Comprehensive analysis of security threats and privacy issues in indoor localization systems

Abstract

The growing use of indoor localization systems (ILS) in essential applications, including healthcare, smart buildings, and logistics, has created serious security and privacy concerns. This paper thoroughly analyzes the existing security and privacy concerns in ILS, emphasizing risks such as spoofing, signal jamming, and adversarial attacks. We explore defense strategies, such as federated learning, adversarial machine learning, and cryptographic protocols, emphasizing their efficacy and constraints. The study examines the trade-offs among privacy, accuracy, and efficiency in ILS while tackling significant difficulties such as non-Independent and Identically Distributed (non-IID) data, energy efficiency, and scalability in practical applications. This review provides a comprehensive overview of the state of the art in protecting ILS against growing adversarial threats by integrating major trends and approaches from the last five years. This survey paper will help researchers and industry professionals gain a deeper understanding of privacy and security concerns in ILS.

Introduction

Location-based services (LBS) are applications that deliver location-specific information regarding a user or device via mobile devices or communication networks. Recent years have seen an increase in demand due to their broad range of applications, which include navigation, mapping, social networking, targeted advertising, virtual reality, healthcare, transportation, smart cities, and gaming¹. While outdoor localization largely depends on global navigation satellite systems (GNSS), many emerging services require accurate positioning indoors, where GNSS is unreliable. Indoor Localization Systems (ILS) fulfill this requirement by utilizing several technologies, including frequency modulation (FM), amplitude modulation (AM), Bluetooth, global system for mobile communications (GSM), Wi-Fi, and long-term evolution (LTE)^2,3.

Localization fundamentally involves determining the position of an object or individual in relation to reference points (RP) within a specified indoor environment⁴, as depicted in Fig. 1, which emphasizes the difference between indoor and outdoor methodologies. The increasing dependence on ILS in essential sectors, such as healthcare, smart infrastructure, logistics, and emergency response, highlights the necessity for dependable, secure, and privacy-respecting systems. Indoor locations present distinct issues, including signal blockage, multipath effects, and vulnerability to malicious interference. Security threats such as signal spoofing and jamming, along with privacy risks like unauthorized tracking, can result in significant real-world repercussions. It is therefore essential to understand and address these threats, which highlight the importance of a comprehensive review of existing vulnerabilities, defense mechanisms, and future research directions in this evolving field.

Fig. 1

Indoor versus outdoor localization systems.

The study distinguishes itself from others^5,6,7 by providing a comprehensive examination of security and privacy concerns in ILS, something that is frequently overlooked in previous research. Numerous present assessments concentrate on security concerns or privacy troubles, although seldom do they examine the combination of both. Our analysis underscores the imperative for a dual approach, particularly in response to rising threats such as signal spoofing, jamming, and data privacy violations. This report highlights recent trends and offers a current view of the growing environment of ILS, including developments in FL and AML as defensive strategies. Unlike prior studies that narrow their scope to specific technologies, our paper broadens the scope by analyzing the latest developments across diverse ILS applications, providing insights into both attack prevention and defense mechanisms, and identifying gaps in the literature. The main contributions of this study are summarized as follows:

• Comprehensive literature synthesis We provide a structured and up-to-date review of recent developments (2020–2025) in ILS security and privacy, emphasizing the interplay between threats such as spoofing, jamming, and data breaches, which are often treated separately in prior surveys.

• Methodological integration of defense paradigms This study uniquely integrates discussions on federated learning (FL), adversarial machine learning (AML), and cryptographic protocols, offering a comparative analysis of their effectiveness and limitations across varied ILS scenarios.

• Evaluation of privacy–utility trade-offs We critically examine the trade-offs between privacy, accuracy, and computational efficiency in decentralized ILS architectures, offering insights into real-world applicability and constraints that are often overlooked in more theoretical studies.

• Identification of open challenges and research Ddrections The study highlights unresolved issues such as non-IID data handling, scalability limitations, and energy efficiency bottlenecks. Based on these, we propose concrete future research directions to support the design of more secure and privacy-preserving ILS frameworks.

While several prior reviews have discussed either security or privacy in indoor localization systems, few studies have offered an integrated perspective that systematically addresses both concerns in tandem. This gap is particularly significant given the increasing interdependence between privacy-preserving mechanisms and security defenses in real-world ILS deployments. Existing literature has tended to focus on isolated technical challenges–such as specific attack types, encryption techniques, or signal interference–but has often lacked a comprehensive view that maps these threats to emerging defensive strategies like federated learning and adversarial machine learning. In response, this study presents a structured and up-to-date synthesis of both vulnerabilities and countermeasures in ILS, covering technological trends from 2020 to 2025. Methodologically, this review differs from past works by bridging siloed research areas and offering a comparative analysis of ILS privacy and security solutions across a range of practical application scenarios. By doing so, it not only identifies unresolved challenges but also outlines future research directions to guide the development of robust and privacy-aware indoor localization architectures.

To conduct this comprehensive review, we systematically searched leading academic databases, including IEEE Xplore, Scopus, and Web of Science, for peer-reviewed journal and conference papers published between 2020 and 2025. Keywords such as indoor localization, privacy, security, federated learning, and adversarial machine learning guided our search. We included articles that specifically addressed either security or privacy concerns or both within the context of Indoor Localization Systems (ILS). Studies that focused exclusively on hardware-level improvements or unrelated positioning technologies were excluded. We restrict the time window to 2020–2025 to capture the rapid shift toward FL/AML and cryptographic defenses during these years, provide a coherent and up-to-date scope, and complement–rather than duplicate–pre-2020 surveys. For the detailed eligibility rules and screening workflow, see “earch Strategy and Eligibility Criteria”Section.

Fig. 2

Outline of the study.

Fig. 3

Taxonomy of security and privacy mechanisms for indoor localization systems (ILS), classified by attack type, mitigation approach, and system architecture.

As a survey paper, this study aims to synthesize and evaluate existing research, without proposing new algorithms or experiments. Selected articles were analyzed and categorized based on attack types, defense mechanisms, and system architectures, as illustrated in Fig. 3, to support a structured exploration of current trends and open challenges in the field.

Unlike prior surveys, this work integrates recent advances and organizes threats and solutions using a taxonomy aligned with AI-driven and cryptographic methodologies, offering a novel perspective on the dual challenge of privacy and security in ILS.

Search strategy and eligibility criteria

To enhance transparency and reproducibility, we specify the eligibility rules governing study selection and outline the screening workflow used to assemble the final corpus. A concise summary appears in Table 1.

Inclusion criteria (all must be satisfied).

1. 1.

   Peer-reviewed journal or conference papers published during 2020-2025.

2. 2.

   English-language publications.

3. 3.

   Full text available.

4. 4.

   Studies focused on ILS that analyze security and/or privacy (e.g., threats, defenses, trade-offs).

5. 5.

   Study designs including empirical evaluations, simulations, algorithmic/framework proposals, or surveys that substantively address ILS security or privacy.

Exclusion criteria (any single criterion is sufficient for exclusion)

1. 1.

   Works focused exclusively on hardware-level improvements with no ILS security/privacy analysis.

2. 2.

   Studies on outdoor-only localization or otherwise unrelated positioning technologies.

3. 3.

   Non–peer-reviewed items (e.g., theses, patents, white papers), abstracts without full text, or non-English publications.

Screening workflow Records aggregated from the selected bibliographic sources were first deduplicated. We then conducted title/abstract screening against the eligibility rules above, followed by a full-text assessment of the remaining candidates. For transparency, reasons for exclusion were documented at the full-text stage. The subsequent taxonomy and synthesis consider only studies meeting the inclusion criteria.

Table 1 Eligibility criteria (summary).

The remainder of the paper is organized as follows: Section "Fundamentals of indoor localization systems" covers the basics of ILS, including their kinds, range methods, and localization algorithms. Section "Related work" summarizes current ILS security and privacy assessments and research. Section "Comparative study of privacy and security approaches in ILS" examines the strengths, weaknesses, and current trends of ILS security solutions and highlights key issues. Section "Security and privacy concerns in ILS" discusses ILS security and privacy issues, including spoofing and jamming attacks and their consequences. Section "Machine learning techniques for enhancing security and privacy in ILS" discusses the AI techniques that can be used for enhancing ILS privacy and security. Section "Discussion and synthesis of findings" synthesizes the findings from the previous sections by categorizing security and privacy techniques along the dimensions of effectiveness, scalability, and real-world applicability. Finally, sect. "Research gaps and future directions" provides a comprehensive discussion of gaps and future directions in the ILS study. Finally, sect. "Conclusion" concludes the paper by summarizing the findings and suggesting future research directions to improve ILS security and privacy. For a complete structure of this paper, refer to Fig. 2.

Fundamentals of indoor localization systems

Before delving into privacy and security challenges related to ILS, let us briefly look into these systems. ILS estimates the position of a target continuously in an indoor environment by first applying a distance estimation algorithm using different ranging techniques, followed by a localization algorithm⁸. To offer a structured understanding of the security and privacy landscape in ILS, Fig. 3 presents a taxonomy that categorizes the common threat types, corresponding defense mechanisms (e.g., federated learning, adversarial training, cryptographic solutions), and deployment models. This taxonomy serves as a conceptual anchor for the techniques reviewed in subsequent sections.

Types of indoor localization

Indoor environments are diverse, and each indoor environment requires ILS tailored to its needs in terms of accuracy and coverage. For example, ambient assisted living applications require room-level coverage with an accuracy of less than one meter, while law enforcement requires urban or rural coverage with an accuracy of a few meters. Because of these diverse needs, there is no single solution to indoor localization; different localization techniques coexist. Indoor localization can broadly be divided into two categories: active localization and passive localization. A more detailed sub-classification of active and passive localization techniques is shown in a flow chart in Fig. 4.

Active localization

Active localization is ideal for application that require high accuracy like asset tracking, robot navigation, etc., but demands users to carry a tag or device like a mobile phone, smartwatch, etc. Some of the techniques used for active detection include computer vision (CV)⁹, light detection and ranging (LIDAR)^10,11,12, ultrasound¹³, acoustic^14,15, geometric fingerprinting¹⁶, wireless or radio frequency (RF)¹⁷, visible light¹⁸, and aroma fingerprinting^19,20.

Passive localization

Unlike active localization, passive localization suitable for scenarios like occupancy detection, with limitations in precision is due to the lack of active tags. Some of the applications of passive detection are intrusion detection, fall detection, remote monitoring, emergency evacuation, business analytics, accessibility aids for the visually impaired²¹, etc. The techniques used in passive localization include camera- or vision-based localization^22,23, RF-based localization²⁴, visual light-based localization^25,26, infrared-based localization^27,28, physical excitation²¹, and electric field sensing^13,29.

Fig. 4

Types of indoor localization.

Ranging techniques

Ranging techniques in ILS are different methods used to measure the distance between devices, such as beacons, sensors, or access points (AP), and a target object that could be a mobile device or person. These techniques are essential for determining the location of a target in an indoor environment. Different ranging techniques are used for ILS in the literature (Fig. 5); some of the common ones include the following:

Phase of arrival (PoA)

PoA is a ranging technique in which the phase difference of a signal that is received at multiple antennas or from multiple transmitters is measured. The phase information in PoA is used to estimate the target location. Although PoA can provide high accuracy, especially in environments with limited multipath path effects, it is challenging because it requires precise measurement and is sensitive to environmental factors and frequency offset^30,31.

The PoA is estimated by evaluating the phase difference of the signal received at various antennas. Mathematically, the phase difference \(\Delta \phi\) between the two antenna positioned at a distance \(d\) is represented as

$$\begin{aligned} \Delta \phi = \frac{2\pi d \cos \theta }{\lambda }, \end{aligned}$$

(1)

where, \(\theta\) is the angle of arrival of the signal, \(\lambda\) represents the wavelength of the signal, and \(d\) denotes the distance between the antennas. The angle of arrival, \(\theta\), can be approximated using the measured phase difference \(\Delta \phi\):

$$\begin{aligned} \theta = \cos ^{-1}\left( \frac{\Delta \phi \cdot \lambda }{2\pi d}\right) . \end{aligned}$$

(2)

The approximated phase can then be used to determine the target’s position in either a two or three dimensional space. The effectiveness of this method depends upon the accurate measurements and careful calibration, which help mitigate influences such as frequency offset and environmental noise. Although PoA provides high accuracy in controlled settings, its susceptibility to noise, frequency offsets, and calibration issues limits its practicality in dynamic or large-scale applications.

Angle of arrival (AoA)

Angle of arrival (AoA) is a method that measures the direction from which a signal reaches the receiver. This method triangulates the target location by combining multiple AoAs from different receiver locations. AoA provides high accuracy, especially when directional antennas are used. However, it requires specialized hardware and can be affected by multipath interference³². In practice, the AoA technique determines the angle \(\theta\) of the incoming signal at each receiver, which can be calculated using the coordinates of the transmitter \((x_t, y_t)\) and the receiver \((x_r, y_r)\).

$$\begin{aligned} \theta = \tan ^{-1}\left( \frac{y_t - y_r}{x_t - x_r}\right) . \end{aligned}$$

(3)

Several receivers with known positions are employed to determine the transmitter’s location through triangulation. Using the AoA information \(\theta _i\) at receiver \(i\), the lines of bearing (LoB) can be described as

$$\begin{aligned} y - y_{r_i} = \tan (\theta _i) \cdot (x - x_{r_i}), \end{aligned}$$

(4)

\((x_{r_i}, y_{r_i})\) denotes the coordinates of the \(i\)-th receiver. The intersection of these LoBs from various receivers yields the estimated location of the transmitter \((x_t, y_t)\). In actual situations, noise and multipath effects can distort AoA readings, requiring error minimization strategies to enhance the accuracy of the estimated position.

Although AoA is highly accurate, it is especially susceptible to multipath effects. Additionally, the requirement for specialized directional antennas and noise reduction techniques can make its deployment in real-world situations more complex.

Signal propagation time

In the signal propagation time technique, the distance between the target and a reference point (RP) with a known location is estimated by measuring the time it takes for a signal to arrive between them. Based on this principle, two common techniques are used, namely time of arrival (ToA) and time difference of arrival (TDoA). ToA provides high accuracy in line of sight (LOS) environments but its performance decreases in no line of sight (NLOS) scenarios due to the multi-path effect and signal reflection³³. A major challenge in ToA is the need for accurate time synchronization between the transmitter and receiver, which TDoA addresses. However, TDoA requires multiple receivers and the use of complex algorithms to estimate the target location, which introduces its own difficulties.

In the ToA method, the distance \(d\) between the transmitter and receiver is calculated as

$$\begin{aligned} d = c \cdot t, \end{aligned}$$

(5)

where \(c\) is the speed of light (or more generally, the signal propagation velocity in a medium), and \(t\) represents the measured signal propagation duration. This equation presumes that the signal propagates on a linear trajectory without considerable delays caused by obstructions.

The TDoA technique uses the time difference of arrival (\(\Delta t\)) between two receivers at known locations to calculate the difference in distances (\(\Delta d\)) from the target to these receivers, expressed as \(\Delta d = c \cdot \Delta t\). Here, \(\Delta t\) represents the time difference between the signals reaching the two receivers, defined as \(\Delta t = t_2 - t_1\), where \(t_1\) and \(t_2\) denote the arrival times at the first and second receivers, respectively. The target’s location is determined by integrating several measurements through trilateration or other geometric methods.

ToA and TDoA perform well under ideal line-of-sight conditions, but their accuracy decreases in non-line-of-sight environments. Beyond classical multilateration, a recent approach couples propagation modeling with a genetic algorithm to efficiently explore the position space and improve indoor localization under multipath constraints³⁴.

Received signal strength indicator (RSSI)

RSSI, as the name suggest, is a measure of the real signal power received by the receiver. It is calculated in decibel milliwatts (dBm) or milliwatts (mW)³⁵. The RSSI technique estimates the distance between the transmitter and receiver based on the strength of the received signal. As the distance between the devices increases, the signal strength decreases, which is used to approximate the distance between them.

The received signal strength (RSS) is represented by the path loss equation:

$$\begin{aligned} P_r(d) = P_t - 10 \cdot n \cdot \log _{10}(d) + X_g, \end{aligned}$$

(6)

where \(P_r(d)\) represents the received power at a distance \(d\) (in \(dBm\)), \(P_t\) denotes the transmitted power (in \(dBm\)), \(n\) signifies the path loss exponent (typically ranging from 2 to 4 in indoor environments), \(d\) indicates the distance between the transmitter and receiver (in meters), and \(X_g\) refers to the Gaussian noise that accounts for environmental factors (e.g., obstacles and interference). The estimated distance \(\hat{d}\) can be computed using the following equation:

$$\begin{aligned} \hat{d} = 10^{\frac{P_t - P_r(d) + X_g}{10 \cdot n}}. \end{aligned}$$

(7)

RSSI based localization is easy to implement without requiring complex hardware or calculations. Another advantage of RSSI is that they are inexpensive and are widely supported by existing wireless technologies like Wi-Fi and Bluetooth. Accuracy of RSSI is directly influenced by environmental factors like obstacles, interference, and multi-path propagation³⁶. Compared to other techniques RSSI is generally less accurate, especially in complex indoor environments.

RSSI provides ease of use and cost benefits; however, it faces challenges with accuracy in areas with many obstacles or interference, which reduces its reliability for accurate indoor localization.

Frequency modulated continuous wave (FMCW)

FMCW is a technique in which a continuous waveform is transmitted along with its frequency modulation over time. The transmitted signal can be represented as

$$\begin{aligned} s_{\text {tx}}(t) = A \cos \left( 2\pi f_0 t + \pi k t^2\right) , \end{aligned}$$

(8)

where \(A\) denotes the amplitude of the signal, \(f_0\) represents the initial frequency, and \(k = \frac{B}{T}\) represents the chirp rate, with \(B\) indicating the bandwidth and \(T\) the duration of the chirp. This signal reflects off an object and is received by the system. The received signal, delayed by the duration \(\tau\), is expressed as

$$\begin{aligned} s_{\text {rx}}(t) = A \cos \left( 2\pi f_0 (t - \tau ) + \pi k (t - \tau )^2\right) . \end{aligned}$$

(9)

The system estimates the frequency shift \(f_\Delta\), defined as the difference between the transmitted and received signals. The frequency shift is expressed as

$$\begin{aligned} f_\Delta = k \tau = \frac{2kR}{c}, \end{aligned}$$

(10)

where \(\tau = \frac{2R}{c}\) denotes the round-trip time delay, \(R\) represents the distance from the transmitter to the object, and \(c\) signifies the speed of light. Hence, the distance \(R\) to the item can be calculated using the formula:

$$\begin{aligned} R = \frac{c f_\Delta }{2k}. \end{aligned}$$

(11)

FMCW is a versatile technique that supports both short- and long-range sensing, making it suitable for a wide range of indoor applications³⁷. While it offers high accuracy, its performance is sensitive to environmental factors and relies on advanced signal processing and sophisticated hardware. These requirements increase system cost and complexity, limiting its feasibility for large-scale or cost-sensitive deployments³⁸.

Channel state information (CSI)

CSI is an advanced technique for measuring distance in ILS. CSI holds detailed data about the propagation characteristics of a wireless communication channel like Wi-Fi. It includes information regarding the variations in signal as it passes through an environment, which can be affected by factors like walls, furniture, and people moving around³⁹. CSI provides more precise data compared to traditional RSSI data which allows for a more accurate localization, device tracking, and environment sensing.

The CSI captures the frequency response of the channel, mathematically expressed as

$$\begin{aligned} H(f) = |H(f)| e^{j\phi (f)}, \end{aligned}$$

(12)

where \(H(f)\) denotes the complex channel frequency response at frequency \(f\), \(|H(f)|\) represents the amplitude response, and \(\phi (f)\) indicates the phase response. The received signal can be expressed with the CSI as follows:

$$\begin{aligned} Y(f) = H(f) \cdot X(f) + N(f), \end{aligned}$$

(13)

In the frequency domain, \(Y(f)\) denotes the received signal, \(X(f)\) signifies the broadcast signal, \(H(f)\) represents the CSI, and \(N(f)\) indicates noise. In a multipath environment, where signals arrive at the receiver via multiple routes, the CSI is generally represented as

$$\begin{aligned} H(f) = \sum _{i=1}^L \alpha _i e^{-j2\pi f \tau _i}, \end{aligned}$$

(14)

where \(L\) denotes the number of propagation paths, \(\alpha _i\) signifies the amplitude attenuation of the \(i\)-th path, and \(\tau _i\) indicates the propagation delay of the \(i\)-th path.

CSI provides exceptional accuracy and depth in localization data through its comprehensive channel measurements. However, its substantial computational demands and sensitivity to environmental changes pose considerable challenges for real-time and resource-limited applications.

Fig. 5

Ranging techniques in ILS.

Localization algorithms

Indoor localization algorithms are used to determine the position of a target object based on factors like RSSI, CSI, ToA, etc. These algorithms are broadly classified as follows:

Proximity-based algorithms

Proximity-based localization algorithms determine the location of a device by measuring its closeness to some known fixed point⁴⁰. Bluetooth beacons are a common proximity-based approach that measures device closeness by measuring the strength of the signals from the beacons set at known locations. This method is commonly implemented in indoor environments. Near-field communication (NFC) is another example of a proximity-based algorithm in which the location of the device is determined by directly interacting with NFC tags that are embedded in the area of interest.

Triangulation-based algorithms

Triangulation-based algorithms utilize the geometric relationship between the known RP or anchor. It includes methods like lateration¹³, which determines the target distance from multiple anchors to calculate its location. TDoA and ToA are examples of lateration, which improves localization accuracy using signal travel times. Angulation (or AoA) is another triangulation-based algorithm that estimates the target location using the measure of the angle of the signal arriving from multiple anchors. Both lateration and angulation are widely used methods, and they balance accuracy and computational requirements based on the indoor environment and infrastructure.

Dead reckoning

Dead reckoning, though a navigation method, can be used for indoor localization. It estimates the current position of the target using previously known locations, along with its velocity measurement and direction of movement. Dead reckoning is sensitive to error accumulation over time⁴¹; hence, it is often combined with other localization techniques to improve its accuracy.

Trilateration/multilateration

Trilateration and multilateration are techniques that find an unknown node by using three (in the case of trilateration) or more (in the case of multilateration) reference nodes. In trilateration, the position of the target node is determined by finding the intersection of three imaginary circles that are centered at the reference nodes⁴².

Magnetic field-based localization

In the magnetic field-based localization algorithm, distortions in the earth’s magnetic field are used to pinpoint locations⁴³. This distortion in the magnetic field is caused by the structural elements of the buildings. Magnetic field-based localization involves creating detailed maps of the indoor environment’s magnetic field, which are then used as references in indoor localization.

Range-free

Range-free localization algorithms are methods that do not rely on distance or angle measurements to predict the position of the target and are used in wireless sensor networks (WSNs). Range-free localization algorithms use, instead, the connectivity information to infer the relative position of nodes in a network. Common range-free algorithms include distance vector-hop (DV-Hop)⁴⁴, centroid localization, approximate point-in-triangulation (APIT), and multidimensional scaling mapping (MDS-MAP).

Machine learning (ML)-based algorithms

ML-based algorithms use methods like neural networks, like deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs), to improve localization accuracy by learning from a large dataset³⁵. These neural networks effortlessly model complex relationships between the signal features and specific location coordinates. Support vector machines (SVMs) are another ML algorithm used for localization problems due to their robust classification capabilities. SVMs efficiently determine the position based on different signal attributes.

Fingerprinting

Fingerprinting in indoor localization is the process of creating a radio map (database) of signal characteristics like RSSI and CSI at multiple locations in the area of interest⁴⁵. This radio map is used as a reference to match the current signal measurements with those in the database and predict the location based on this comparison. The most popular method, Wi-Fi fingerprinting, uses RSSI data from many APs to estimate the device location. Another method of fingerprinting is RFID fingerprinting, which builds complex signal maps using RFID tags and readers, allowing for more accurate localization (Fig. 6).

Fig. 6

Localization algorithms.

Related work

ILS security and privacy surveys and case studies are reviewed in this section, highlighting key findings and limitations. It includes case studies and real-world applications in indoor localization from 2020 to 2025.

Existing surveys and reviews

Recent surveys on ILS have explored various aspects of security and privacy, yet gaps remain in their coverage and depth. Early reviews, such as⁴⁶, provided a foundational categorization of privacy concerns–device, transmission, and server-level–but their relevance is limited due to outdated datasets. More recent works have examined the intersection of machine learning and IoT security⁴⁷, as well as the broader landscape of indoor/outdoor localization in IoT⁴². Studies focusing on specific technologies, like BLE in wearable devices⁴⁸, and deep learning-based approaches using Wi-Fi, Bluetooth, and UWB⁴⁹, highlight ongoing challenges such as multipath interference, data scarcity, and environmental noise. While these surveys contribute valuable insights, particularly on hybrid techniques and device-free localization, standardization and efficiency remain critical concerns. More recent efforts⁷ have introduced structured classifications based on collaboration and security principles but offer limited treatment of privacy-preserving methods. Privacy-specific surveys^5,50 have begun to explore novel attack models and protection strategies in location fingerprinting, though their scope is often narrow and lacks comprehensive analysis. Overall, existing literature reveals a fragmented approach to privacy in ILS, underscoring the need for more integrative and up-to-date reviews. For a cutting-edge 2025 synthesis of AI–cybersecurity fusion trends–spanning FL, AML, privacy mechanisms, and policy directions–see⁵¹, which complements our ILS-focused review. Given that several pre-2020 surveys are limited or outdated with respect to modern datasets and techniques, our review focuses on 2020–2025 to provide an up-to-date synthesis that complements these earlier works.

Evolution of security and privacy techniques in indoor localization

2020

Several studies have explored privacy and security concerns in indoor positioning systems (IPS), particularly the handling of sensitive user data and resilience against adversarial behavior. Barsocchi et al.⁵² propose a GDPR-compliant, privacy-by-design framework for location-based services, demonstrated through a Telegram-based proximity marketing application. While the architecture supports regulatory compliance, it remains limited in scope and reveals ongoing vulnerabilities in data protection. Addressing malicious data manipulation, Li et al.⁵³ introduce the ACTD framework, which employs machine learning and outlier detection to identify anomalous RSS fingerprint submissions. Although effective in simulations, the lack of real-world validation limits its practical reliability. To counter fraudulent check-ins, Li et al.⁵⁴ present an AP subset selection strategy that optimizes positioning accuracy and robustness; however, the method is sensitive to environmental variation, computationally demanding, and may struggle with emerging threats. Expanding on this, Li et al.⁵⁵ propose a boundary-based defense using fingerprint refinement and level-set methods to improve localization security. Despite promising simulated results, its effectiveness remains constrained by untested assumptions and partial mitigation of attack vectors.

Building on these efforts to strengthen IPS resilience, Yang et al.⁵⁶ focus on secure state estimation under sensor attacks, where measurements can be manipulated even with protected communication channels. Their map-based localization algorithm ensures robust estimation against such threats, though practical deployment under diverse attack scenarios remains unexplored. To address localization in large, multi-floor environments with limited labeled data, Li et al.⁵⁷ propose a decentralized federated learning (FL) approach combined with pseudo-labeling. Their centralized indoor localization method using the Pseudo-label(CRNP) method enhances accuracy while preserving privacy and reducing network costs, yet challenges persist with data heterogeneity, privacy sensitivity, and the computational burden of distributed training. In parallel, Ko et al.⁵⁸ introduce RFBSA, a random forest-based filter designed to mitigate localization errors caused by MAC spoofing. The technique proves effective against attacker-generated noise, outperforming traditional filters and deep learning models, but maintaining robustness against increasingly sophisticated spoofing remains a concern. Ciftler et al.⁵⁹ further explore privacy-preserving localization by applying FL to crowdsourced RSS fingerprint data. While achieving notable accuracy gains and safeguarding user privacy, their approach is constrained by scalability issues, slower convergence on non-IID data, and the performance limitations of low-power devices in real-time scenarios.

Further contributions focus on enhancing privacy and spoofing resistance in localization systems. Zhang et al.⁶⁰ propose a lightweight privacy-preserving solution (\(LWP^2\)) for Wi-Fi fingerprinting, utilizing the Paillier cryptosystem to perform secure computations in the encrypted domain. Although it improves localization accuracy and privacy, the method incurs higher processing and communication overhead and offers limited protection for the localization server itself. Shubina et al.⁶¹ explore the privacy-accuracy trade-off in wearable networks, introducing metrics that allow users to manage location obfuscation. Their findings are informative for dense environments but may not generalize to sparse settings and highlight the ongoing challenge of balancing privacy with utility in location-based services. To detect physical-layer spoofing, Yan et al.⁶² develop PHY-IDS, an RSSI-based system that performs well against both naïve and informed attackers. However, its scope is limited to wearable devices and does not address broader security threats. Similarly, Madani et al.⁶³ present a randomized moving target defense (RMTD) for detecting MAC spoofing in IoT systems. By dynamically altering network parameters, RMTD improves spoofing resistance but depends heavily on accurate modeling of advanced adversarial behavior, which may not always be feasible.

Privacy-preserving and three-dimensional localization techniques have also received notable attention. Nieminen et al.⁶⁴ propose a secure two-party computation method for indoor localization, integrating Wi-Fi fingerprinting with privacy models. While their Android-based proof-of-concept demonstrates feasibility with reasonable retrieval times, scalability is hindered by computational and communication overhead. Kordi et al.⁶⁵ offer a broad review of wireless IoT-based indoor localization methods, covering proximity, lateration, fingerprinting, and hybrid techniques. Although the study provides a useful taxonomy and highlights the potential of machine learning for optimization, it lacks empirical performance evaluations and real-world deployment considerations. Addressing the limitations of 2D systems, Alhammadi et al.⁶⁶ present a 3D Bayesian graphical model (3D-BGM) that reduces reference point requirements while achieving competitive accuracy. Despite outperforming several baseline models, the system’s reliance on static environments and challenges in scaling to multi-story buildings limit its generalizability. A related approach by the same authors⁶⁷ extends 3D-BGM with RF fingerprinting, leveraging existing Wi-Fi infrastructure to improve localization accuracy and efficiency. However, the system still requires frequent radio map updates and does not fully address scalability, security, or privacy in dynamic IoT environments.

2021

Adversarial robustness and cross-technology attacks have emerged as critical challenges in indoor localization and activity recognition systems. Patil et al.⁶⁸ explore the vulnerability of RSSI-based systems to adversarial inputs, demonstrating that their deep learning model (DMLP) outperforms traditional methods and benefits from adversarial training. However, the model remains limited by its focus on white-box attacks, susceptibility to dynamic environments, and dependency on high-quality RSSI data. Similarly, Ambalkar et al.⁶⁹ investigate adversarial attacks on Wi-Fi CSI-based human activity recognition systems, proposing a defense framework using Projected Gradient Descent (PGD) and Momentum Iterative Method (MIM) techniques. While the framework enhances resilience, it shares limitations with Patil et al., including an exclusive focus on white-box scenarios, sensitivity to data quality, and lack of real-world validation. Addressing secure indoor localization at scale, Wang et al.⁷⁰ present RMBMFL, a multi-task collaborative learning approach achieving high accuracy in large building environments. Despite its strong performance, the method’s generalizability is uncertain due to evaluation on a single, fixed site. In a related threat landscape, Na et al.⁷¹ introduce Wi-attack, a cross-technology impersonation attack exploiting BLE advertising via Wi-Fi. Although their detection method based on power consumption variance shows promise, the approach suffers from high localization errors, low packet reception rates, and reliance on cross-technology interaction, limiting practical deployment.

Comparative evaluations of indoor localization technologies have revealed both performance differences and persistent security challenges. Dervicsouglu et al.⁷² assess UWB and BLE systems, showing that UWB achieves superior accuracy (0.43 m vs. BLE’s 1.54 m), but note that variations in standards and distance estimation methods introduce unpredictable security vulnerabilities, with BLE being less reliable for precise positioning. Expanding on BLE-based solutions, Sun et al.⁷³ propose a crowdsourced localization framework using dual BERT models–BERT-AD for adversarial sample detection and BERT-LOC for localization refinement. While the system improves robustness and accuracy, its reliance on BLE alone, environmental sensitivity, and scalability issues limit broader applicability. In parallel, Madani et al.⁷⁴ introduce an LSTM autoencoder-based method for detecting MAC-layer spoofing in IoT networks using RSSI data. The model handles real-time detection and adapts to signal volatility, but its applicability is constrained to specific topologies, lacks multi-node coordination, and depends on manual data labeling. Addressing data scarcity, Njima et al.⁷⁵ employ GAN-based augmentation with semi-supervised learning to improve RSSI-based localization. Their approach enhances accuracy on both simulated and real datasets, yet still falls short of optimal performance and faces limitations related to training data requirements and potential inaccuracies in synthetic samples.

Security vulnerabilities in Wi-Fi-based activity recognition and location privacy remain pressing concerns. Huang et al.⁷⁶ introduce IS-WARS, a stealthy adversarial attack that manipulates wireless interference from protocols like ZigBee and Bluetooth to mislead Wi-Fi-based recognition systems without detection. Their results expose the vulnerability of such systems to cross-protocol interference, which is often overlooked, compromising reliability in real-world environments. To address location privacy, Min et al.⁷⁷ propose a 3D geo-indistinguishability (3D-GI) mechanism that perturbs user coordinates while maintaining service quality. Although the method effectively adapts 2D privacy models to 3D settings, it remains simulation-based and lacks real-world validation, limiting its practical impact. Beko et al.⁷⁸ focus on secure localization in randomly deployed networks, combining clustering, weighted central mass, and a bisection-based GTRS approach to detect spoofing and improve localization accuracy. While outperforming existing methods in simulations, the framework’s dependence on specific network assumptions may hinder its adaptability to dynamic, real-world scenarios.

2022

Privacy-preserving indoor localization continues to evolve through edge computing, federated learning, and anonymization frameworks. Zhang et al.⁷⁹ introduce Adp-FSELM, a federated stacked extreme learning model integrated with differential privacy within an edge computing framework. The system achieves robust \(\varepsilon\)–differential privacy and low localization error while minimizing calibration effort. However, fingerprint collection remains labor-intensive, and scalability is limited. Similarly, Navidan et al.⁸⁰ propose a local differential privacy (LDP)-based framework for population frequency estimation in indoor spaces. Though effective under moderate privacy settings, its performance degrades with increased noise and varies across datasets, limiting generalizability. Fathalizadeh et al.⁸¹ address location privacy using a k-anonymity and l–diversity model combined with Dijkstra’s algorithm, allowing secure data sharing while maintaining utility. Still, the method overlooks more sophisticated threats like poisoning and collusion and incurs computational overhead, reducing its adaptability to dynamic or sparsely covered environments. In a related study, Boora et al.⁸² focus on adversarial robustness in large MIMO localization using DCNNs and neural ODEs. While adversarial training enhances resilience, models remain sensitive to noise and hyperparameters, and suffer from high computational costs, limiting scalability in real-world, evolving environments.

Adversarial training and federated learning continue to play a central role in enhancing the robustness of indoor localization and activity recognition systems. Yang et al.⁸³ propose SecureSense, which employs techniques like label smoothing and virtual adversarial training to improve defense against both black-box and white-box attacks in device-free human activity recognition. While it strengthens DNN resilience, challenges such as training instability, hyperparameter sensitivity, and limited real-world validation restrict its deployment in dynamic or resource-constrained environments. In a similar direction, Ye et al.⁸⁴ introduce SE-Loc, a semi-supervised method that effectively combines labeled and unlabeled data for secure indoor localization. Despite high robustness under adversarial conditions, its accuracy is still affected by the presence of numerous malicious APs. Addressing adversarial threats in RSSI-based systems, Wang et al.⁸⁵ develop AdvLoc using DCNNs with adversarial training, demonstrating strong performance against first-order attacks. However, the method lacks evaluation against more advanced attacks and across diverse environments. Han et al.⁸⁶ present a CNN and ResNet-based defense for device-free localization that effectively detects spoofed signals and sensor faults, though it remains vulnerable to physical damage and tampering. Finally, Gao et al.⁸⁷ propose FedLoc3D, a federated learning framework for cross-building 3D localization. Their approach, combining CNN-based classification and regression models, shows improved accuracy and privacy preservation but faces challenges related to network unreliability, data heterogeneity, and scaling in 3D environments.

2023

Recent efforts have focused on enhancing the reliability, security, and privacy of indoor localization systems through trust modeling, blockchain, and decentralized authentication. Peterseil et al.⁸⁸ propose a trustworthiness score integrated with autoencoder neural networks and weighted non-linear least squares to reduce UWB localization errors by up to 50% in dynamic environments. While effective in controlled settings, the approach relies heavily on high-quality training data and requires calibration for varied deployments, limiting scalability and robustness under non-line-of-sight conditions. Shakerian et al.⁸⁹ introduce a blockchain-supported indoor navigation system combining dual IMU sensors and the ZUPT algorithm, achieving reliable navigation with a mean root mean square error (RMSE) of 1.2 m. Despite secure data handling through Hyperledger Fabric, challenges include limited energy capacity, dependence on Wi-Fi, and untested performance under complex movements or large-scale deployments. Addressing adversarial threats, Mitchell et al.⁹⁰ assess the vulnerability of learning-based localization models, showing that omniscient attacks significantly degrade accuracy. While adversarial training and outlier detection improve resilience, broader threat models and infrastructure-level vulnerabilities remain unexplored. Casanova et al.⁹¹ propose a decentralized attribute-based authentication (ABA) protocol using BLE and zero-knowledge proofs to secure collaborative indoor positioning systems. The protocol improves privacy, untraceability, and unlinkability, offering a practical alternative to centralized schemes, though it highlights the limitations of existing CIPS protocols in safeguarding user identity.

Privacy, energy efficiency, and threat detection remain key themes in recent indoor localization research. Mohsen et al.⁹² present PassiFi, a privacy-preserving system using passive Wi-Fi TDoA and deep learning regression to achieve sub-meter accuracy, outperforming traditional multilateration. However, its scalability and performance degrade under environmental changes, and privacy trade-offs–such as reliance on trusted entities and vulnerability to spatio-temporal attacks–remain unresolved. Focusing on secure 3D localization, Kalpana et al.⁹³ propose a hybrid method combining acoustic and distance-based approaches with cryptographic safeguards. Their solution reduces localization error and energy use while identifying Sybil and malicious nodes. Yet, computational overhead, sensitivity to RSSI fluctuations, and reliance on beacon nodes limit its real-time applicability. In a related effort, Gebremariam et al.⁹⁴ develop a hybrid machine learning framework for detecting routing threats in WSNs, achieving high localization precision and perfect threat detection in simulations. Nevertheless, the model’s processing demands, dependency on accurate training data, and lack of validation in dynamic environments raise concerns about scalability and practical deployment. Addressing spoofing attacks, Chen et al.⁹⁵ introduce UnSpoof, a UWB-based system leveraging passive anchors and secure two-way ranging to detect and locate spoofed tags. While effective at distinguishing spoofed from genuine tags, its accuracy declines when devices fall outside the anchor-defined area, and its adaptability to diverse spoofing techniques remains uncertain.

Adversarial robustness, privacy, and federated learning continue to shape the advancement of indoor localization systems. Xiao et al.⁹⁶ propose FooLoc, an over-the-air adversarial attack that generates subtle yet effective perturbations to mislead Wi-Fi-based DNN localization models, achieving up to 90% success in untargeted attacks. Despite its efficiency, the method relies on downlink CSI and faces challenges in practical implementation due to the limitations of additive perturbation on CSI measurements. Addressing privacy, Fathalizadeh et al.⁹⁷ introduce GeoInd, a differential privacy-based framework that adds Gaussian noise to RSS data for geo-indistinguishability without relying on third parties. While effective in simulations, its lack of real-world deployment and limited scope raise concerns about broader applicability. In the realm of federated learning, Guo et al.⁹⁸ present FedPos, a federated transfer learning system that reuses feature extractors across domains to reduce training data needs by 65% and achieve a mean localization error of 42.18 cm. However, its performance may be insufficient for precision-critical applications and remains validated only in limited indoor environments. Gufran et al.⁹⁹ further advance this field with FedHIL, a heterogeneous FL framework incorporating stacked autoencoders and communication-efficient strategies to enhance accuracy while reducing latency. Though it outperforms existing models, its sensitivity to device heterogeneity, environmental noise, and generalization issues limits its scalability and robustness in dynamic settings.

Privacy-preserving indoor localization techniques have increasingly incorporated differential privacy, reinforcement learning, and federated learning. Xu et al.¹⁰⁰ utilize Wi-Fi fingerprints and extreme learning machines with local differential privacy (LDP) to reduce data exposure during model training, demonstrating improved privacy with lower data quality degradation than centralized approaches. However, their method still suffers from up to 7.2% data loss and potential performance trade-offs compared to established techniques. Addressing semantic location privacy, Min et al.¹⁰¹ propose SALPPM, a reinforcement learning-based framework using modified geolocation data and semantic tags in 3D indoor environments. By leveraging D3QN and A3C algorithms, the system refines perturbation strategies and policy selection. Yet, its scope is limited to specific RL methods, excluding alternative algorithms or continuous action spaces, which may hinder adaptability. Similarly, Kumar et al.¹⁰² present f-ILC, a federated learning-based Wi-Fi fingerprinting framework combining CNN-LSTM to enhance localization accuracy and preserve user anonymity. The system performs well across IID and non-IID settings but faces challenges in hierarchical space modeling, resource demands, and real-time deployment feasibility. Finally, Shahbazian et al.¹⁰³ provide a broader examination of machine learning applications in IoT localization, highlighting both current limitations and future opportunities, though lacking specific experimental validations or frameworks.

Security and privacy remain central to recent innovations in indoor localization. Chen et al.¹⁰⁴ propose UnSpoof-Passive Ranging, a hybrid active-passive system that achieves 30 cm accuracy for legitimate tags and sub-meter precision for spoofed tags using ToF and TDoA measurements. While effective at detecting distance manipulation attacks even beyond the anchor convex hull, its performance is sensitive to anchor geometry, non-line-of-sight conditions, and multi-antenna spoofing. Additional limitations include high energy consumption, computational overhead, and limited scalability in multi-client deployments. In a parallel effort, Wang et al.¹⁰⁵ introduce a privacy-preserving localization method based on two-party computation and Paillier encryption, offering enhanced RSS protection and reduced communication costs. However, the computational complexity of encryption may hinder real-time performance, and the reliance on a two-party model restricts applicability in decentralized systems. Addressing access point vulnerabilities, Tiku and Pasricha¹⁰⁶ develop S-CNNLOC, a secure CNN-based framework that improves robustness against AP-level attacks, achieving up to 10 times greater resilience than conventional models. Despite its strong accuracy and security gains, challenges remain in scaling the framework and adapting it to diverse and dynamic network environments.

Recent advancements in indoor localization continue to address challenges related to security, privacy, and performance under dynamic conditions. Ma et al.¹⁰⁷ propose LENSER, a CSI-based system for detecting unauthorized devices, which improves localization accuracy by 86.1% and reduces time overhead by 58.2% compared to existing methods. Despite these gains, the system remains sensitive to environmental fluctuations, indicating a need for enhanced robustness. Brachmann et al.¹⁰⁸ examine privacy risks in XR localization using the LINDDUN framework, identifying threats such as identifiability and linkability in XR glasses and suggesting targeted mitigation strategies. However, the framework’s reliance on static threat categories may limit its adaptability in evolving XR scenarios. To strengthen privacy in LBS, Yan et al.¹⁰⁹ introduce LDPORR, a local differential privacy method that applies Hilbert encoding and spatial decomposition to enhance both privacy and efficiency. While effective on real-world datasets, its processing complexity may hinder scalability in dynamic environments. Pandey and Patel¹¹⁰ develop SLABLDA, a secure fingerprinting algorithm that models AP location diversity and compensates for RSSI variability, yielding improved accuracy in complex indoor environments. Nonetheless, reliance on offline evaluations may restrict responsiveness in rapidly changing conditions. Lastly, Billa et al.¹¹¹ offer a comprehensive review of indoor localization technologies for IoT systems, highlighting the trade-offs between cost and accuracy, particularly in hybrid and high-precision systems like UWB and VLC. Their work underscores the need for adaptable and cost-effective solutions that balance performance and practical deployment constraints.

2024

Recent research in 2024 has focused on enhancing indoor localization systems through federated learning, adversarial resilience, and cryptographic privacy-preserving techniques. Etiabi et al.¹¹² propose a federated distillation (FD) approach that reduces communication overhead in IoT networks by 98% while maintaining localization accuracy and improving energy efficiency. However, its applicability to regression-based tasks like localization remains limited, and transmission energy savings come at the cost of increased computational demand. Gufran et al.¹¹³ introduce CALLOC, a lightweight, adversarial-resilient framework leveraging curriculum learning to improve localization robustness across devices and settings. Although it significantly reduces localization error, its performance depends heavily on curriculum design and has yet to be validated in dynamic real-world environments. Additionally, the computational load from attention mechanisms and adversarial training may hinder deployment on low-power devices. Eshun et al.¹¹⁴ present a cryptographic localization framework that ensures mutual privacy between users and service providers by offloading encrypted computation to a third-party cloud server. While it achieves up to 99% cost reduction, the system’s resilience against active adversaries remains unexplored. Huang et al.¹¹⁵ examine vulnerabilities in off-device wireless positioning systems and demonstrate practical attacks using homomorphic encryption and oblivious transfer. Although defenses are proposed, the study is confined to specific wireless environments, and inherent privacy concerns in off-device architectures present challenges for secure deployment in future networks.

Privacy-preserving indoor localization systems in 2024 have increasingly leveraged generative models, differential privacy, and adversarial threat analysis. Moghtada et al.¹¹⁶ propose DPGANs, a framework combining generative adversarial networks with differential privacy to protect user data while generating realistic synthetic fingerprints. While effective at preserving accuracy under moderate privacy constraints, performance degrades at higher privacy levels, and the reliance on a single generator-discriminator pair limits scalability and adaptability to complex environments. Fathalizadeh et al.⁵ provide a comprehensive review of privacy-preserving fingerprinting techniques, offering a novel classification framework for adversary models, vulnerabilities, and evaluation metrics. The study highlights critical research gaps and encourages future exploration into unified privacy frameworks. Examining attack impacts, Machaj et al.¹¹⁷ analyze Wi-Fi AP spoofing using KNN and the UJIIndoorLoc dataset, showing significant degradation in localization accuracy tied to the number of spoofed APs and reference points. However, the study’s focus on a single method and dataset limits generalizability to broader contexts and techniques. Addressing task privacy in mobile crowdsensing, Hemkumar et al.¹¹⁸ introduce a geo-obfuscation strategy combining local differential privacy, geo-indistinguishability, and k-means clustering to defend against inference attacks. Despite outperforming existing methods like Eclipse and PIVE, its effectiveness depends on environmental conditions, clustering parameters, and AP density, and it lacks evaluation against more advanced or emerging attack models.

Emerging 2024 studies continue to explore privacy threats and adversarial defenses in indoor localization. Li et al.¹¹⁹ propose RFTrack, a stealthy tracking attack that leverages RSSI time sequences and reinforcement learning to infer device locations using passive Wi-Fi sniffing. While it achieves high precision in structured environments, its effectiveness is limited by RSSI instability, bootstrap inaccuracies, and challenges in differentiating similar trajectories, particularly in open or dynamic settings. Pettorru et al.⁶ offer a comprehensive review of IoT localization strategies, examining vulnerabilities and the potential of AI, blockchain, and quantum computing for improving security. Despite identifying key advancements, the study notes issues such as hybrid system complexity, high energy demands, and a lack of empirical validation across many proposed solutions. Addressing robustness in noisy environments, Yang et al.¹²⁰ introduce TRAIL, a three-phase adversarial architecture that combines transfer learning and adversarial interaction to improve accuracy in low SNR conditions. Though it outperforms existing methods, the model struggles with environmental variability and balancing offline-online data alignment during training. Lastly, Wang et al.¹²¹ present a privacy-preserving scheme using inner product encryption to secure location data from untrusted cloud services. While it maintains accuracy with low computational overhead, its scalability and adaptability to real-time, large-scale deployments remain untested, particularly under frequent data updates.

Privacy-preserving and trustworthy localization frameworks have continued to evolve through encryption, blockchain, and probabilistic modeling. Wang et al.¹²² propose a secure indoor localization framework using inner product encryption (IPE) and ranging transformation to protect user and anchor data in cloud-based systems. While it maintains localization accuracy with low overhead, its scalability in real-time, dynamic environments remains a concern. Zocca and Hasan¹²³ introduce a blockchain-based localization scheme using Hyperledger Fabric to ensure trust, data integrity, and privacy. The system shows strong security performance and leverages UWB for improved accuracy, but its reliance on centralized storage and blockchain transaction overhead may hinder scalability in large IoT networks. Verma et al.¹²⁴ highlight privacy risks from unauthorized geo-tracking using device sensors, presenting an attack model with 98% accuracy without GPS and recommending mitigation strategies for Android platforms. However, the approach lacks real-world deployment and generalization beyond Android ecosystems. Addressing physical-layer privacy, Li and Mitra¹²⁵ propose the DAIS method, which obfuscates delay and angle information to mislead eavesdroppers while preserving authorized localization accuracy. Though resilient to precoder leakage and effective under high SNR, its reliance on secure communication may be vulnerable in dynamic or adversarial conditions. Finally, Alhammadi et al.¹²⁶ present a 3D Bayesian graphical model that reduces localization error to 1.8 meters using Wi-Fi fingerprints and adaptive probabilistic reasoning. While it demonstrates scalability and efficiency, limitations include dependence on static access points, lack of built-in security features, and computational intensity during sampling in resource-constrained settings.

2025

Recent studies in 2025 have emphasized privacy, efficiency, and robustness in Wi-Fi and BLE-based localization and sensing systems. Abuhoureyah et al.¹²⁷ provide a comprehensive review of CSI-based human activity recognition (HAR), highlighting CSI’s advantages in mitigating signal distortion for location-independent sensing. However, transmission and reception noise remain key limitations, especially in constrained environments. David et al.¹²⁸ explore privacy vulnerabilities in BLE beacons and propose a quasi-periodic randomized scheduling method to counter battery insertion attacks. While effective at obfuscating initialization timestamps, the study does not fully address power trade-offs or large-scale deployment feasibility. Enhancing secure location queries, Li et al.¹²⁹ introduce ROLQ-TEE, a TEE-based framework that supports privacy-preserving and revocable location queries via cryptographic RNN techniques. Despite improved performance over traditional schemes, TEE-related processing overhead raises concerns for scalability in larger systems. Boudlal et al.¹³⁰ present a low-cost, non-intrusive HAR system using existing Wi-Fi CSI and deep learning to detect activities without wearables or cameras. While demonstrating strong performance, the system faces challenges related to hardware variability, environmental sensitivity, and computational demand. Finally, Nie et al.¹³¹ propose MS.Id, a mobile single-station identification method leveraging spatiotemporal data and MAC de-randomization to improve user identification. Achieving 95.24% accuracy and reduced localization error, the system offers scalable, infrastructure-light deployment but may encounter issues in dynamic environments, device heterogeneity, and potential privacy concerns from MAC-level data handling.

As shown in Table  2, security and privacy solutions in ILS vary widely in trade-offs between robustness, scalability, and efficiency. Cryptographic methods ensure strong confidentiality but often introduce significant latency and overhead, limiting real-time deployment^64,114. Federated learning enhances data privacy in decentralized settings, yet remains vulnerable to poisoning and struggles with non-IID data^59,87. Differential privacy offers theoretical guarantees but often degrades localization accuracy in dense environments [77], [114]. Adversarial training and GAN-based defenses improve resilience against spoofing but lack generalizability and are resource-intensive^79,116. Blockchain solutions add transparency but suffer from scalability and energy constraints^89,123. Lightweight approaches like MAC de-randomization and TEE-assisted queries are promising for real-time IoT deployments, though they trade off latency and coverage^{127,128,129,130,131}. Overall, no single approach offers a balanced solution across privacy, accuracy, and computational efficiency–highlighting the need for hybrid, adaptive frameworks.

To provide a clearer overview of the existing research landscape, Table 3 presents a comparative summary of key studies in the domain of ILS security and privacy. It highlights the respective threat models, techniques, datasets or environments, main results, and known limitations, enabling readers to identify major trends and remaining gaps in the field.

Privacy–accuracy trade-offs with case examples

A recurring theme in ILS research is the tension between preserving user privacy and maintaining localization accuracy. While theoretical discussions highlight this balance, concrete case studies illustrate the trade-offs more vividly.

For example, healthcare applications often require strict privacy guarantees when handling patient movement data. Zhang et al.⁷⁹ demonstrate that integrating differential privacy into federated edge learning frameworks substantially reduces the risk of individual data leakage. However, they also report up to a 7–10% decline in localization accuracy in dense hospital environments, underscoring the performance cost of strong \(\varepsilon\)–privacy guarantees. Similarly, Moghtadaiee et al.¹¹⁶ show that differentially private GANs (DPGANs) can protect patient location traces, but accuracy deteriorates sharply as the privacy budget tightens.

In the financial services sector, federated learning has been explored for collaborative location-based authentication without centralizing sensitive user trajectories. Ciftler et al.⁵⁹ and Gao et al.⁸⁷ both show that federated models achieve comparable accuracy to centralized methods under controlled conditions. However, when different institutions contribute heterogeneous datasets, it is common for their performance to drastically deteriorate in non-IID data scenarios. This points to an important trade-off in which statistical differences across sites can be reduced accuracy, while at the same time privacy is enhanced by keeping the data decentralized.

Real-time IoT applications provide practical examples of these challenges. David et al. ¹²⁸ show that stochastical scheduling of BLE beacons can improve privacy by obscuring timestamps to reduce the risk of tracking attacks. However, in large-scale deployments, this approach often comes at a cost of reduced coverage and increased latency. Similarly, Li et al. ¹²⁹ employed trusted execution environments (TEEs) to protect location queries. While their method offers strong security guarantees, the added processing overhead limits its scalability for real-world applications.

Taken all together, these findings point to a clear pattern in which privacy-preserving solutions almost always come with a cost. Common challenges include higher latency, limited scalability, and reduced accuracy. This highlights the need for adaptable hybrid frameworks that can dynamically balance accuracy, privacy and efficiency to address the requirements of different applications.

Comparative study of privacy and security approaches in ILS

Security threats in ILS

From 2020 to 2025, ILS security and privacy measures progressed from encryption approaches and GDPR-compliant access controls to sophisticated methods such as FL and adversarial training. Initial techniques, such as the Paillier cryptosystem and fast gradient sign method (FGSM), facilitated the development of contemporary methods such as GAN-based data augmentation and LD for safeguarding privacy. Primary priorities encompass precision, confidentiality, practical applicability, and energy efficiency. CNN-based and UWB systems have enhanced accuracy of over 90%; however privacy-preserving solutions frequently compromise accuracy for security. Energy efficiency and communication overhead continue to pose issues, especially for federated learning and IoT systems^59,82,89,112.

In 2025, ILS privacy and security research expanded to wireless sensing, BLE beacon tracking, and privacy-preserving location queries. Key advancements include CSI-based human activity recognition¹²⁷, BLE beacon privacy enhancements¹²⁸, TEE-based location queries¹²⁹, Wi-Fi CSI-based indoor activity detection¹³⁰, and mobile Wi-Fi user identification¹³¹. These developments highlight emerging privacy challenges, emphasizing the need for improved obfuscation, efficiency, and scalability.

To orient the reader, Table 2 synthesizes prominent ILS papers by threat/attack type, countermeasure, data setting, and utility trade-offs, providing a quick map of the security landscape before deeper discussion.

Table 2 Comparative analysis of indoor localization studies (2020–2025). The accuracy values are presented exactly as reported in the original studies. As different works adopt diverse metrics–such as horizontal or vertical error (in meters), relative improvements, percentages, or qualitative descriptions– no post-standardization was applied in order to preserve the fidelity of the original results. Readers should interpret the values in the context of each study’s methodology and evaluation criteria.

Table 3 Summary of key ILS security and privacy studies (2020–2025).

Table 4 Trends over the years in ILS.

Highlighting trends over the years

Indoor localization research from 2020 to 2025 shows a clear evolution from privacy preservation to advanced machine learning integration. In 2020, emphasis was placed on privacy and federated learning (FL)⁵⁹, with growing interest in encryption (Paillier cryptosystem⁶⁰) and GDPR-compliant access control⁵². By 2021, adversarial training methods (FGSM, PGD, MIM⁶⁹) gained traction, complemented by GAN-based data augmentation⁷⁵ and BERT for adversarial recognition⁷³. In 2022, noise-based privacy (LDP⁸⁰), adversarial robustness⁸², and differential privacy techniques⁷⁹ were consolidated. The year 2023 advanced deep learning with CNNs¹⁰⁰ and FL⁹⁸, while blockchain⁸⁹ and UWB systems⁸⁸ emerged for secure localization. In 2024, adversarial learning and FD dominated privacy-preserving localization¹¹², reinforced by cryptographic protocols¹¹⁴ and GAN-driven synthetic data¹¹⁶. Finally, 2025 studies furthered privacy and security with CSI-based sensing for HAR¹²⁷, BLE beacon analysis¹²⁸, TEE-based queries¹²⁹, Wi-Fi CSI activity detection¹³⁰, and mobile station Wi-Fi user identification¹³¹.

Overall, the field has progressively integrated FL, adversarial training, privacy-preserving mechanisms, GANs, cryptographic protocols, and deep learning. Each methodology offers unique strengths and trade-offs, shaping the trajectory of modern indoor positioning systems. Table 4 concisely summarizes these developments from 2020–2025.

Privacy issues in ILS

Comparisons of existing solutions

An analysis of current privacy and security solutions for ILS shows various methods, each with unique advantages and disadvantages depending on particular use cases and system needs. FL provides a decentralized approach to preserving privacy by not sharing sensitive data during the training process^57,59,79. This method improves scalability and minimizes data-sharing risks, making it appropriate for dynamic settings such as crowdsourced localization and smart cities. However, it encounters challenges related to the scalability of large datasets, significant communication overhead, and vulnerability to model poisoning^87,99. Conversely, differential privacy (DP) methods^79,97 safeguard privacy by introducing noise to data, which helps keep individual location traces anonymous. Although differential privacy ensures robust privacy protection, finding the right balance between added noise and the accuracy of the system is a considerable challenge¹¹⁶. Cryptographic techniques like homomorphic encryption^60,122 ensure strong data confidentiality and are resistant to unauthorized access. Nonetheless, their significant computational cost and communication overhead restrict their use in real-time systems and large-scale environments^64,114.

Blockchain offers a reliable and transparent solution for location data due to its immutable ledger capabilities^89,123. This ensures the authentication and verification of location-based transactions, making it suitable for systems that need clear data integrity, like IoT-based localization and supply chain tracking. Blockchain faces challenges related to scalability, significant energy consumption in its consensus mechanisms, and difficulties with integration⁸⁹. Adversarial training^83,85 improves model robustness by protecting against data manipulation. However, it comes with high computational costs and can result in overfitting when trained on adversarial examples. This approach is especially beneficial in applications where security is crucial, such as autonomous vehicles and AI-based navigation systems.

Recent research in 2025 has further advanced privacy-preserving solutions for ILS. CSI-based sensing has been explored for human activity recognition (HAR) in wireless sensing, where Abuhoureyah et al.¹²⁷ highlight the potential of Wi-Fi-based CSI for improving signal processing accuracy while recognizing challenges such as noise interference. Similarly, Boudlal et al.¹³⁰ propose a cost-effective, privacy-preserving Wi-Fi CSI-based activity detection system, eliminating the need for wearable sensors or visual monitoring, making it a viable solution for smart environments.

Privacy concerns with BLE beacon tracking have been critically examined by David et al.¹²⁸, who demonstrate the Battery Insertion Attack on BLE beacon randomization and propose quasi-periodic randomized scheduling as a countermeasure. However, their solution may introduce trade-offs in power consumption. In privacy-preserving location queries, Li et al.¹²⁹ introduce ROLQ-TEE, a TEE-based framework for securely handling outsourced location queries, ensuring location confidentiality while allowing for revocable query authorization. Nonetheless, TEE-based computations impo higher server-side processing costs, which may limit large-scale applicability.

se Efforts in Wi-Fi-based indoor localization have also been expanded by Nie et al.¹³¹, who propose MS.Id, a mobile single-station user identification approach leveraging IE-based MAC de-randomization. Their findings indicate improved accuracy over multi-station techniques while reducing infrastructure overhead, though potential privacy concerns regarding MAC de-randomization remain.

Privacy-preserving frameworks that integrate methods such as FL, cryptography, and anonymization (for example, k-anonymity) provide thorough protection^81,116. These frameworks keep location data secure while maintaining system performance.

Table 5 Existing privacy and security solutions in ILS (Part 1).

Each solution offers distinct advantages and limitations within the ILS context. While FL, DP, and cryptographic methods ensure privacy, they face scalability and real-time application challenges. Blockchain enhances transparency but struggles with energy efficiency and integration. Adversarial training improves robustness but increases computational costs. Recent 2025 advancements–CSI-based sensing, BLE beacon privacy, TEE-secured location queries, and MAC de-randomization for user identification–broaden privacy-preserving options in ILS, each with distinct benefits and challenges. The summary of current trends, their advantages, disadvantages, and suitability in ILS is presented in Table 5.

Table 6 Strengths and limitations of various approaches.

Defense mechanisms in ILS

Strengths and limitations of various approaches

Upon conducting a thorough examination of the present methodologies, it becomes evident that there are several strengths and limits. Significant advancements have been made in adapting privacy-preserving and adversarial-attack-resistant models for real-world applications, especially in the fields of IoT, GNSS-denied environments, and indoor localization employing UWB systems⁸⁸. FL and its advanced variations, such as FD, show great potential in facilitating safe and decentralized learning while avoiding privacy vulnerabilities¹¹². Furthermore, there have been consistent advancements in localization accuracy, especially in the presence of noise and adversarial conditions⁸². These advancements have been particularly notable in solutions that utilize CNN-based and blockchain-based technologies^75,85,86,89. Moreover, cryptographic protocols have been used to ensure security in collaborative localization tasks⁹¹.

Nevertheless, there are significant constraints. Methods such as adversarial training⁶⁸, GAN data generation⁷⁵, and cryptographic protocols⁹¹ often impose computational overhead, necessitating substantial processing capacity. Consequently, their implementation becomes challenging in situations with limited resources. Scalability is still a problem, as solutions that work well in simulations or small real-world settings may not adequately handle large systems^82,93,104. FL models, in particular, have difficulty converging when dealing with non-IID data^87,98. Privacy-preserving strategies, such as differential privacy⁹⁷, include a trade-off between privacy and accuracy. Increasing privacy levels can sometimes result in decreased localization accuracy, a challenge that remains unresolved⁷⁹. Table 6 summarizes the strengths and limitations of various approaches. However, challenges related to scalability and adaptability in dynamic environments persist. Combining location fingerprinting with anonymization techniques effectively protects user privacy¹¹⁷. However, it is susceptible to attacks such as Wi-Fi AP spoofing, which can undermine security.In conclusion, UWB-based systems for detecting spoofing attacks^95,104 achieve high accuracy but face challenges in real-time detection and scalability in large networks.

Key parameters

The publications have identified accuracy, privacy, real-world feasibility, and energy efficiency as the main parameters. Accuracy remains the paramount factor, with the majority of approaches striving for a success rate of above 90%, namely in UWB-based and CNN-based positioning systems^55,70,82. These systems attempt to enhance performance in both challenging and real-life situations. Privacy is a critical aspect, and differential privacy and encryption methods have a substantial impact^52,80. Techniques such as adding noise to data^81,97 and employing cryptographic methods^60,114 were extensively investigated to improve privacy safeguards. The emphasis on real-world viability increased as research transitioned from solely simulated environments in 2020-2021^53,68 to tangible applications by 2024, particularly in the fields of IoT and ILS¹¹². Finally, the issue of energy efficiency has become a significant problem, specifically in the context of blockchain-based and FL systems^89,113. By 2024, the primary goal is to minimize communication overhead and increase energy consumption¹¹².

In 2025, research continued to refine privacy-preserving techniques, especially in BLE beacon-based tracking and Wi-Fi CSI-based activity recognition. David et al.¹²⁸ demonstrated vulnerabilities in BLE beacons, highlighting the need for improved temporal obfuscation mechanisms. Similarly, Li et al.¹²⁹ introduced ROLQ-TEE, leveraging Trusted Execution Environments (TEEs) to safeguard location-based queries while minimizing computational costs. Meanwhile, Wi-Fi CSI-based sensing gained traction as an energy-efficient and privacy-conscious alternative for indoor activity recognition¹³⁰. Furthermore, Nie et al.¹³¹ proposed MS.Id, a mobile single-station Wi-Fi-based user identification approach that achieves high accuracy while reducing reliance on extensive infrastructure deployment. These developments underscore the growing intersection of accuracy, privacy, and feasibility in ILS research. Table 7 summarizes the key parameters in ILS.

Table 7 Key parameters in ILS.

Security and privacy concerns in ILS

ILS are becoming increasingly crucial in numerous applications; however, they have multiple weaknesses that might jeopardize the accuracy and reliability of location data. An important weakness is the proneness to signal interference and spoofing. Many ILS systems, dependent on RF signals like Wi-Fi, Bluetooth, or RFID, are vulnerable to disruption from other devices and ambient conditions. This vulnerability allows malicious attackers to launch adversarial assaults. These attacks can result in substantial inaccuracies in position monitoring or unlawful entry into restricted areas, creating security risks, particularly in sensitive settings such as hospitals, military installations, or financial organizations.

The risk associated with ILS increased with the emergence of wearable technology. Wearable devices, such as smartwatches, fitness trackers, and AR glasses, frequently come with sensors and networking features that can be integrated with ILS. Although these devices improve the user experience by offering customized LBS, they also bring new opportunities for attacks. Attackers can exploit weaknesses in wearable devices to carry out side-channel assaults, or they can use them as entry points to compromise the entire localization system. For instance, attackers can intercept or alter information from wearable devices, leading to inaccurate location data, privacy violations, or even potential threats to physical security if they exploit the compromised data to gain unlawful entry¹³².

Overview of threats

ILS are essential for accurately identifying the location of objects or humans within buildings, but they are susceptible to several forms of malicious attacks. Spoofing and signal jamming are two prominent attacks in this context, both of which affect the RSSI data and undermine localization accuracy, as illustrated in Fig. 7.

Fig. 7

End-to-end indoor localization workflow: from RSSI-based location estimation to spoofing and jamming detection.

Spoofing attacks

As categorized under ’Spoofing Attacks’ in the taxonomy in Fig. 3 these attacks involve the intentional transmission of counterfeit signals by a perpetrator, with the aim of making them undetectable from authentic signals to the ILS. Typically, the perpetrator transmits the faked signals with modified parameters like adjusted RSSI values, timestamps, or even variations in frequency. Attackers can change the apparent distance between a transmitter and receiver by faking the RSSI values¹³³. This manipulation causes the device to look as if it is located at a different location than it actually is¹³⁴. Figure 8 shows a spoofing attack.

Fig. 8

Spoofing attack.

Technically speaking, the majority of ILS utilize trilateration, a method that calculates the position of a device by estimating its distance from several predetermined reference points. In Wi-Fi fingerprinting-based ILS, the distance is estimated based on the RSSI values, which decrease proportionally to the square of the distance from the signal source. If an assailant transmits a forged signal with a strong RSSI from a considerable distance, the ILS may incorrectly perceive it as a signal emanating from nearby. Conversely, the ILS may misinterpret a faintly modified signal originating from a short distance as emanating from a far place. Information distortion can cause significant localization errors, leading to inaccurate monitoring of resources or individuals. As a result, there may be significant security vulnerabilities or operational inefficiencies.

Signal jamming

Signal jamming transpires when an attacker employs identical frequency channels as the ILS to transmit undesirable or disruptive messages, so obscuring genuine communications. This may diminish the signal-to-noise ratio (SNR), complicating the ILS’s ability to detect and assess genuine signals. Jammer attacks diminish the accuracy of RSSI measurements by introducing random fluctuations, complicating the localization of objects. The modifications render the calculated distances less dependable, hence diminishing the accuracy of the trilateration process. Interference can hinder the ILS system’s ability to maintain consistent RSSI data. If an attacker continuously alters the signal strength, disrupting the ILS, it may impede the system’s ability to effectively counteract the interference, potentially resulting in inaccurate location predictions. Intense jamming signals can saturate the receiver’s analog-to-digital converters (ADCs), resulting in further distortion of signal measurements. Significant interference may necessitate the ILS to employ alternative methods or cease operation entirely, hence diminishing its efficacy. Figure 9 shows how the signal jamming attack works in the ILS.

Fig. 9

Signal jamming attack.

Recent real-world incidents reinforce the practical impact of these threats on deployed Indoor Localization Systems (ILS). For example, the UWBAD attack demonstrated how commercially available ultra-wideband (UWB) hardware could be used to selectively jam ranging signals, effectively disrupting Apple’s AirTag devices and automotive keyless entry systems in operational environments¹³⁵. This incident drew responses from major vendors, including Volkswagen and Audi, who acknowledged the system-level vulnerability. Similarly, an extensive BLE spoofing campaign was analyzed in Taipei Main Station, where attackers used cloned iBeacons to confuse indoor navigation services used by over 300,000 daily commuters. The study showed that without encrypted, time-varying identifiers, location services were easily deceived¹³⁶. Furthermore, adversarial perturbations to Wi-Fi signal strength have been shown to trick deep learning models used in fingerprinting-based systems, causing significant localization errors even with imperceptible input changes⁶⁸. These examples clearly illustrate the operational risks of spoofing, jamming, and adversarial attacks in real-world ILS deployments.

Impact of security breaches

ILS breaches have significant consequences, including user privacy, operational integrity, and safety in critical applications. A compromised ILS may permit unauthorized individuals to monitor and track users within a building, thus intruding upon their privacy. The violation of privacy may disclose personal information, including medical records in healthcare institutions or the movements of individuals in secure locations. The risk of data theft, corporate espionage, and stalking is greatly increased by unauthorized tracking. Therefore, security and privacy are the primary objectives in the context of ILS.

Attacks like spoofing and jamming are a big threat to the proper functioning of ILS. In retail transportation services, spoofing and jamming assaults can lead to wrong asset tracking, bad inventory management, and broken customer navigation systems. This can cause big problems with operations and cost a lot of money. Companies who need reliable indoor monitoring to run their businesses may have big problems because of these breaches. Moreover, security breaches can lead to incidents that jeopardize human life in sectors that are largely reliant on safety, such as industrial automation, emergency response, and healthcare. In industrial contexts, ILS may provide patients, emergency personnel, or machinery with inaccurate location data, potentially leading to errors or fatalities. For localization technology to work well and reliably in these settings, ILS integrity and security are very important.

Machine learning techniques for enhancing security and privacy in ILS

ML approaches significantly improve the security and privacy of ILS. As ILS systems spread into more sensitive domains like healthcare, smart buildings, and industrial installations, the necessity of protecting them from risks such as signal spoofing, jamming, and unauthorized access grows. This section looks at various AI-based technologies that have been proved to have the capacity to increase the levels of both security and privacy in ILS.

Adversarial machine learning

AML aims to make ILS better at standing up against adversarial attacks. In such systems, adversarial attacks introduce deliberate modification to the input data that misguides the learning model, causing it to degrade the localization accuracy to a large extent.

Adversarial Training Techniques Adversarial training is a robust defense method aimed at enhancing the resilience of ILS against adversarial attacks. This process includes training models with adversarial examples, which are specifically designed inputs that increase the model’s prediction error. This subsection describes three important adversarial training methods: FGSM, PGD, and MIM, including their mathematical formulations.

• FGSM FGSM creates adversarial examples by applying perturbations to the input, following the direction of the gradient of the loss function. The adversarial example is calculated as follows:

  $$\begin{aligned} \textbf{x}_{\text {adv}} = \textbf{x} + \epsilon \cdot \text {sign}(\nabla _{\textbf{x}} J(\theta , \textbf{x}, y)), \end{aligned}$$

  (15)

  where \(\textbf{x}\) is the original input, \(\epsilon\) is the perturbation magnitude, \(J(\theta , \textbf{x}, y)\) is the loss function, \(\nabla _{\textbf{x}} J\) is the gradient of the loss with respect to \(\textbf{x}\), \(\theta\) is the model parameters, and \(y\) is the true label.

• PGD PGD builds on FGSM by repeatedly applying gradient steps and projecting the adversarial example back onto the \(\epsilon\)-ball surrounding the original input. The iterative update is expressed as follows:

  $$\begin{aligned} x_{\text {adv}}^{(t+1)} = \text {Proj}_{\mathscr {B}_\epsilon }(x_{\text {adv}}^{(t)} + \alpha \cdot \text {sign}(\nabla _x J(\theta , x_{\text {adv}}^{(t)}, y))), \end{aligned}$$

  (16)

  \(x_{\text {adv}}^{(t)}\)is the adversarial example at iteration \(t\), \(\alpha\) the step size, and \(\text {Proj}_{\mathscr {B}_\epsilon }\) is the projection onto the \(\epsilon\)-ball.

• MIM MIM enhances PGD by adding a momentum term that stabilizes the direction of the gradient updates. The gradient update with momentum is:

  $$\begin{aligned} & g^{(t+1)} = \mu \cdot g^{(t)} + \frac{\nabla _x J(\theta , x_{\text {adv}}^{(t)}, y)}{\Vert \nabla _x J(\theta , x_{\text {adv}}^{(t)}, y)\Vert _1}, \end{aligned}$$

  (17)
  $$\begin{aligned} & x_{\text {adv}}^{(t+1)} = \text {Proj}_{\mathscr {B}_\epsilon }(x_{\text {adv}}^{(t)} + \alpha \cdot \text {sign}(g^{(t+1)})), \end{aligned}$$

  (18)

  where \(g^{(t)}\) is the accumulated gradient at step \(t\) and \(\mu\) is the decay factor for momentum.

Real-world attack scenarios and implications The theoretical construction of adversarial scenarios is significant, although their practical implications are of greater importance to assess. Minor disturbances to input signals can substantially interfere with ILS, resulting in mislocalization. An attacker can add carefully crafted noise in the RSSI measurements, causing the system to misplace a user’s location. For example, showing them on the wrong floor of the hospital. Mistakes like these can have serious consequences, from delaying medical staff to hindering emergency response. Similarly, interference with Wi-Fi CSI data leads to inaccurate activity recognition, putting applications like elderly care monitoring and surveillance at risk. In smart buildings attackers can carry out spoofing attacks that copy and mimic real signals, potentially granting unauthorized access or hindering indoor navigation. These examples highlight that adversarial attacks on ILS are not just theoretical but pose a real threat to safety, security, and privacy.

To reduce these risks, ILS needs to be designed with strong resilience. Adversarial training methods like FGSM, PGD, and MIM provide protection by exposing models to realistic adversarial examples during training. This allows the models to learn how to recognize and adapt to signal disruptions that could otherwise reduce their accuracy and reliability. The training process follows a strict cycle as demonstrated by Fig. 10. It starts with clean data, then generates adversarial examples, followed by adding these adversarial examples to the training set and retraining the models. By repeating this cycle, the system gradually becomes more resilient against adversarial examples generated by attackers.

Fig. 10

Adversarial training workflow illustrating how iterative inclusion of adversarial samples strengthens ILS models against real-world attack scenarios such as signal spoofing, floor misclassification, and adversarial noise injection.

Anomaly detection Machine learning-based systems detect unusual patterns in signal behavior that could indicate security breaches. These systems analyze real-time data for violations of established signal standards, facilitating the early detection of threats such as signal manipulation and unauthorized localization. Anomaly detection can be formulated as a problem of identifying deviations \(\delta\) between real-time observations \(\textbf{x}_{\text {real}}\) and the expected behavior \(\textbf{x}_{\text {expected}}\):

$$\begin{aligned} \delta = \Vert \textbf{x}_{\text {real}} - \textbf{x}_{\text {expected}}\Vert _p, \end{aligned}$$

(19)

where \(\Vert \cdot \Vert _p\) denotes the \(p\)-norm (e.g., Euclidean distance for \(p=2\)) used to quantify the deviation. An anomaly is flagged if \(\delta > \tau\), where \(\tau\) is a predefined threshold.

Integrating AML techniques into ILS can greatly strengthen their defense against complex attacks. For example, Patil et al.⁶⁸ demonstrates that using adversarial training with FGSM and PGD improves both floor classifications and localization accuracy under attack. This is especially critical in environments like hospitals, where a misclassification could delay emergency response. Ambalkar et al.⁶⁹ demonstrated that the use of MIM and PGD to Wi-Fi CSI data improved resistance against adversarial interference in human activity recognition, therefore diminishing the likelihood of false alarms in surveillance and assisted living contexts. Li et al.⁵³ presented the Abnormal Crowd Traffic Detection (ACTD) system to detect abnormalities in crowdsourced positioning data, demonstrating that real-time anomaly detection can thwart extensive manipulation of indoor mobility data in public spaces.

Furthermore, anomaly detection is essential for recognizing unusual trends in signal behavior that suggest adversary manipulation, including signal spoofing and jamming attempts. Li et al.⁵³ created the Abnormal Crowd Traffic Detection (ACTD) system, utilizing machine learning methods, including probability suffix trees (PST), to identify anomalies in crowdsourced indoor positioning data. Extending this form of anomaly detection for monitoring real-time RSSI and CSI signals in ILS could allow prompt detection of signal modifications that adversarial attacks depend upon. Ko et al.⁵⁸ developed a random forest-based filter (RFBSA) to eliminate noise resulting from MAC spoofing. This makes localization more accurate in systems that are vulnerable to spoofing attacks. Incorporating these anomaly detection methods will provide dynamic, real-time ILS defenses, ensuring system stability under hostile conditions.

Federated learning

In alignment with the mitigation strategies outlined in Fig. 3, FL is a decentralized machine learning methodology that addresses privacy concerns by ensuring that sensitive user information, such as location, remains on the local device. A central server receives model updates, thereby maintaining data privacy and improving model training efficacy. For an overview of FL schematics, refer to Fig. 11.

Fig. 11

Overview of FL in ILS⁹⁹.

• Local Model Updates: Within the framework of ILS, FL enhances privacy by retaining location data on the user’s device. This method is particularly advantageous in multi-building configurations where data privacy is paramount. FL models integrate data from several devices while preserving the privacy of individual users. The local updates at device k is computed as

  $$\begin{aligned} \textbf{w}_k^{t+1} = \textbf{w}_k^t - \eta \nabla L_k(\textbf{w}_k^t), \end{aligned}$$

  (20)

  where \(\textbf{w}_k^t\) represents the local model weights at device \(k\) during iteration \(t\), \(\eta\) is the learning rate, and \(\nabla L_k(\textbf{w}_k^t)\) is the gradient of the loss function \(L_k\) on the local data of device \(k\).

• Managing Non-IID Data: In practical FL systems, addressing non-IID (independent and identically distributed) data is a considerable problem. Numerous advanced FL methodologies have been established to tackle these challenges, notably FD, which reduces communication overhead while maintaining high model accuracy. The global model aggregation in FL is given as

  $$\begin{aligned} \textbf{w}^{t+1} = \frac{1}{K} \sum _{k=1}^K \textbf{w}_k^{t+1}, \end{aligned}$$

  (21)

  where \(\textbf{w}^{t+1}\) is the updated global model, \(K\) is the total number of participating devices, and \(\textbf{w}_k^{t+1}\) are the updated weights from each device. This ensures that the global model benefits from diverse device data without transferring raw data.

To provide a clearer understanding of the overall FL workflow in indoor localization, we present the Algorithm 1 outlining the process.

Algorithm 1

Federated learning for privacy-preserving Indoor localization¹³⁷

FL has shown great promise in improving privacy-preserving ILS solutions. A significant use is its capacity to preserve location data on local devices, guaranteeing that sensitive user information remains on the user’s device. Ciftler et al.⁵⁹ came up with an FL strategy for crowdsourcing RSS fingerprint-based localization that protects user privacy while still ensuring accurate localization. This method aggregates model updates from several devices, enabling collaborative learning while protecting individual user data. Li et al.⁵⁷ examined FL in ILS inside multi-building and multi-floor environments, employing pseudo-label-driven training to augment labeled data and address the challenge of insufficient labeled data in these scenarios. The decentralized nature of FL facilitates data aggregation across various locations or systems while complying with privacy regulations, as illustrated by Barsocchi et al.’s privacy-by-design framework for indoor navigation systems in alignment with GDPR standards⁵². Additionally, Gao et al.⁸⁷ established a FL framework tailored for extensive indoor localization, appropriate for multi-floor and multi-building settings, therefore augmenting the relevance of FL in strengthening privacy preservation. This decentralized method also tackles issues related to the administration of non-IID data, frequently encountered in varied localization contexts, and is alleviated using sophisticated techniques such as FD¹¹², which reduces communication overhead while maintaining model accuracy. The ability of FL to disseminate knowledge across devices while preserving privacy, as demonstrated by these instances, underscores its increasing significance in safe and efficient ILS.

While several advanced techniques have been proposed to mitigate security risks in ILS, their deployment in real-world systems presents significant challenges. FL, for instance, enables decentralized training without sharing raw data but suffers from non-IID data across clients. This heterogeneity can impair model convergence and degrade accuracy. To address this, SimDeep introduced similarity-aware aggregation strategies that improved accuracy to 92.9% despite client diversity ¹³⁸. Similarly, adversarial defenses such as CALLOC apply curriculum learning and lightweight attention mechanisms to resist adversarial examples, but still require retraining and computational resources that may not be feasible for constrained IoT environments ¹¹³. Cryptographic approaches like TESLA and privacy-preserving schemes such as Sillcom ¹³⁹ show promise in securing location information through authentication and secret sharing. However, these methods often increase communication overhead, introduce latency, and complicate synchronization–factors that can limit their scalability in dense or time-sensitive ILS applications. Therefore, while effective solutions exist in principle, translating them into robust, deployable systems remains an ongoing challenge.

Deep learning for attack detection and localization

Deep learning models, especially CNNs and RNNs, are increasingly used in ILS for precise localization and attack detection. These models have demonstrated a robust capacity to learn intricate spatial and temporal patterns from signal data, including Wi-Fi and Bluetooth signals.

• CNNs for Localization: ILS has employed CNNs to analyze RSSI or CSI data for accurate location prediction. These algorithms have effectively identified signal anomalies that may indicate an attack, including spoofing attempts or interference.

• RNNs for Temporal Data: RNNs are highly proficient at modeling sequential data, including movement patterns inside indoor environments. Through the analysis of these temporal sequences, RNNs can identify anomalies that signify security vulnerabilities, enabling them to predict attacks such as signal jamming.

CNNs and RNNs are deep learning models that have demonstrated significant potential in enhancing ILS performance regarding security improvements and localization precision. CNNs have effectively predicted user locations by examining signal strength data, such RSSI or CSI. This method, illustrated by Ko et al.⁵⁸, utilizes a random forest-based filter to detect and remove fraudulent signals that compromise localization accuracy. Likewise, Yang et al.⁵⁶ devised a CNN-based map localization method to facilitate the assessment of a secure condition during hostile assaults. This illustrates the identification and resolution of signal difficulties with deep learning techniques.

The capability of RNNs to identify sequential movement patterns in temporal data enables real-time detection of anomalies such as signal jamming or movement disparities. Li et al.⁵³ utilized machine learning approaches, such as probability suffix trees, to detect anomalous crowd traffic by analyzing temporal trends in signal data. RNNs may boost this by enhancing the prediction of temporal sequences within the signal data. Furthermore, Madani et al.⁶³ illustrated the application of deep learning for the detection of MAC layer spoofing. This approach could be enhanced by employing RNNs to identify anomalous temporal patterns in wireless signals, so aiding in the prediction of possible attacks. These pictures exemplify how deep learning models can be customized to tackle both temporal and spatial difficulties in ILS.

Generative models for data privacy and augmentation

ILS use generative models, namely GANs, shown in Fig. 12, to produce synthetic data that improves the system’s privacy and resilience. GANs improve model training by producing realistic data samples while safeguarding the privacy of genuine user information. In ILS, GANs are utilized to generate synthetic training datasets that replicate various signal environments, including potential attack scenarios. This allows models to get insights from a larger dataset while protecting user privacy. Furthermore, GANs have been utilized to augment model resilience against adversarial attacks by producing adversarial samples for training purposes.

Fig. 12

GAN schematics¹¹⁶.

A GAN includes two neural networks: a generator \(G\) and a discriminator \(D\), which compete against each other in a zero-sum game. The generator accepts random noise \(\textbf{z}\) drawn from a prior distribution \(p_z(\textbf{z})\) and produces synthetic data \(G(\textbf{z})\). The discriminator analyzes whether the data is authentic (\(x \sim p_{\text {data}}(x)\)) or fabricated (\(G(\textbf{z})\)). The objective function for GANs can be defined as follows:

$$\begin{aligned} \min _G \max _D V(G, D) =&\, \mathbb {E}_{x \sim p_{\text {data}}(x)}[\log D(x)] \nonumber \\&+ \mathbb {E}_{\textbf{z} \sim p_z(\textbf{z})}[\log (1 - D(G(\textbf{z})))]. \end{aligned}$$

(22)

Within this paradigm, the discriminator attempts to optimize the likelihood of accurately distinguishing between real and synthetic data. The generator seeks to reduce the likelihood of the discriminator differentiating between generated data and real data. The application of GANs in ILS may improve privacy, robustness, and overall efficacy of these systems. In the field of crowdsourced location systems, as noted by Li et al.⁵³, GANs can produce synthetic RSS signatures that replicate authentic data. This approach can improve the system’s resilience to anomalous traffic detection and spoofing assaults while safeguarding user privacy. GANs, by generating authentic synthetic data, can augment datasets for ILS and reduce dependence on user-provided data, hence diminishing the danger of privacy violations. Ciftler et al.⁵⁹ showed that FL may be integrated with GANs to enhance the privacy of indoor localization, enabling several devices to train on a common dataset without the necessity of revealing the raw data. In this context, GANs can generate synthetic training data that local models employ to improve system performance when labeled data is unavailable. Recent work shows that differentially private GANs can synthesize realistic indoor location fingerprints with formal privacy guarantees, enabling data sharing and model training without exposing raw trajectories¹⁴⁰.

Furthermore, GANs can enhance defenses against adversarial attacks. Patil et al.⁶⁸ investigate the vulnerability of deep learning models to attacks that modify signal strength data, hence reducing localization precision. GANs can generate adversarial instances during model training, enabling ILS to identify and counteract such attacks in practical applications. GANs enhance model training resilience by generating adversarial samples, safeguarding against deceptive inputs intended to compromise localization accuracy. Njima et al.⁷⁵ noted that employing GANs to provide authentic adversarial inputs in RSSI vector augmentation markedly enhances the model’s accuracy and security, particularly in settings with less labeled data. In conclusion, the application of GANs in ILS, whether for privacy-preserving data production or adversarial defense, might significantly enhance both the security and efficiency of ILS.

Differential privacy

Differential privacy is a method that protects individual users’ privacy even when their data is being used for system training or decision-making. It accomplishes this by introducing noise (Figure 13) into the data in a way that preserves broad patterns while safeguarding individual items. ILS employs differential privacy techniques to introduce appropriately calibrated noise to user location data, therefore obstructing the identification of individual movements linked to a specific user. This approach is highly effective in scenarios requiring significant amounts of location data, such as smart buildings or retail environments.

Differential privacy guarantees that noise is incorporated according to a defined process, such as the Laplace mechanism or the Gaussian mechanism. For instance, in the Laplace mechanism. noise is sampled from the Laplace distribution as

$$\begin{aligned} \text {Noise} \sim \text {Laplace}\left( 0, \frac{\Delta f}{\epsilon }\right) , \end{aligned}$$

(23)

where \(\Delta f\) denotes the sensitivity of the query (i.e., the greatest extent to which a single individual’s data can influence the output), and \(\epsilon\) represents the privacy budget, governing the balance between privacy and accuracy. The output characterized by noise then becomes \(\tilde{f}(x) = f(x) + \text {Noise}\). Similarly, in the Gaussian mechanism, noise is sampled from a Gaussian (normal) distribution as

$$\begin{aligned} \text {Noise} \sim \mathscr {N}\left( 0, \sigma ^2\right) , \end{aligned}$$

(24)

where \(\sigma\) is the standard deviation of the noise, calibrated based on \(\epsilon\) and \(\delta\) (a parameter for approximate differential privacy).

Incorporating noise into the data safeguards privacy by guaranteeing that the presence or absence of an individual’s data in the dataset does not substantially influence the analysis results. For instance, with carefully adjusted noise, two datasets that differ solely by one individual’s data yield statistically indistinguishable outcomes. This makes it almost impossible for attackers to derive sensitive information on particular individuals while still enabling the dataset to yield accurate aggregate insights. The noise conceals individual contributions, preventing identification while preserving the overall data’s utility.

Fig. 13

Differential privacy process.

ILS can effectively integrate differential privacy by introducing noise to location data, so obscuring individual movements while maintaining the overall value of the data. This methodology has been implemented in various contexts, including smart buildings and retail environments, where substantial location data is essential for operations yet requires meticulous control of privacy concerns. Navidan et al.⁸⁰ introduced a privacy-focused architecture utilizing LDP to safeguard users’ indoor location data. Their method breaks down the indoor environment into distinct zones and monitors user presence within each zone, employing binary noise to protect individual privacy while preserving the precision of aggregate data. Zhang et al.⁷⁹ investigated a cloud-based collaborative localization framework that integrates FSELM and differential privacy methodologies. This guarantees the confidentiality of users’ raw location data throughout the training process, especially relevant in crowdsourcing systems that aggregate vast datasets from users. Utilizing differential privacy, such systems can provide accurate geolocation while mitigating the danger of disclosing sensitive personal movements. Moreover, Fathalizadeh et al.⁸¹ introduced anonymization methods employing differential privacy to preserve the utility of location data while protecting individual identities. This method is especially beneficial in settings requiring enhanced security and privacy, such as hospitals or corporate campuses, as it restricts the use of location data for illicit surveillance of persons. These examples demonstrate the adaptation of differential privacy for various indoor localization contexts, seeking to balance privacy concerns with the practical requirements of systems.

Reinforcement learning for dynamic security

Reinforcement learning (RL) offers a dynamic approach to improve ILS by enabling systems to adapt over time to changing surroundings and security threats. Rather than depending solely on established rules, RL models acquire knowledge through ongoing contact with their environment and adjust their behavior based on previous results. As seen in Fig. 14, reinforcement learning can improve real-time dynamic security in indoor localization systems.

Fig. 14

RL for real-time dynamic security in ILS.

In the presence of threats like jamming or spoofing, RL algorithms can dynamically adjust system parameters, thereby enhancing the resilience of localization models in uncertain or adversarial environments. Through real-time modifications, RL significantly enhances the robustness of integrated logistics systems. It can identify anomalous patterns in RSSI or atypical user movements, thereby detecting suspicious activities and preventing fraudulent check-ins. This methodology corresponds with the research conducted by Li et al.⁵⁴, who employed algorithmic strategies to identify aberrant behaviors.

In addition to accuracy and security, RL also facilitates privacy preservation. Barsocchi et al.⁵² demonstrate that privacy-by-design frameworks can be improved when RL dynamically reconciles accuracy with data protection requirements, modifying privacy policies in response to the intensity of the threat. In FL contexts, RL can direct distributed models to enhance their learning techniques by utilizing inputs from many clients, as suggested by Ciftler et al.⁵⁹.

Yan et al.⁶² have emphasized the significance of RL in interpreting RSS fluctuations and alleviating the effects of physical-layer attacks, thus enhancing the security and reliability of localization. Collectively, these attributes highlight RL as a promising approach for enhancing the precision, adaptability, and security of indoor localization systems.

Hybrid cryptographic-AI approaches

The integration of AI with cryptographic techniques is attracting considerable interest for the enhancement of ILS. These methodologies offer robust safeguarding of sensitive information, thus guaranteeing both privacy and security during the localization process.

• Homomorphic Encryption with AI: Homomorphic encryption safeguards user location data by allowing computations to be executed directly on encrypted information. This technology, when combined with AI methodologies like FL, facilitates secure and privacy-preserving localization without compromising system speed.

• Zero-Knowledge Proofs: AI-enhanced applications of zero-knowledge proofs (ZKPs) facilitate safe device connectivity while preserving confidential information. These methods are especially efficient in collaborative indoor localization contexts, where numerous users must collaborate without revealing their raw data.

ILS can leverage hybrid frameworks that combine AI with cryptographic mechanisms such as ZKPs and homomorphic encryption to enhance privacy and security. Homomorphic encryption enables the processing of sensitive location data without decryption, so it maintains confidentiality while facilitating rapid computing. Ciftler et al.⁵⁹ emphasize this concept in FL, wherein data resides on the local device while aiding in the development of a collective global model.

In ILS, AI-augmented ZKP procedures facilitate secure verification and communication. Casanova et al.⁹¹ proposed a BLE-based collaborative positioning method that safeguards user anonymity, particularly beneficial when various stakeholders (e.g., users and service providers) need to collaboratively ascertain locations without jeopardizing privacy.

Furthermore, Patil et al.⁶⁸ illustrate that the integration of AI into cryptographic solutions can alleviate adversarial assaults aimed at signal strength data. Na et al.⁷¹ demonstrate that ZKPs can mitigate spoofing and cross-technology impersonation threats, wherein adversaries seek to distort the localization process. Integrating AI with cryptographic protections enables ILS to attain increased resilience and reliability, improving end-user security and privacy in applications like asset tracking and indoor navigation.

Discussion and synthesis of findings

This section synthesizes the reviewed literature by categorizing security and privacy techniques for Indoor Localization Systems (ILS) across three dimensions: effectiveness, scalability, and real-world applicability. The synthesis draws upon empirical results and conceptual trends identified in Sects. "Related work"–"Machine learning techniques for enhancing security and privacy in ILS".

Effectiveness

Effectiveness refers to how well a technique defends against specific threats such as spoofing, signal jamming, and adversarial manipulation. Approaches like adversarial machine learning (AML) and anomaly detection mechanisms show high accuracy and robustness in controlled conditions. For instance, AML-based frameworks demonstrated resilience against white-box attacks, particularly with adversarial training strategies^68,83. Similarly, cryptographic solutions such as secure two-way ranging protocols, zero-knowledge proofs, and blockchain-based methods provide strong theoretical guarantees of confidentiality and integrity^89,104,114.

However, many methods exhibit context sensitivity. Their effectiveness may deteriorate under complex conditions like non-line-of-sight environments or dynamic user mobility. Several defenses also rely heavily on accurate signal models and high-quality training data, which may not generalize well across deployments.

Scalability

Scalability involves the adaptability of security and privacy solutions to large or heterogeneous environments. Federated learning (FL) and decentralized models appear promising in this regard^87,99. These frameworks reduce the need for centralized data aggregation, thereby supporting edge-based intelligence and reducing latency.

Nonetheless, FL techniques face practical limitations including non-IID data distributions, communication overhead, and energy consumption in battery-constrained devices. Many studies highlighted convergence issues in FL models and the need for compression techniques or hierarchical architectures to ensure efficient scalability^59,99.

Real-world applicability

Although many solutions report high accuracy in simulated or laboratory settings, their real-world deployment remains limited. For example, approaches involving homomorphic encryption, blockchain integration, or differential privacy often introduce computational complexity that impairs responsiveness in real-time localization tasks^89,97.

Several studies also emphasize the lack of validation in diverse or dynamic environments. Techniques that excel in static testbeds frequently underperform when faced with variable signal conditions, user density changes, or multipath propagation. Moreover, data availability and labeling constraints hinder the deployment of machine learning-based solutions in commercial-scale systems.

The synthesis presented above offers a critical perspective on the security and privacy techniques employed in ILS by evaluating them along dimensions of effectiveness, scalability, and real-world applicability. While several solutions show promise in controlled settings, their real-world feasibility is hindered by computational, architectural, and contextual limitations. Emerging hybrid frameworks that integrate FL, AML, and cryptographic primitives appear to be the most resilient, but they, too, require empirical validation at scale. These findings align with and are further elaborated upon in Section , where we detail key research gaps and propose future directions for advancing secure and privacy-preserving indoor localization.

Practical challenges

Despite the promising potential of the proposed approach, several practical challenges remain that may hinder its widespread adoption^5,65,111. A key concern relates to cost considerations. Implementing advanced computational frameworks and infrastructure often demands significant financial investment in hardware, software licensing, and continuous system maintenance^{64,89,111,123}. For many organizations, particularly small- and medium-sized enterprises, these expenses may pose barriers to initial adoption and long-term sustainability. Furthermore, training personnel to effectively manage and operate the system adds an additional layer of resource demand.

Another important limitation concerns scalability. While the framework performs effectively in controlled or medium-scale environments, scaling it to handle large and complex datasets or high-throughput operations introduces performance bottlenecks^59,82,87,99. Issues such as increased latency, higher storage demands, and greater energy consumption need to be addressed to ensure that the system can function efficiently under real-world, large-scale deployment conditions^{79,89,105,123}. Research into distributed architectures, cloud integration, and optimization techniques will be essential to mitigate these scalability challenges^{79,87,112,114}.

Finally, interoperability remains a critical barrier. The integration of the proposed solution into existing technological ecosystems requires compatibility with heterogeneous platforms, standards, and legacy systems^71,72. Achieving seamless data exchange and ensuring compliance with industry-specific regulations can be complex and time-consuming^52,108. Without careful design to promote interoperability, adoption across diverse environments may be restricted, ultimately limiting the impact of the approach. Addressing these interoperability concerns through standardized protocols and modular architectures will be crucial to supporting practical implementation^91,123.

Research gaps and future directions

Despite ILS privacy, security, and performance improvements, several issues and research gaps remain. FL, AML, and cryptographic approaches have shown potential in simulations, but their real-world deployment is constrained. The complexity of managing non-IID data, the privacy-performance trade-off, energy efficiency concerns, and scalability in decentralized situations like IoT remain obstacles. To address these difficulties, creative methods like enhancing FL efficiency, strengthening adversarial defenses, and optimizing cryptographic protocols for low-power contexts are needed. The next sections identify these shortcomings and suggest ILS research directions.

Research gaps

Scalability and real-world feasibility

Although several research projects undertaken in 2020 and 2021^59,68,69,83 investigated solutions in simulated environments, their feasibility for implementation in extensive real-world systems remains limited. Various methodologies, including FL^87,112, adversarial training^68,85, and cryptographic techniques^104,114, have yet to exhibit substantial scalability in diverse, dynamic, and expanding environments such as smart cities or large organizations. Whilst simulation-based techniques demonstrate encouraging results, they are deficient in extensive real-world validations that consider discrepancies in devices, sensors, and networks.

Handling non-IID data in FL

FL has been recognized as a vital framework for safeguarding privacy in indoor localization. Nonetheless, the management of non-IID (independent and identically distributed) data across decentralized devices remains a considerable difficulty. In diverse real-world settings, such as IoT-based localization systems, numerous FL algorithms have difficulties in attaining stable convergence. Additional investigation is necessary to enhance FL models in non-IID environments and to reduce communication overhead while maintaining accuracy^87,98,99. Even though ILS has made progress in becoming more secure and private, this gap shows that there is still a lot of room for improvement.

Trade-off between privacy and accuracy

A persistent difficulty in privacy-preserving methodologies, such as differential privacy, is achieving a balance between robust privacy assurances and high location accuracy. Methods like noise addition and encryption, although protecting sensitive data, also diminish accuracy, potentially undermining system effectiveness. This problem is especially pronounced in high-density or resource-constrained settings, where even little reductions in accuracy can dramatically affect system performance^{79,80,81,97,116}.

Adversarial attack robustness

Adversarial training is commonly utilized to enhance the resilience of machine learning models in indoor localization; nevertheless, existing methodologies are insufficient in mitigating sophisticated or adaptable adversarial attacks. Common methods like FGSM, PGD, and MIM only provide limited protection against more advanced or tailored strategies^68,69,85. Additionally, the continual requirement for retraining and the significant computational burden of adversarial defenses impede their use in real-time IoT and GNSS-denied contexts^83,113.

Energy efficiency in cryptographic solutions

Cryptographic methods, such as mutual privacy protocols and encryption processes, usually need a lot of processing power and energy. This problem is especially bad in IoT scenarios when resources are limited. Blockchain-based solutions can make data more reliable, but they also require more processing power and energy, which makes them less useful for devices that need to work in real time or use less power^89,114,115.

Future directions

Enhancing resilience against advanced adversarial attacks

The review of current literature has pinpointed some critical domains for future study in ILS. A significant trend that is occurring is the improvement of ILS’s ability to withstand advanced attacks from attackers. Adversarial training strategies like FGSM, PGD, and MIM have shown some success as current defense mechanisms. They still have trouble dealing with more advanced and complicated attacks, especially in complicated IoT settings^68,69. For instance, while adversarial training is effective against fundamental attack vectors, recent studies demonstrate that systems remain vulnerable to informed attacks and emerging techniques such as cross-technology interference^71,76. Further study may investigate sophisticated methodologies, such as adversarial curriculum learning or hybrid models that integrate adversarial training with differential privacy methods or FL to improve robustness. Curriculum Adversarial Learning and other hybrid methods try to protect systems from assaults and keep users’ privacy safe¹¹³. These strategies can make the system stronger, protecting it from attacks and breaches of privacy.

Improving privacy-preserving methods

A major area of research is finding better ways to safeguard privacy. Differential privacy and cryptographic protocols like ZKP have made privacy safeguards better, but they typically come with trade-offs in terms of accuracy and computational cost⁹¹. Studies such as⁷⁹ have demonstrated that the use of differential privacy can markedly reduce the likelihood of privacy violations. However, it also has problems, such as the cost of labor for site surveys and effects on performance. Future research may concentrate on refining these methodologies to attain greater accuracy while minimizing computational and transmission costs, particularly in resource-constrained settings like IoT systems^5,116. Investigating LDP techniques alongside FL has demonstrated potential in improving privacy while reducing performance degradation^79,100. Methods like federated averaging⁸⁷ and the combination of differential privacy have been shown to work well for protecting user privacy and improving localization performance.

Scalability and efficiency in FL systems

FL and its advanced versions, such as federated distillation, show promise for decentralized learning in several scenarios. However, challenges like data heterogeneity (non-IID data) and connection costs limit their scalability in real-world applications. FedLoc3D was accurate for indoor localization, but it had trouble with distributed and diverse data. This shows that we need to find ways to solve model convergence problems in non-IID situations⁸⁷. Future research should focus on enhancing the scalability and efficiency of FL systems, particularly in extensive IoT contexts where reducing power consumption is essential¹¹². Furthermore, the integration of FL with GANs to generate realistic synthetic data for training, while preserving privacy, may enhance system resilience^5,116.

Improving energy efficiency in blockchain-based localization systems

Blockchain systems developed for secure navigation and localization in GNSS-deficient locations often encounter issues related to substantial computational and energy expenditures. Blockchain systems, as outlined in⁸⁹, have highlighted the energy constraints, particularly regarding IMU sensors. Future developments should concentrate on improving blockchain protocols to reduce supplementary expenses while preserving data integrity and security^89,114. Lightweight consensus techniques and off-chain strategies can reduce the computational burden, rendering these systems more appropriate for resource-constrained settings¹¹⁵.

Empirical validation of machine learning models in real-world settings

Numerous proposed solutions, including Anomalous Crowd Traffic Detection (ACTD) and various machine learning-based detection frameworks, predominantly depend on simulations for validation. The ACTD framework and methodologies such as IS-WARS^53,76 have shown encouraging outcomes in controlled environments; yet, their effectiveness in unpredictable, real-world contexts remains largely unvalidated. Future investigation should focus on implementing these systems in real-world settings to assess their effectiveness under varying situations, including environmental changes and adversarial capabilities^53,58.

Robust privacy mechanisms for crowdsourced data

The increasing reliance on crowdsourced indoor location data raises substantial privacy issues, especially in IoT environments where users could unintentionally reveal sensitive information. Privacy-enhancing approaches, like LDP and FL, together with anonymization methods such as k-anonymity, require more refinement for dynamic crowdsourcing applications^80,81. The application of LDP in frameworks like Navidan et al.’s research has shown encouraging outcomes; however it encounters difficulties with noise control and scalability. Investigating methods that reconcile privacy with location precision in dynamic contexts may yield significant progress in this domain.

Hybrid security solutions for robustness against novel attacks

Numerous current protections, such as MAC spoofing detection and adversarial training, falter when faced with novel attack vectors that were not foreseen during the model training phase. To enhance resilience against known and unknown threats, a potential strategy is to create hybrid security mechanisms that include several detection layers, such as physical-layer metrics and RSS fingerprinting^71,85. Recent research indicates that employing multi-layered detection, which integrates signal features with statistical models, enhances defense against novel attack vectors⁷⁸. This approach corresponds with cross-layer, multi-modal neural network defense frameworks that provide end-to-end robustness improvements across sensing and protocol layers¹⁴¹.

Advanced sensor fusion for indoor localization

Future study should investigate the amalgamation of several sensor data types, including BLE, Wi-Fi, inertial sensors, and acoustic signals, to enhance the dependability of localization systems, especially in regions lacking GNSS accessibility. Kalpana et al.⁹³ demonstrated that the integration of public and private key cryptography with acoustic localization significantly improves system resilience. Emphasis should be directed on improving sensor fusion algorithms to achieve high precision, particularly in diverse IoT systems.

Real-time performance and scalability testing

The computational demands and energy usage of several proposed methodologies, including FL, blockchain solutions, and differential privacy, constrain their implementation in real-time, large-scale systems. Research, including^59,79, underscores concerns such as energy consumption and prolonged convergence times, signifying a significant obstacle for practical implementation. The future path may involve optimizing these approaches to decrease energy usage and increase processing speeds, thereby rendering them more suitable for real-time applications.^92,113.

Transfer learning and adaptability in diverse environments

A major problem in ILS is the adaptation of systems to diverse contexts, such as large buildings and shopping centers, without necessitating complete retraining. Transfer learning, particularly in FL contexts, demonstrates potential. Guo et al.⁹⁸ have effectively shown that federated transfer learning may diminish localization error and training time in indoor localization. Additional investigation into domain adaptation and transfer learning techniques may enable localization systems to adjust to new surroundings with minimal data, hence diminishing the necessity for retraining while maintaining high precision.

Secure and scalable blockchain systems for localization

Blockchain technology is suggested as a secure and decentralized method for indoor localization. Nonetheless, the substantial computational and energy requirements provide considerable hurdles, as evidenced in frameworks like Hyperledger Fabric, which encounter constraints due to processing overheads⁸⁹. Subsequent investigation can concentrate on lightweight blockchain protocols that are more appropriate for IoT settings, where energy efficiency is critical¹¹⁴.

Integration of reinforcement learning for adaptive privacy management

RL offers a method to regulate privacy in fluctuating indoor localization environments. Min et al.¹⁰¹ presented an RL-based local privacy protection system for three-dimensional indoor environments, demonstrating its efficacy in selecting policies and adapting to environmental changes. Through these techniques, computers may dynamically modify and update privacy regulations in real time according to context, thus providing both usability and privacy in intricate multi-story structures. Employing RL-driven local privacy protection mechanisms (LPPMs) can markedly improve flexibility and fortify privacy in these contexts.

Trustworthiness in crowdsourced ILS

A crucial next step is to guarantee the dependability of data in crowdsourced localization systems. Existing techniques, such as trustworthiness assessments and autoencoder-based anomaly detection, demonstrate potential but require more refining and optimization⁸⁸. Formulating ways to guarantee data consistency and correctness while safeguarding user privacy will improve the trustworthiness of crowdsourced ILS systems.

Energy-efficient FL for large-scale systems

FL has demonstrated potential for privacy-preserving localization. Nonetheless, the energy expenditure linked to model updates, especially in extensive IoT networks, continues to pose a significant barrier. Additional research is required to enhance FL protocols, including federated distillation, to minimize communication and energy expenditures¹¹². Methods like energy-efficient aggregation and selective model updates can enhance the scalability of FL, rendering it more appropriate for IoT applications, including ILS. Recent advancements in complementary TinyML indicate that the quantization and knowledge distillation of transformer/Mamba models can achieve precise indoor localization on limited edge devices while minimizing computational and memory requirements¹⁴². In order to facilitate thorough and repeatable studies, Table 8 combines the indicated future directions into a structured research agenda, outlining the methodological approach, experimental design, comparison baselines, and assessment criteria for each theme.

Table 8 Actionable plans for each future direction. When a year appears in a table, it denotes the publication year of the cited paper/parameter; when not shown, the scope is 2020–2025.

Conclusion

This paper has provided an in-depth review of the security and privacy issues in ILS, with particular attention to major threats such as spoofing, signal jamming, and adversarial attacks. The analysis shows that while techniques such as Federated Learning (FL), Adversarial Machine Learning (AML), and cryptographic protocols can each strengthen system resilience, privacy, and efficiency, they also face critical challenges.

FL addresses privacy concerns but faces difficulties with non-IID data and increased transmission costs. AML improves robustness against attacks but requires significant computational resources. Cryptographic procedures provide data integrity; nevertheless, they also include computational expenses. The findings collectively suggest that no one method may sufficiently meet the complex demands of ILS.

This research highlights the importance of a balanced approach that combines lightweight privacy-preserving strategies with strong security measures. Future research should focus on integrating these approaches to tackle challenges related to scalability, energy efficiency, and adaptability. This will enable the creation of a secure, privacy-conscious, and flexible ILS capable of functioning in diverse and dynamic environments.