According to privacy regulations, e.g., GDPR, location privacy is a fundamental right of mobile users, and it should be guaranteed that no unauthorized third-parties collect and retain such information. However, adversaries can leverage fully passive time-based physical layer approaches to stealthily multilaterate the location of wireless transmitters. As such techniques do not require any collaboration of the device being localized, they pose a remarkable location privacy threat. This problem has often been overlooked in the literature, and there currently exists no real-world validated solution to such attacks. In this paper, we propose Confundus, the first real-world validated solution for location privacy protection of RF devices. Our solution innovatively leverages Fake Multipath Injection (FMI) to exploit the main source of inaccuracy of state-of-the-art passive localization techniques, i.e., correct timestamp estimation. According to commonly implemented techniques for timestamp estimation, when receiving consecutive signal replicas, wireless receivers estimate as the reception timestamp of the overall signal the time at which the strongest replica is received. To cause wrong timestamp estimation at the attacker's nodes, Confundus emits several instances of the same short message at very close time instants, with the same transmission power. Due to the channel effect and the noise at the receiver, replicas arrive with different power at different receivers, thus causing wrong estimations. Our real-world experimental assessment, ran using Software-Defined Radios and an actual wireless localization system, demonstrates that by using only one additional replica we can increase the localization error from a few meters to a few kilometers.
Confundus: Mitigating Hostile Wireless Source Localization
Wang, Shuo;Brighente, Alessandro;Conti, Mauro
2025
Abstract
According to privacy regulations, e.g., GDPR, location privacy is a fundamental right of mobile users, and it should be guaranteed that no unauthorized third-parties collect and retain such information. However, adversaries can leverage fully passive time-based physical layer approaches to stealthily multilaterate the location of wireless transmitters. As such techniques do not require any collaboration of the device being localized, they pose a remarkable location privacy threat. This problem has often been overlooked in the literature, and there currently exists no real-world validated solution to such attacks. In this paper, we propose Confundus, the first real-world validated solution for location privacy protection of RF devices. Our solution innovatively leverages Fake Multipath Injection (FMI) to exploit the main source of inaccuracy of state-of-the-art passive localization techniques, i.e., correct timestamp estimation. According to commonly implemented techniques for timestamp estimation, when receiving consecutive signal replicas, wireless receivers estimate as the reception timestamp of the overall signal the time at which the strongest replica is received. To cause wrong timestamp estimation at the attacker's nodes, Confundus emits several instances of the same short message at very close time instants, with the same transmission power. Due to the channel effect and the noise at the receiver, replicas arrive with different power at different receivers, thus causing wrong estimations. Our real-world experimental assessment, ran using Software-Defined Radios and an actual wireless localization system, demonstrates that by using only one additional replica we can increase the localization error from a few meters to a few kilometers.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
