Determining position within an indoor environment can be difficult when GPS signals become too weak. For this reason, alternatives are desired for indoor positioning systems (IPSes). The Bluetooth Low Energy (BLE) protocol is one alternative solution for IPSes. BLE is a low power wireless technology used for connecting devices with each other. There are two different methods for using BLE for localization: deterministic, and machine learning (ML) models. Each method uses a measured received signal strength indicator (RSSI) to determine distances from fixed, known locations. Deterministic models rely on empirical equations relating signal strength to distance, while ML uses collected signal strengths, or fingerprints, to learn positions. This paper assesses the robustness of an IPS system we built that uses BLE and ML by executing a distance fraud attack. A distance fraud attack causes intentional miscalculations of positions. The attack executed on the system assumes the attacker has network access and has compromised some small fraction of the receiving nodes. The results show a significant difference between the calculated positions of the system operating under benign conditions and operating under attack. We explore one possible defense against this attack by training an ML system for attack identification.
|