research-article

Free Access

RIStealth: Practical and Covert Physical-Layer Attack against WiFi-based Intrusion Detection via Reconfigurable Intelligent Surface

Authors:
Yuxuan Zhou

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

https://orcid.org/0000-0001-5091-4431
View Profile

,
Chenggao Li

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

https://orcid.org/0000-0001-8109-5213
View Profile

,
Huangxun Chen

Huawei, Hong Kong, Hong Kong

Huawei, Hong Kong, Hong Kong

https://orcid.org/0000-0002-0313-4421
View Profile

,
Qian Zhang

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

The Hong Kong University of Science and Technology, Hong Kong, Hong Kong

https://orcid.org/0000-0001-9205-1881
View Profile

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor SystemsNovember 2023Pages 195–208https://doi.org/10.1145/3625687.3625790

Published:26 April 2024Publication History

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

Pages 195–208

ABSTRACT

The emerging reconfigurable intelligent surface (RIS) technique introduces novel threats to wireless sensing owing to its channel customization ability. Unlike active radios, the RIS's interference behaves akin to natural reflections, exhibiting a higher level of stealthiness and difficulty in detection. However, the majority of current RIS-based attacks lack generalizability to real-world scenarios, as they assume complete coverage of the RIS over objects and develop their techniques within electromagnetic-controlled environments such as an anechoic chamber. To bridge this gap, we present RIStealth, a practical and covert attack that leverages RIS technology to render a moving individual undetectable by WiFi-based intrusion detection systems in real-life scenarios. RIStealth integrates the strengths of both motion reduction and threshold lifting strategies to address challenges of limited RIS affordability, constrained cooperation in adversary settings, and complex and unpredictable environments. Through real-world evaluations conducted with our RIS prototype, we demonstrate that RIStealth effectively reduces the victim's intrusion detection rate from 95.1% to 16.4%. Our findings shed light on the practical threats posed by RIS, thereby encouraging further countermeasure development.

References

Venkat Arun and Hari Balakrishnan. 2020. RFocus: Beamforming Using Thousands of Passive Antennas.. In NSDI. 1047--1061.Google Scholar
Saeed Bagherinejad and S Mohammad Razavizadeh. 2021. Direction-based jamming detection and suppression in mmWave massive MIMO networks. IET Communications 15, 14 (2021), 1780--1790.Google ScholarDigital Library
Justin Chan, Changxi Zheng, and Xia Zhou. 2015. 3D Printing Your Wireless Coverage. In Proceedings of the 2nd International Workshop on Hot Topics in Wireless (Paris, France) (HotWireless '15). Association for Computing Machinery, New York, NY, USA, 1--5. Google ScholarDigital Library
Lili Chen, Wenjun Hu, Kyle Jamieson, Xiaojiang Chen, Dingyi Fang, and Jeremy Gummeson. 2021. Pushing the Physical Limits of IoT Devices with Programmable Metasurfaces.. In NSDI. 425--438.Google Scholar
Xi Chen, Chen Ma, Michel Allegue, and Xue Liu. 2017. Taming the inconsistency of Wi-Fi fingerprints for device-free passive indoor localization. In IEEE INFOCOM 2017-IEEE Conference on Computer Communications. IEEE, 1--9.Google ScholarCross Ref
Yingying Chen, Wade Trappe, and Richard P Martin. 2007. Attack detection in wireless localization. In IEEE INFOCOM 2007-26th IEEE International Conference on Computer Communications. IEEE, 1964--1972.Google ScholarDigital Library
Qiang Cheng, Lei Zhang, Jun Yan Dai, Wankai Tang, Jun Chen Ke, Shuo Liu, Jing Cheng Liang, Shi Jin, and Tie Jun Cui. 2022. Reconfigurable Intelligent Surfaces: Simplified-Architecture Transmitters---From Theory to Implementations. Proc. IEEE 110, 9 (2022), 1266--1289. Google ScholarCross Ref
Marco Cominelli, Francesco Gringoli, and Renato Lo Cigno. 2022. AntiSense: Standard-compliant CSI obfuscation against unauthorized Wi-Fi sensing. Computer Communications 185 (2022), 92--103.Google ScholarDigital Library
Tie Jun Cui, Shuo Liu, and Lei Zhang. 2017. Information metamaterials and metasurfaces. Journal of materials chemistry C 5, 15 (2017), 3644--3668.Google ScholarCross Ref
Tie Jun Cui, Mei Qing Qi, Xiang Wan, Jie Zhao, and Qiang Cheng. 2014. Coding metamaterials, digital metamaterials and programmable metamaterials. Light: science & applications 3, 10 (2014), e218--e218.Google Scholar
Huijuan Dai, Yongjiu Zhao, Huangyan Li, Jiaqing Chen, Zheng He, and Wenjun Qi. 2019. An ultra-wide band polarization-independent random coding Metasurface for RCS reduction. Electronics 8, 10 (2019), 1104.Google ScholarCross Ref
Linglong Dai, Bichai Wang, Min Wang, Xue Yang, Jingbo Tan, Shuangkaisheng Bi, Shenheng Xu, Fan Yang, Zhi Chen, Marco Di Renzo, et al. 2020. Reconfigurable intelligent surface-based wireless communications: Antenna design, prototyping, and experimental results. IEEE access 8 (2020), 45913--45923.Google Scholar
Enjie Ding, Xiansheng Li, Tong Zhao, Lei Zhang, and Yanjun Hu. 2018. A robust passive intrusion detection system with commodity WiFi devices. Journal of Sensors 2018 (2018).Google Scholar
Manideep Dunna, Chi Zhang, Daniel Sievenpiper, and Dinesh Bharadia. 2020. ScatterMIMO: Enabling virtual MIMO with smart surfaces. In Proceedings of the 26th Annual International Conference on Mobile Computing and Networking. 1--14.Google ScholarDigital Library
Chao Feng, Xinyi Li, Yangfan Zhang, Xiaojing Wang, Liqiong Chang, Fuwei Wang, Xinyu Zhang, and Xiaojiang Chen. 2021. RFlens: Metasurface-Enabled Beamforming for IoT Communication and Sensing. In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking (New Orleans, Louisiana) (MobiCom '21). Association for Computing Machinery, New York, NY, USA, 587--600. Google ScholarDigital Library
Zi Feng, Jianxia Ning, Ioannis Broustis, Konstantinos Pelechrinis, Srikanth V. Krishnamurthy, and Michalis Faloutsos. 2011. Coping with packet replay attacks in wireless networks. In 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks. 368--376. Google ScholarCross Ref
Mohammad-Javad Haji-Ahmadi, Vahid Nayyeri, Mohammad Soleimani, and Omar M Ramahi. 2017. Pixelated checkerboard metasurface for ultra-wideband radar cross section reduction. Scientific Reports 7, 1 (2017), 1--12.Google ScholarCross Ref
Daniel Halperin, Wenjun Hu, Anmol Sheth, and David Wetherall. 2011. Tool release: Gathering 802.11 n traces with channel state information. ACM SIGCOMM computer communication review 41, 1 (2011), 53--53.Google ScholarDigital Library
Jiang Haofeng and Gong Xiaorui. 2019. Wi-Fi Secure Access Control System Based on Geo-fence. In 2019 IEEE Symposium on Computers and Communications (ISCC). 1--6. Google ScholarCross Ref
Yuqian Hu, Muhammed Zahid Ozturk, Beibei Wang, Chenshu Wu, Feng Zhang, and KJ Ray Liu. 2022. Robust Passive Proximity Detection Using Wi-Fi. IEEE Internet of Things Journal 10, 7 (2022), 6221--6234.Google ScholarCross Ref
Sunakshi Jaitly, Harshit Malhotra, and Bharat Bhushan. 2017. Security vulnerabilities and countermeasures against jamming attacks in Wireless Sensor Networks: A survey. In 2017 International Conference on Computer, Communications and Electronics (Comptelix). IEEE, 559--564.Google ScholarCross Ref
T. Karhima, A. Silvennoinen, M. Hall, and S.-G. Haggman. 2004. IEEE 802.11b/g WLAN tolerance to jamming. In IEEE MILCOM 2004. Military Communications Conference, 2004., Vol. 3. 1364--1370 Vol. 3. Google ScholarCross Ref
J Clayton Kerce, George C Brown, and Mark A Mitchell. 2007. Phase-only transmit beam broadening for improved radar search performance. In 2007 IEEE Radar Conference. IEEE, 451--456.Google ScholarCross Ref
Ahmed E Kosba, Ahmed Saeed, and Moustafa Youssef. 2012. RASID: A robust WLAN device-free passive motion detection system. In 2012 IEEE International Conference on Pervasive Computing and Communications. IEEE, 180--189.Google Scholar
Shengjie Li, Xiang Li, Kai Niu, Hao Wang, Yue Zhang, and Daqing Zhang. 2017. Ar-alarm: An adaptive and robust intrusion detection system leveraging csi from commodity wi-fi. In Enhanced Quality of Life and Smart Living: 15th International Conference, ICOST 2017, Paris, France, August 29--31, 2017, Proceedings 15. Springer, 211--223.Google ScholarCross Ref
Xinyi Li, Chao Feng, Fengyi Song, Chenghan Jiang, Yangfan Zhang, Ke Li, Xinyu Zhang, and Xiaojiang Chen. 2022. Protego: securing wireless communication via programmable metasurface. In Proceedings of the 28th Annual International Conference on Mobile Computing And Networking. 55--68.Google ScholarDigital Library
Zang Li, Wade Trappe, Yanyong Zhang, and Badri Nath. 2005. Robust statistical methods for securing wireless localization in sensor networks. In IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005. IEEE, 91--98.Google Scholar
Yuxiang Lin, Yi Gao, Bingji Li, and Wei Dong. 2020. Revisiting indoor intrusion detection with WiFi signals: do not panic over a pet! IEEE Internet of Things Journal 7, 10 (2020), 10437--10449.Google Scholar
Linksys. 2019. Linksys Aware. https://www.linksys.com/for-home/software-and-services/linksys-aware/Google Scholar
Xiao Liu, Jun Gao, Liming Xu, Xiangyu Cao, Yi Zhao, and Sijia Li. 2016. A coding diffuse metasurface for RCS reduction. IEEE Antennas and wireless propagation letters 16 (2016), 724--727.Google Scholar
Xi Liu, Anmol Sheth, Michael Kaminsky, Konstantina Papagiannaki, Srinivasan Seshan, and Peter Steenkiste. 2009. DIRC: Increasing Indoor Wireless Capacity Using Directional Antennas. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication (Barcelona, Spain) (SIGCOMM '09). Association for Computing Machinery, New York, NY, USA, 171--182. Google ScholarDigital Library
Xi Liu, Anmol Sheth, Michael Kaminsky, Konstantina Papagiannaki, Srinivasan Seshan, and Peter Steenkiste. 2010. Pushing the Envelope of Indoor Wireless Spatial Reuse Using Directional Access Points and Clients. In Proceedings of the Sixteenth Annual International Conference on Mobile Computing and Networking (Chicago, Illinois, USA) (MobiCom '10). Association for Computing Machinery, New York, NY, USA, 209--220. Google ScholarDigital Library
Jiguang Lv, Dapeng Man, Wu Yang, Liangyi Gong, Xiaojiang Du, and Miao Yu. 2019. Robust device-free intrusion detection using physical layer information of WiFi signals. Applied Sciences 9, 1 (2019), 175.Google ScholarCross Ref
Akila Murugesan, Krishnasamy T Selvan, Ashwin Iyer, Kumar Vaibhav Srivastava, and Arokiaswami Alphones. 2021. A review of metasurface-assisted RCS reduction techniques. Progress In Electromagnetics Research B 94 (2021), 75--103.Google ScholarCross Ref
Inc. Origin Wireless. 2021. Hex Home Smart Home Security System. https://myhexhome.com/Google Scholar
Xilong Pei, Haifan Yin, Li Tan, Lin Cao, Zhanpeng Li, Kai Wang, Kun Zhang, and Emil Björnson. 2021. RIS-Aided Wireless Communications: Prototyping, Adaptive Beamforming, and Indoor/Outdoor Field Trials. IEEE Transactions on Communications 69, 12 (2021), 8627--8640. Google ScholarCross Ref
Hossein Pirayesh and Huacheng Zeng. 2022. Jamming Attacks and Anti-Jamming Strategies in Wireless Networks: A Comprehensive Survey. IEEE Communications Surveys Tutorials 24, 2 (2022), 767--809. Google ScholarCross Ref
Fang Qi, Yingkai Zhao, Md Zakirul Alam Bhuiyan, Hai Tao, Weifeng Yan, and Zhe Tang. 2022. Artificial intelligence driven Wi-Fi CSI data mining: Focusing on the intrusion detection applications. International Journal of Communication Systems (2022), e5338.Google Scholar
Chao Qian, Bin Zheng, Yichen Shen, Li Jing, Erping Li, Lian Shen, and Hongsheng Chen. 2020. Deep-learning-enabled self-adaptive microwave cloak without human intervention. Nature photonics 14, 6 (2020), 383--390.Google Scholar
Yue Qiao, Ouyang Zhang, Wenjie Zhou, Kannan Srinivasan, and Anish Arora. 2016. PhyCloak: Obfuscating sensing from communication signals. In 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16). 685--699.Google Scholar
Sridhar Rajagopal. 2012. Beam broadening for phased antenna arrays using multi-beam subarrays. In 2012 IEEE International Conference on Communications (ICC). IEEE, 3637--3642.Google ScholarCross Ref
Jatin Sadhwani and M Sabarimalai Manikandan. 2021. Non-collaborative human presence detection using channel state information of Wi-Fi signal and long-short term memory neural network. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). IEEE, 1--6.Google ScholarCross Ref
Jayanth Shenoy, Zikun Liu, Bill Tao, Zachary Kabelac, and Deepak Vasisht. 2022. RF-protect: privacy against device-free human tracking. In Proceedings of the ACM SIGCOMM 2022 Conference. 588--600.Google ScholarDigital Library
Anmol Sheth, Srinivasan Seshan, and David Wetherall. 2009. Geo-fencing: Confining Wi-Fi Coverage to Physical Boundaries.. In Pervasive, Vol. 5538. 274--290.Google Scholar
Paul Staat, Simon Mulzer, Stefan Roth, Veelasha Moonsamy, Markus Heinrichs, Rainer Kronberger, Aydin Sezgin, and Christof Paar. 2022. IRShield: A countermeasure against adversarial physical-layer wireless sensing. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 1705--1721.Google ScholarCross Ref
Zhi Sun, Sarankumar Balakrishnan, Lu Su, Arupjyoti Bhuyan, Pu Wang, and Chunming Qiao. 2021. Who Is in Control? Practical Physical Layer Attack and Defense for mmWave-Based Sensing in Autonomous Vehicles. IEEE Transactions on Information Forensics and Security 16 (2021), 3199--3214. Google ScholarCross Ref
Mathy Vanhoef and Frank Piessens. 2014. Advanced Wi-Fi Attacks Using Commodity Hardware. In Proceedings of the 30th Annual Computer Security Applications Conference (New Orleans, Louisiana, USA) (ACSAC '14). Association for Computing Machinery, New York, NY, USA, 256--265. Google ScholarDigital Library
Ambuj Varshney, Luca Mottola, Mats Carlsson, and Thiemo Voigt. 2015. Directional Transmissions and Receptions for High-Throughput Bulk Forwarding in Wireless Sensor Networks. In Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems (Seoul, South Korea) (SenSys '15). Association for Computing Machinery, New York, NY, USA, 351--364. Google ScholarDigital Library
Tong Xin, Bin Guo, Zhu Wang, Pei Wang, Jacqueline Chi Kei Lam, Victor Li, and Zhiwen Yu. 2018. FreeSense: A robust approach for indoor human detection using Wi-Fi signals. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 3 (2018), 1--23.Google ScholarDigital Library
Chen Yan, Wenyuan Xu, and Jianhao Liu. 2016. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. Def Con 24, 8 (2016), 109.Google Scholar
Fang Yuan, Guang-Ming Wang, He-Xiu Xu, Tong Cai, Xiao-Jun Zou, and Ze-Hao Pang. 2017. Broadband RCS reduction based on spiral-coded metasurface. IEEE Antennas and wireless propagation letters 16 (2017), 3188--3191.Google ScholarCross Ref
Feng Zhang, Chenshu Wu, Beibei Wang, Hung-Quoc Lai, Yi Han, and KJ Ray Liu. 2019. WiDetect: Robust motion detection with a statistical electromagnetic model. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 3 (2019), 1--24.Google ScholarDigital Library
Xin Ge Zhang, Ya Lun Sun, Qian Yu, Qiang Cheng, Wei Xiang Jiang, Cheng-Wei Qiu, and Tie Jun Cui. 2021. Smart Doppler cloak operating in broad band and full polarizations. Advanced Materials 33, 17 (2021), 2007966.Google ScholarCross Ref
Zheng Zhen, Chao Qian, Yuetian Jia, Zhixiang Fan, Ran Hao, Tong Cai, Bin Zheng, Hongsheng Chen, and Erping Li. 2021. Realizing transmitted metasurface cloak by a tandem neural network. Photonics Research 9, 5 (2021), B229--B235.Google ScholarCross Ref
Yuxuan Zhou, Huangxun Chen, Chenyu Huang, and Qian Zhang. 2022. WiAdv: Practical and Robust Adversarial Attack against WiFi-based Gesture Recognition System. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 6, 2 (2022), 1--25.Google ScholarDigital Library
Guozhen Zhu, Chenshu Wu, Xiaolu Zeng, Beibei Wang, and KJ Ray Liu. 2022. Who Moved My Cheese? Human and Non-human Motion Recognition with WiFi. In 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS). IEEE, 476--484.Google Scholar
Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y Zhao, and Haitao Zheng. 2020. Et tu alexa? when commodity wifi devices turn into adversarial motion sensors. In Network and Distributed Systems Security (NDSS) Symposium.Google ScholarCross Ref

Index Terms

RIStealth: Practical and Covert Physical-Layer Attack against WiFi-based Intrusion Detection via Reconfigurable Intelligent Surface
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Read More
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Read More
Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems
November 2023
574 pages
ISBN:9798400704147
DOI:10.1145/3625687
General Chair:
Rasit Eskicioglu,
Program Chair:
Polly Huang,
Program Co-chair:
Neal Patwari
Copyright © 2023 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 April 2024
Check for updates
Author Tags
intrusion detection
wireless sensing
physical-layer attack
reconfigurable intelligent surface
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate174of867submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 23
  Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)23
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

RIStealth: Practical and Covert Physical-Layer Attack against WiFi-based Intrusion Detection via Reconfigurable Intelligent Surface

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

RIStealth: Practical and Covert Physical-Layer Attack against WiFi-based Intrusion Detection via Reconfigurable Intelligent Surface

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media