MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption

Opportunity

Given the wide adoption of Wi-Fi, an eminent threat has arisen along with the ubiquitous wireless access. This threat has been explored as an opportunity in the past to sense our ambient environments; it is made possible since the disturbances brought to Wi-Fi signals (in particular, channel state information, or CSI) can be leveraged to infer the status and behaviors of their sources. As this opportunity enables a common Wi-Fi user to get aware of others (not necessary Wi-Fi users) in terms of their locations, activity/gesture, and even vital signs, it can potentially be exploited by malicious eavesdroppers and thus turned into a threat.

Whereas this threat has been recognised for years, the proposed solutions are still quite limited in their application scopes. Some “selfish” countermeasure allows only one user to perform sensing as it jams Wi-Fi signals after absorbing the clean ones. Others have made this countermeasure omnipresent by initiating it from APs (access points): “fake” data traffic or signals are injected to scramble CSI. As a result, existing solutions, if adopted in practical scenarios, face three major issues: (i) incapable of supporting multiple legitimate sensing users, (ii) jamming communications as the cost of defending rare sensing attacks, (iii) neglecting the important multiple-in multiple-out (MIMO) capability of Wi-Fi.

Technology

To overcome all these issues, we propose _MIMOCrypt as our answer to the threat imposed by the ubiquitous sensing capability of Wi-Fi. As illustrated in Figure 1, we realise signal obfuscation in a source-defined manner by exploiting the MIMO capability to physically encrypt CSIs containing the to-be-sensed human activities as plaintexts, rendering _MIMOCrypt compatible with Wi-Fi standard without the need for additional hardware. In addition, the source-defined obfuscation promoted by _MIMOCrypt allows it to support multi-user scenarios while thwarting unauthorised eavesdropping. Performing signal obfuscation always affects both communication and sensing for legitimate users, but this is a price to be paid for thwarting unauthorised eavesdropping. Fortunately, _MIMOCrypt’s source-defined channel encryption offers a full control on various parties, including both legitimate and unauthorised users, as well as users of both sensing and communication services. Consequently, the CSI encryption mechanism can be optimised so as to strike an adequate balance among (i) risk of unauthorised eavesdropping, (ii) legitimate sensing accuracy, and (iii) communication quality. In addition, we propose an efficient decryption procedure for relatively coarse-grained sensing tasks such as user gesture and activity recognition driven by a deep neural model, exploiting the distinction between sensing and communication in required signal granularity.

Figure 1: MIMOCrypt leverages MIMO diversity at an AP (Alice) to encrypt the channel (the CSI) and thus thwart malicious eavesdroppers (Eve); it retains the sensing and communication ability of legitimate users (Bobs) by securely conveying a decryption key to them. 

Figure 2: CSI sensing results of “zigzag” hand waving. Results with/without MIMO encryption appear in forms of time-frequency analysis. 

Applications & Advantages

We design _MIMOCrypt to thwart illegitimate Wi-Fi sensing and eavesdropping, while preserving the legitimate functions of both Wi-Fi communications and sensing. It can serve as the first security mechanism proposed to protect the emerging ISAC (integrated sensing and communication) trend from malicious sensing/eavesdropping attacks and is applicable specifically to where privacy sensitivity of individual users is high.