Contactless Side Channel Attacks via Radio Frequency Energy Harvesting: Privacy Leakage and Mitigation

Radio frequency energy harvesting (RFEH) is an emerging technology that can generate power from ambient electromagnetic waves and will soon be deployed in millions of Internetof- Things (IoT) devices. While RFEH promises to bring us one step closer to Nikola Tesla’s vision of “powering every device through the air,” our preliminary study showed that it can be exploited as a new side channel to compromise user privacy. The intuition is that the user’s mobile device activities (e.g., watch YouTube and Netflix) produce wireless traffics that affect the electromagnetic radio signals in the ambient environment and hence can leave distinguishable fingerprints in harvested signals (i.e., voltages). If the signal is obtained by a malicious attacker, the user’s private information will be revealed. RFEH technology is, therefore, a double-edged sword. From the energy harvesting viewpoint, the harvested energy can be used to power lowenergy IoT devices, eliminating the need for cables and battery replacement. Conversely, from the privacy perspective, the harvested energy contains the user’s sensitive information, creating possibilities to infer the user’s mobile device activities. This poses huge security and privacy risks because a passive and contactless eavesdropping attack can be easily launched from lowcost, ubiquitous, and even self-powered commodity RFEH-equipped IoT devices (e.g., smart sensor and smart lamp).This project will, for the first time to our best knowledge, systematically investigate privacy leakage and propose corresponding mitigation against the new side channel. First, we will develop a theoretical model to explain the mathematical relationship between the user’s mobile device activities and harvested energy. Based on these theoretical results, we will develop a comprehensive systematic side-channel attack framework for understanding the new attack’s threat. Using these findings, we will design effective mitigation techniques to defend the new attack. Finally, we will prototype the system and conduct extensive experiments to evaluate the efficacy of the theoretical model, the performance of the attack framework, and the effectiveness of the mitigation.This project is timely because the need to safely manage a smart space and protect user privacy is urgent. Many off-the-shelf RFEH-equipped IoT products have penetrated daily life, and this continues to escalate. This project will establish theoretical foundations for exploring the information leakage from RFEH, provide effective countermeasures, and push forward the scientific frontier of cybersecurity. It will also raise public awareness of the new side-channel attack, paving the way for secure RFEH-equipped IoT systems before they become ubiquitous.