). We identify three cases: when the scenarios are completely indistinguishable, when it must be one of the scenarios and not the other, and when it is not immediately clear, but the adversary gains information favoring one or the other. In this last scenario, we quantify how much information the adversary gains, and then if $n$ readings are made in an iid fashion, when the adversary can reach a certain amount of confidence about one scenario or the other. This reduces to the expectation under a distribution $\mu$ , denoted ${\bf{\mathsf{E}}}_{\mu}$ , of the Kullback-Liebler (KL) divergence between certain distributions, denoted $\mathrm{KL}(\cdot\mid\mid\cdot)$ .

Lemma II.1.

Consider a set $X$ of observations from one of the two distributions $f_{1}(\cdot)$ amd $f_{2}(\cdot)$ , which are characterized by different parameters say $\mu_{1}$ , $\mu_{2}$ . If we are interested in either $X\sim f_{1}(x\mid\mu_{1})$ or $X\sim f_{2}(x\mid\mu_{2})$ , the problem can be divided into three cases:

•

Case 1 (perfect hiding): If $\mu_{1}=\mu_{2}$ then naturally $X\sim f(X\mid\mu_{1})\buildrel d\over{=}f(X\mid\mu_{2})$ and we cannot distinguish that $X$ are drawn from $f(X\mid\mu_{1})$ or $f(X\mid\mu_{2})$ .
•

Case 2 (noisy hiding): If $\mu_{1}\neq\mu_{2}$ and the logarithm of the likelihood ratio satisfies

$\displaystyle M=\ln(\frac{L(X\mid\mu_{1})}{L(X\mid\mu_{2})})\leq\ln(\frac{1-p}{p}),$

we can distinguish with more than $1-p$ confidence that $X$ is from $f_{1}(X\mid\mu_{1})$ rather than $f_{2}(X\mid\mu_{2})$ . If $X\sim\mu_{1}$ , then this holds in expectation if it contains $n$ iid samples, and ${\bf{\mathsf{E}}}_{\mu_{1}}(M)=n\cdot\mathrm{KL}(f_{1}(\mu_{1})\mid\mid f_{2}(\mu_{2}))$ , only if $n>\frac{\ln\frac{1-p}{p}}{\mathrm{KL}(f_{1}(X\mid\mu_{1})\mid\mid f_{2}(X\mid\mu_{2}))}$ .
•

Case 3 (immediate detection): If for any observation $x\in X$ , $\text{L}(x\mid\mu_{2})=0$ or $\text{L}(x\mid\mu_{1})=0$ , we can immediately distinguish from which distribution $X$ is drawn.

Proof.

Case 1 and 3 are immediate. For the Case 2 the logarithm of the likelihood ratio is defined as $M=\ln(\frac{L(X\mid\mu_{1})}{L(X\mid\mu_{2})}).$ If the $X\sim\mu_{1}$ then

\displaystyle{\bf{\mathsf{E}}}_{\mu_{1}}(M)={\bf{\mathsf{E}}}_{\mu_{1}}\left(\sum_{i=1}^{n}\ln(\frac{L(x_{i}\mid\mu_{1})}{L(x_{i}\mid\mu_{2})})\right).

Since $x_{i}$ are i.i.d. and by the definition of KL-divergence,

	$\displaystyle{\bf{\mathsf{E}}}_{\mu_{1}}(M)$	$\displaystyle=n\cdot{\bf{\mathsf{E}}}_{\mu_{1}}(\ln(\frac{L(x_{i}\mid\mu_{1})}{L(x_{i}\mid\mu_{2})}),$
		$\displaystyle=n\cdot\mathrm{KL}(f_{1}(x\mid\mu_{1})\mid\mid f_{2}(x\mid\mu_{2})).$

We can understand the likelihood ratio by normalizing the numerator, denominator pair so $\ln\frac{1-p}{p}$ ; then if $p=0.05$ then we can think the confidence that $X$ comes from $f_{1}(x\mid\mu_{1})$ is $0.95$ and the confidence that $X$ comes from $f_{2}(x\mid\mu_{2})$ is $0.05$ . Hence, if $M\leq\ln((1-p)/p)$ then with at most $1-p$ confidence that $X$ are drawn from $f_{1}(x\mid\mu_{1})$ . Hence by contrapositive, in expectation only if $n>\frac{\ln\frac{1-p}{p}}{\mathrm{KL}(f_{1}(x\mid\mu_{1})\mid\mid f_{2}(x\mid\mu_{2}))}$ can we say with more than $1-p$ confidence that $X\sim f_{1}(x\mid\mu_{1})$ . ∎

II-A Special cases on the Case 2: Noisy Hiding

Now we analyze two specifications of Case 2 in Lemma II.1: when $f_{1}$ and $f_{2}$ are Laplace or Normal. Recall $\mathsf{Lap}(\mu,\sigma)$ at value $x$ has the form $\exp(-|x-\mu|/\sigma)$ , and $\mathsf{Normal}(\mu,\sigma)$ at value $x$ has the form $\exp(-(x-\mu)^{2}/2\sigma^{2})$ , each with a different normalizing constant, which will not play a role in our analysis, so is omitted for simplicity.

Corollary II.1.1.

Consider when a set $X$ of observations is from either $\mathsf{Lap}(\mu_{1},\sigma)$ or $\mathsf{Lap}(\mu_{2},\sigma)$ , where $\mu_{2}-\mu_{1}=\delta>0$ . If $X$ is from $\mathsf{Lap}(\mu_{1},\sigma)$ , then at least $n>\ln(\frac{1-p}{p})\frac{\sigma}{\delta}$ iid observations are needed for than $(1-p)\cdot 100\%$ confidence.

Proof.

According to Case 2 in Lemma II.1, we have

	$\displaystyle M$	$\displaystyle=\ln(\frac{L(X\mid\mu_{1})}{L(X\mid\mu_{2})})=\sum_{i=1}^{n}\ln\frac{\exp(-\frac{\|x_{i}-\mu_{1}\|}{\sigma})}{\exp(-\frac{\|x_{i}-\mu_{2}\|}{\sigma})}.$
		$\displaystyle=\sum_{i=1}^{n}\ln\left(\exp(-\|x_{i}-\mu_{1}\|/\sigma)\right)+\ln\left(\exp(\|x_{i}-\mu_{2}\|/\sigma)\right)$
		$\displaystyle=\frac{1}{\sigma}\sum_{i=1}^{n}(\|x_{i}-\mu_{2}\|-\|x_{i}-\mu_{1}\|)\leq\frac{n}{\sigma}\|\mu_{1}-\mu_{2}\|=n\frac{\delta}{\sigma}.$

Thus, if $n\leq M\sigma/\delta$ then the likelihood ratio is at most $M$ . If the likelihood ratio $M\leq\ln((1-p)/p)$ then with at most probability $1-p$ that $X$ is from $\mathsf{Lap}(\mu_{1},\sigma)$ . Hence, by contrapositive, only if $n>\ln(\frac{1-p}{p})\sigma/\delta$ can we say with more than $1-p$ confidence that $X$ is from $\mathsf{Lap}(\mu_{1},\sigma)$ . ∎

For the Laplace distribution, we do not need to take expectation with respect to true distribution. We can rather get an upper bound approximation for the logarithm of the likelihood ratio $M$ by the triangle inequality shown in the proof, which cannot be achieved by other distributions, such as Gaussian.

Corollary II.1.2.

Consider if a set $X$ of observations is from either $\mathsf{Normal}(\mu_{1},\sigma_{1})$ or $\mathsf{Normal}(\mu_{2},\sigma_{2})$ . If $X$ is truly from $\mathsf{Normal}(\mu_{1},\sigma_{1})$ , let $\eta_{1}=\frac{\sigma_{2}}{\sigma_{1}}$ and $\eta_{2}=\frac{\mu_{2}-\mu_{1}}{\sigma_{2}},$ then in expectation at least $n>\frac{\ln(\frac{1-p}{p})}{\frac{\eta_{2}^{2}-1}{2}+\ln(\eta_{1})+\frac{1}{2\eta_{1}^{2}}}$ iid observations are needed for than $(1-p)\cdot 100\%$ confidence.

Proof.

According to Case 2 in II.1 we know that we need $n>\frac{\ln\frac{1-p}{p}}{\mathrm{KL}(f(x\mid\mu_{1})\mid\mid f(x\mid\mu_{2}))}$ iid observations, and

	$\displaystyle\mathrm{KL}(\mathsf{Normal}(\mu_{1},\sigma_{1})$	$\displaystyle\mid\mid\mathsf{Normal}(\mu_{2},\sigma_{2}))$
	$\displaystyle=$	$\displaystyle\frac{(\mu_{1}-\mu_{2})^{2}+\sigma_{1}^{2}-\sigma_{2}^{2}}{2\sigma_{2}^{2}}+\ln(\frac{\sigma_{2}}{\sigma_{1}}),$
	$\displaystyle=$	$\displaystyle\frac{\eta_{2}^{2}-1}{2}+\ln(\eta_{1})+\frac{1}{2\eta_{1}^{2}}.$

Hence at least $n>\frac{\ln(\frac{1-p}{p})}{\frac{\eta_{2}^{2}-1}{2}+\ln(\eta_{1})+\frac{1}{2\eta_{1}^{2}}}$ iid observations are needed to conclude with more than $(1-p)\cdot 100\%$ confidence. ∎

A special case for Corollary II.1.2 is when $\sigma_{1}=\sigma_{2}=\sigma$ and we denote $\eta=\frac{1}{\eta_{2}}=\frac{\sigma}{\mu_{2}-\mu_{1}}.$ Thus, by some simple algebra we know that if $X$ is from $\mathsf{Normal}(\mu_{1},\sigma)$ , then in expectation at least $n>2\ln(\frac{1-p}{p})\eta^{2}$ iid observations are needed for more than $(1-p)\cdot 100\%$ confidence.

III The Basic Shift Models

We first consider a case with a single sender $x\in\mathbb{R}$ and a single adversary $a\in\mathbb{R}$ in the one-dimensional domain along the line of sight between them. The sender will be communicating (e.g., via wifi) and may encrypt signal content, but can not hide the signal strength, and the adversary can measure this amplitude.

The unimpeded signal presents a larger amplitude the closer it is to the sender, and so the amplitude measured by an adversary $a$ is a function of the initial magnitude $\alpha$ used by the sender, and the distance between them $|x-a|$ . We restrict that the sender can produce signals in range $[0,M]$ , with maximum signal strength $M$ . While our protocols can be adapted to any known (or learned) decay function, for simplicity in this model we will assume a linear decay of the observed signal

s_{x,\alpha}(a,b=0)=\max\{0,\alpha-c\|x-a\|\}.

Here $c$ is the fixed linear decay rate, and $b=0$ (no person) indicates no interference by a person. We next explore a few models and associated protocols so if $b=1$ (exists person), which can prevent an adversary from knowing the bit. Here we assume the sender knows this bit $b$ .

III-A Constant Offset Interference

In our first model, we assume that the presence of a person ( $b=1$ ) creates a constant $\delta$ decrease in the observed signal. We can write the observed signal strength as

s_{x,\alpha}(a,p=1)=\max\{0,\alpha-c\|x-a\|-\delta\}.

Refer to caption — Figure 1: Example of signal strength for constant offset model, and shift protocol.

Our goal is to modulate the signal strength patter so that adversary cannot infer the person bit $b$ . The Shift Protocol is

•

If there is no person interfering with the signal ( $b=0$ ), the sender emits a signal with strength $M-\delta$ .
•

If there is a person interfering with the signal ( $b=1$ ), the sender emits a signal with strength $M$ .

Theorem III.1.

Under the Shift Protocol the adversary receives the same signal strength if a person interfering with the signal ( $b=1$ ) or not ( $b=0$ ), so it achieves perfect hiding.

Proof.

If $b=0$ , signal strength is $M-\delta$ ; the signal received

s=s_{x,M-\delta}(a,b=0)=\max\{0,(M-\delta)-c\|x-a\|\}.

If $b=1$ the sent signal strength is $M$ ; the signal received is

s^{\prime}=s_{x,M}(a,b=1)=\max\{0,M-c\|x_{i}-a\|-\delta\}.

And thus the observed signals $s^{\prime}=s$ are identical. ∎

III-B The Random Shift Protocol

We generalize this model and protocol so the person’s interference effect is not fixed, but is a random function $f$ . We consider for $f$ any known discrete or one-sided truncated version (like truncated normal) or only with non-negative domain (like beta) continuous distributions from location-scale family¹¹1Location scale family distribution includes almost all common seen distributions like any distribution in the exponential family or some distribution not in the exponential family, say Cauchy distribution. with a known mean denoted as $\mu$ and variance $\sigma$ ,

\displaystyle\delta\sim f\;\;\;\;\text{or}\;\;\;p(\delta=y)=f_{\mu,\sigma}(y),

where $p$ denote the pdf or pmf of distribution $f$ . In this model we only consider $f$ with non-negative domain. The Random Shift Protocol is

•

If there is a person interfering ( $b=1$ ), the sender emits a signal with strength $M$ .
•

If there is no person interfering ( $b=0$ ), the sender emits a signal with strength $M-y$ , where $y$ is random as $y\sim f$ .

Theorem III.2.

Under the Random Shift Protocol, $S(a)\overset{d}{=}S^{\prime}(a)$ , so this achieves perfect hiding.

Proof.

Notice that, each $s_{t}(a)\in S(a)$ follows $s_{t}(a)=M-\delta$ where, $\delta\sim f$ . Hence for the two cases ( $p=0$ and $p=1$ , respectively), for each time $t$ , satisfy

	$\displaystyle s_{t}(a)$	$\displaystyle=M-\delta\text{ with }\delta\sim f$
	$\displaystyle s^{\prime}_{t}(a)$	$\displaystyle=M-y\text{ with }y\sim f.$

So we have $S(a)\overset{d}{=}S^{\prime}(a)$ , no matter distribution $f$ . ∎

IV Random Noise Models for Unknown Interference

The Basic Shift Models allowed for Case 1 (perfect hiding) in Lemma II.1. This notably require that the sender knows if a person is interfering. In this section we focus on when the sender does not know the $b$ bit, indicating interference. In this setting, we are not able to achieve perfect hiding, and instead settle for noisy hiding (Case 2 in Lemma II.1).

For simplicity, we analyze the constant offset interference model with reduction of $\delta$ , with a linear decay with constant $c$ . Although, this can again be generalized to other decay and interference models.

The approach will be to inject noise into signal strength chosen by the sender. We will investigate a few types of noise, and how much is required to achieve various guarantees.

IV-A Laplace Noise Model

In this setting, the sender uses signal strength chosen under a Laplacian noise model $\mathsf{Lap}(\mu,\sigma)$ . If a person is interfering with the signal ( $b=1$ ), the observed signal is reduced by $\delta$ , and is equivalent to using Laplacian noise with $\mathsf{Lap}(\mu^{\prime}_{1},\sigma)$ with $\mu^{\prime}_{1}=\mu-\delta$ . Then an adversary would observe data from a distribution with a reduced mean, that is from $\mathsf{Lap}(\mu_{1},\sigma)$ or $\mathsf{Lap}(\mu_{0},\sigma)$ with $\mu_{1}=\mu^{\prime}_{1}-c\|x-a\|$ and $\mu_{0}=\mu-c\|x-a\|$ . Ultimately, the key parameter is $\delta=\mu_{0}-\mu_{1}=\mu-\mu^{\prime}_{1}$ . A unit-less parameter $\eta=\sigma/\delta$ captures the needed characteristic of this problem; refer to this as the $\eta$ -Laplace setting.

Theorem IV.1.

In the $\eta$ -Laplace setting, if $b=1$ , then the adversary needs at least $n=\ln(\frac{1-p}{p})\eta$ readings for $(1-p)\cdot 100\%$ confidence in the value of $b$ .

Proof.

If $b=1$ , the signal strength readings received by the adversary follow $\mathsf{Lap}(\mu_{1},\sigma)$ , or $\mathsf{Lap}(\mu_{0},\sigma)$ if $b=0$ . Hence by applying Corollary II.1.1, if $b=1$ , the adversary needs at least $n>\ln(\frac{1-p}{p})\eta$ readings to conclude with more than $(1-p)\cdot 100$ percent confidence the value $b$ . ∎

This approach where we can derive a bound without any probabilistic notions other than confidence is a special result of the Laplace distribution having an upper bound of their log-likelihoods being exactly $(\mu_{1}-\mu_{2})/\sigma$ , similar to the Laplace mechanism in differential privacy [11]. For other sorts of distributions (e.g., Normal), this is not the case, and we will need to state the bounds in expectation.

IV-B Normal Noise Model

Now we consider when the sender injects normal $\mathsf{Normal}(\mu,\sigma)$ noise into the signal strength. Again the interference of a person ( $b=1$ ) is modeled as decreasing the observed signal by $\delta$ . As a result an adversary would observe one of two distributions $\mathsf{Normal}(\mu_{0},\sigma)$ for $b=0$ or $\mathsf{Normal}(\mu_{1},\sigma)$ for $b=1$ , where $\mu_{0}-\mu_{1}=\delta$ . Again we analyze a unit-less parameter $\eta=\sigma/\delta$ in this so-called $\eta$ -Normal setting.

Theorem IV.2.

In the $\eta$ -Normal setting, if $b=1$ , then in expectation the adversary needs at least $n=2\ln(\frac{1-p}{p})\eta^{2}$ readings for $(1-p)\cdot 100\%$ in the value of $b$ .

Proof.

If $b=1$ , the adversary observes data from $\mathsf{Normal}(\mu_{1},\sigma)$ , otherwise ( $b=0$ ) they observe data from $\mathsf{Normal}(\mu_{0},\sigma)$ . Via Corollary II.1.2, the $\eta$ -Normal setting is exactly the special case when $\sigma_{1}=\sigma_{2}=\sigma$ . Thus if there is an interfering person, in expectation the adversary needs at least $n>2\ln(\frac{1-p}{p})\eta^{2}$ readings for $(1-p)\cdot 100\%$ confidence the existence of the person. ∎

IV-C Normal Noise and Normal Interference Model

Now we analyze when the sender injects normal noise and the effect of the person also follows a normal distribution. This specific case demonstrates the general principal of how these protocols and analysis can handle noise that materialize at several spots in the broadcast, interference, and sensing process – surely noise is introduced elsewhere as well.

Specifically, the sender chooses signal strength from $\mathsf{Normal}(\mu,\sigma)$ , and a person’s interference results in a decrease in signal strength by $\mathsf{Normal}(\mu_{I},\sigma_{I})$ . Define $\sigma_{1}=\sqrt{\sigma^{2}+\sigma_{I}^{2}}$ and two unitless parameters $\eta=\sigma_{1}/\mu_{I}$ and $\eta^{\prime}=\sigma_{1}/\sigma$ . We refer to this as the $(\eta,\eta^{\prime})$ -Normal setting.

Theorem IV.3.

In the $(\eta,\eta^{\prime})$ -Normal setting, if $b=1$ , then in expectation the adversary needs at least $n>\frac{\ln(\frac{1-p}{p})}{\frac{(1/\eta)^{2}-1}{2}+\log(\eta^{\prime})+\frac{1}{2(\eta^{\prime})^{2}}}$ readings to conclude with $(1-p)\cdot 100\%$ the value of $b$ .

Proof.

If $b=1$ , then the observed signal is of the form $\mathsf{Normal}(\mu_{1},\sigma_{1})$ where $\mu_{1}=\mu-\mu_{I}-c\|x-a\|$ , because a convolution of two normals results in another normal with parameters $\mu-\mu_{I}$ and standard deviation $\sigma_{1}$ . Otherwise (the case $b=0$ ), the observed signal by the adversary would be from $\mathsf{Normal}(\mu_{0},\sigma)$ with $\mu_{0}=\mu-c\|x-a\|$ .

By applying Corollary II.1.2, with these normals, we determine that in expectation the adversary needs at least $n>\frac{\ln(\frac{1-p}{p})}{\frac{(1/\eta)^{2}-1}{2}+\log(\eta^{\prime})+\frac{1}{2(\eta^{\prime})^{2}}}$ readings to conclude with more than $(1-p)\cdot 100\%$ confidence the existence of the person. ∎

IV-D Truncated Distributions

This above analysis formalizes how the smaller the KL divergence between two observed signals’ distributions, the harder for an adversary to detect the difference. Intuitively, when the variance of the signal sent out by the communicator is much larger than the variance of the interference, it is hard for the adversary to detect a person. This seems to indicate, we can set $\mu=M$ (the maximum signal strength) and set the variance ( $\sigma^{2}$ ) very large, and avoid losing communication power and make it difficult to detect the presence of a person, since $\sigma\gg\delta$ . However, the signal strength may be limited to $[0,M]$ , and as a result, truncated distributions must be used. We can set the mean $0<\mu<M$ , or more likely $2\sigma<\mu<M-2\sigma$ . Under this restriction, the analysis in Lemma II.1 can be adjusted using appropriately truncated distributions in place of a full Gaussian as in Corollary II.1.2.

V Models in $2$ Dimensions

The situation in 2 dimensions with 1 person and 1 adversary can be reduced to the 1-dimensional setting. If the location of the person and adversary is known ( $b$ is known), this maps to the Basic Shift models in Section III. If the location of the person or adversary is not known ( $b$ is not known), this maps to the Random Noise models in Section III-B.

When there are 2 adversaries and 1 person, the setting is more challenging as one may be interfered with and the other not. Assuming the adversaries collude, this allows them to immediately detect the interference, if the sent signal strength is always the same in all directions. This immediate detection holds even for the Random Noise model as long as the effect of the noise is the same for both adversaries.

To circumvent this obstacle to hiding, we consider using broadcast equipment that can control directional signal strengths (as is commonplace in cell phone towers, and emerging in wifi routers). We consider two models for directional signal strength where hiding results can exist in this setting: very narrow band, and gradual decay.

Very narrow band. In the very narrow band model, the angle in which signal is emitted from the sender is defined by an direction $\theta$ , and only is detectable within a very narrow set of angles $(\theta-\tau,\theta+\tau)$ , for some parameter $\tau$ . If the angle between the two adversaries from the perspective of the sender is greater than $2\tau$ , then hiding protocols exist. At each time point, the sender chooses a random direction to send its signal. Then this can be observed by at most one adversary, and it again reduces to the 1 adversary case.

Gradual decay. A different model does not enforce a very narrow band, but instead assumes that for a fixed direction $\theta$ , the signal strength decays symmetrically in both directions as the angle of the observer becomes further from $\theta$ . Then again if the angle between the adversaries is large enough, a protocol can be designed to hide the interference of a person. In particular, this requires the sender to know if an adversary is interfered with, and that the difference in signal strength received by the two adversaries (because of the angular decay) to be larger than the effect of the interference of the person.

The protocol then is as follows. If there is no interference, direct the signal so its highest signal direction $\theta$ is directly between the two adversaries; use less than the maximum possible strength. If a person interferes with one adversary, then direct the signal closer towards that interfered with adversary and increase the signal strength. If these two parameters (direction and signal strength) are chosen correctly, they can ensure both adversaries receive the same signal as without interference.

Note that in both cases, the most challenging case, which neither can overcome, is when the two adversaries are in a very similar direction from the sender, but are separated enough so a person can interfere with one but not the other. From one perspective, this provides a perhaps surprisingly useful setup for a pair of colluding adversaries. From another perspective, this model may be problematic since a person’s interference with an adversary may not be so binary, and may be diffuse within a range. If this contributes to a random distribution, some version of the noisy hiding analysis may be applicable.

Handling more than 2 adversaries is challenging in the gradual decay model because trying to solve for a setting that retains the same signal strength for 3 adversaries when there are only 2 degrees of freedom (signal strength and angular direction) is, in general, not possible.

VI Experiments on Noisy Hiding

We perform simulations on the noisy hiding model under Laplace distribution and normal distribution for different values of the ratio between standard deviation $\sigma$ and the strength of the interference effect $\delta$ . For each value of the ratio ( $\frac{\sigma}{\delta}=3,6,9$ ) we draw $1000$ random numbers coming from the specified distribution ( $\mathsf{Lap}(\mu,\sigma)$ or $\mathsf{Normal}(\mu,\sigma)$ ). Then we calculate the likelihoods of the random sample drawn from the true distribution $\mathsf{Lap}(\mu,\sigma)$ and another hypothetical distribution $\mathsf{Lap}(\mu-\delta,\sigma)$ , and then the logarithm of the likelihood ratio between these two likelihoods. Our theoretical results indicates that the confidence to determine if the samples come from the true distribution rather than hypothetical distribution would be increased as the sample size increases. We perform $10$ trials for each value of the ratio, and compute the resulting confidence (via confidence = $1/(\exp(\textsf{LLR})-1)$ ); and report its average and standard deviation. For each ratio $\frac{\sigma}{\delta}$ , we vary the number of readings from $100$ to $1000$ , and plot the mean and error bars (showing one standard deviation) in Figure 3. For instance when $\sigma/\delta=6$ , then it usually requires between $500$ and $800$ readings to reach $95\%$ confidence. Although the Laplace distribution has a better theoretical bound (because of convenient mathematical properties), the normal empirically requires fewer trials to reach high confidence.

VII Discussion & General Strategies

We propose new models and protocols to prevent an adversary snooping on the strength of a signal and detecting the presence of a person. Depending on if the interference is known, the presence can either be perfectly hidden, or hidden for a number of rounds with a statistical confidence bound. If the potentially interfering person collaborates with sender, and knows the protocol, it could potentially determine if it interferes with high confidence before a non-collaborating adversary, and shift to a perfect hiding strategy.

The models proposed in the paper are quite general. We omitted some potential specifications – they become tedious quickly – but results will not deviate too much from the general theorems/properties we produce in Section II. For instance, in observing real signal strength decay, they do not decay at a linear rate, the effect of a person blocking does decrease it but the effect is not binary (block or not block), and the fixed structures (like walls) in the environment play a role. When these can be modeled (or learned), very similar statements can be made as simple corollaries of our main results. When they cannot be modeled effectively or precisely, the fix is essentially to add more noise that the sender is not aware of, and the extensions appear much like Theorem IV.3.

For instance, some spatial (2-dimensional) settings with several colluding adversaries may seem hopeless, resulting in immediate detection. But this assumes perfect information and noiseless sensing among adversaries. Noise in the process may lead to something like the noisy hiding scenario in practice.

These methods reduce communication rates, since a lower than maximum signal strength is used. In the noisy hiding, we bound the probability an adversary can determine the bit $b$ indicating if a person is interfering with the signal or not. Hence we must set up the mean of the distribution of the signal strength, say $\mu$ , which is lower than the maximal signal strength, say $M$ , and the power utilization is roughly $\mu/M$ . As discussed, how large $\mu$ can be set depending on $\sigma$ (i.e. variance of the noise), since we desire that $M-\mu>2\sigma$ or $>3\sigma$ so that the truncation of a normal (or Laplace) distribution insignificantly changes the KL divergence. In turn, this value of $\sigma$ should be roughly proportional to $\delta$ (i.e. person effect). Since again, it is common that the interference effect of a person $\delta$ is much less than $M$ , this change in power utilization should generally be tolerable.

References

[1] M. Abbas, M. Elhamshary, H. Rizk, M. Torki, and M. Youssef. Wideep: Wifi-based accurate and robust indoor localization system using deep learning. In 2019 IEEE International Conference on Pervasive Computing and Communications (PerCom, pages 1–10, 2019.
[2] A. S. Abrar, N. Patwari, and S. K. Kasera. Quantifying interference-assisted signal strength surveillance of sound vibrations, 2020.
[3] F. Adib, Z. Kabelac, D. Katabi, and R. C. Miller. 3d tracking via body radio reflections. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), pages 317–329, Seattle, WA, Apr. 2014. USENIX Association.
[4] F. Adib and D. Katabi. See through walls with wifi! SIGCOMM Comput. Commun. Rev., 43(4):75–86, Aug. 2013.
[5] P. Bahl and V. N. Padmanabhan. Radar: an in-building rf-based user location and tracking system. In Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064), volume 2, pages 775–784 vol.2, 2000.
[6] A. Baset, C. Becker, K. Derr, S. Ramirez, S. Kasera, and A. Bhaskara. Towards wireless environment cognizance through incremental learning. In 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pages 256–264, 2019.
[7] B. A. Bash, D. Goeckel, D. Towsley, and S. Guha. Hiding information in noise: fundamental limits of covert wireless communication. IEEE Communications Magazine, 53(12):26–31, 2015.
[8] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin. Wireless information-theoretic security. IEEE Transactions on Information Theory, 54(6):2515–2534, 2008.
[9] M. Brown, B. An, C. Kiekintveld, F. Ordóñez, and M. Tambe. An extended study on multi-objective security games. Autonomous Agents and Multi-Agent Systems, 28, 01 2014.
[10] T. M. Cover and J. A. Thomas. Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing). Wiley-Interscience, USA, 2006.
[11] C. Dwork. Differential privacy: A survey of results. In International conference on theory and applications of models of computation, pages 1–19. Springer, 2008.
[12] S. Hussain, R. Peters, and D. Silver. Using received signal strength variation for surveillance in residential areas. Proceedings of SPIE - The International Society for Optical Engineering, 6973, 03 2008.
[13] O. Kaltiokallio, M. Bocca, and N. Patwari. Follow @grandma: Long-term device-free localization for residential monitoring. In 37th Annual IEEE Conference on Local Computer Networks - Workshops, pages 991–998, 2012.
[14] S. M. Kay. Fundamentals of Statistical Signal Processing: Estimation Theory. Prentice-Hall, Inc., USA, 1993.
[15] A. Moschitta and P. Carbone. Cramer-rao lower bound for parametric estimation of quantized sinewaves. In Proceedings of the 21st IEEE Instrumentation and Measurement Technology Conference (IEEE Cat. No.04CH37510), volume 3, pages 1724–1729 Vol.3, 2004.
[16] P. Paruchuri, J. P. Pearce, M. Tambe, F. Ordonez, and S. Kraus. An efficient heuristic approach for security against multiple adversaries. In Proceedings of the 6th International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS ’07, New York, NY, USA, 2007. Association for Computing Machinery.
[17] N. Patwari and J. Wilson. Rf sensor networks for device-free localization: Measurements, models, and algorithms. Proceedings of the IEEE, 98(11):1961–1973, 2010.
[18] N. Patwari, J. Wilson, S. Ananthanarayanan, S. K. Kasera, and D. R. Westenskow. Monitoring breathing via signal strength in wireless networks. IEEE Transactions on Mobile Computing, 13(8):1774–1786, 2014.
[19] D. Rife and R. Boorstyn. Single tone parameter estimation from discrete-time observations. IEEE Transactions on Information Theory, 20(5):591–598, 1974.
[20] C. Truong, L. Oudre, and N. Vayatis. A review of change point detection methods. CoRR, abs/1801.00718, 2018.
[21] P. M. Wijewardena, A. Bhaskara, S. K. Kasera, S. A. Mahmud, and N. Patwari. A plug-n-play game theoretic framework for defending against radio window attacks. WiSec ’20, page 284–294, New York, NY, USA, 2020. Association for Computing Machinery.
[22] M. Youssef, M. Mah, and A. Agrawala. Challenges: Device-free passive localization for wireless environments. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking, MobiCom ’07, page 222–229, New York, NY, USA, 2007. Association for Computing Machinery.
[23] Y. Zhu, Y. Ju, B. Wang, J. Cryan, B. Y. Zhao, and H. Zheng. Wireless side-lobe eavesdropping attacks, 2018.

	$\displaystyle M$	$\displaystyle=\ln(\frac{L(X\mid\mu_{1})}{L(X\mid\mu_{2})})=\sum_{i=1}^{n}\ln\frac{\exp(-\frac{\|x_{i}-\mu_{1}\|}{\sigma})}{\exp(-\frac{\|x_{i}-\mu_{2}\|}{\sigma})}.$
		$\displaystyle=\sum_{i=1}^{n}\ln\left(\exp(-\|x_{i}-\mu_{1}\|/\sigma)\right)+\ln\left(\exp(\|x_{i}-\mu_{2}\|/\sigma)\right)$
		$\displaystyle=\frac{1}{\sigma}\sum_{i=1}^{n}(\|x_{i}-\mu_{2}\|-\|x_{i}-\mu_{1}\|)\leq\frac{n}{\sigma}\|\mu_{1}-\mu_{2}\|=n\frac{\delta}{\sigma}.$

Hiding Signal Strength Interference from Outside Adversaries

Abstract

I Introduction

I-A Related Works

II Structural Properties

Lemma II.1.

Proof.

II-A Special cases on the Case 2: Noisy Hiding

Corollary II.1.1.

Proof.

Corollary II.1.2.

Proof.

III The Basic Shift Models

III-A Constant Offset Interference

Theorem III.1.

Proof.

III-B The Random Shift Protocol

Theorem III.2.

Proof.

IV Random Noise Models for Unknown Interference

IV-A Laplace Noise Model

Theorem IV.1.

Proof.

IV-B Normal Noise Model

Theorem IV.2.

Proof.

IV-C Normal Noise and Normal Interference Model

Theorem IV.3.

Proof.

IV-D Truncated Distributions

V Models in 22 Dimensions

VI Experiments on Noisy Hiding

VII Discussion & General Strategies

References

V Models in $2$ Dimensions