NSF Award
2404741
This project promotes the security of existing mobile systems via a comprehensive investigation of the attack possibilities against existing Wi-Fi localization systems and creating defense tools to protect these systems from being subverted by attackers. Spoofing attacks against Wi-Fi localization systems have been studied for over a decade. Such attacks can deceive a mobile device to obtain a wrong position estimate from Wi-Fi localization systems. Although spoofing attacks seem to be effective, surprisingly, past research and practice show that they can trivially impact a Wi-Fi localization system in urban environments with dense coverage of Wi-Fi access points, because the existence of these Wi-Fi access points can significantly interfere with the attacker's actions. As such, the investigators aim to address two essential research questions. First, whether it is completely impossible to spoof a Wi-Fi localization system in dense urban areas without disrupting legitimate Wi-Fi operations. Second, if it is indeed possible for an attacker to do so, whether we effectively mitigate this threat to prevent mobile applications from getting fake location information. This project seeks fundamental insights to safeguard trustworthy location information in securing Wi-Fi enabled applications.<br/><br/>The investigators observe that the locations of Wi-Fi access points are usually stored in location databases hosted by Wi-Fi localization systems, which commonly provide Geolocation APIs to enable a mobile device to obtain its location estimate. This indicates that an attacker can leverage these APIs to gain information and infer knowledge from the location database and estimation algorithm. Such a potential threat enables a new attack surface for Wi-Fi localization systems. The project conducts a systematic examination of this attack surface to determine how it enables new attacks and how to combat such attacks. Key outcomes from the project include a comprehensive analysis of the key factors that can impact on the success of Wi-Fi spoofing attacks in dense urban areas, vulnerability study on the security of Geolocation APIs, and innovative defense methods to enable a victim to detect the existence of these attacks.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
