UC San Diego

Radio frequency (RF) signals, once transmitted wirelessly over the air, are accessible to anyone within reception range. This poses potential security and privacy vulnerabilities in two ways. First, personal electronic devices that use wireless signals to communicate and connect to the outside world can be overheard by adversaries, raising privacy concerns for users. Second, adversaries can exploit these wireless transmissions to leak sensitive information from secure locations, leading to data breaches and other security issues. This dissertation develops novel sensing algorithms and systems to identify and address such privacy and security vulnerabilities.

Connectivity features provided by wireless technologies such as BLE and WiFi often require devices like smartphones, smartwatches, and AirPods to constantly broadcast signals. If an adversary detects a device identifier in the signal, they can identify and locate the device by sniffing these continuous wireless transmissions, jeopardizing the user's location privacy. Although such threats are mitigated at higher layers through anonymization (e.g., MAC address randomization), physical-layer anonymity is often neglected. In this dissertation, we develop algorithms and tools to demonstrate the feasibility of conducting identification and location tracking attacks using physical-layer signals. We develop robust and accurate algorithms to estimate the hardware manufacturing imperfections of a wireless device by sensing its transmitted signal, showing that these hardware imperfections can serve as a fingerprint to identify and track devices in practical real-world scenarios.

After showcasing the feasibility and importance of such physical-layer tracking attacks, we propose countermeasures to mitigate such threats. The designed countermeasure ensures that even an optimal attacker cannot take advantage of the aforementioned physical-layer fingerprints to accurately identify a device. We implement our proposed countermeasure by only making firmware changes to a commodity BLE chipset.

Finally, we develop machine learning and signal processing algorithms to detect anomalous and unexpected RF transmissions to secure compartmented information. Unexpected RF transmissions usually are an indicator of potential data breach. By detecting such transmissions, we contribute to securing the RF environments. We demonstrate the proposed approach is capable of detecting a variety of anomalous low probability of intercept (LPI) signals as well as anomalous wireless devices.