Revisiting Wireless Breath and Crowd Inference Attacks With Defensive Deception

Breathing rates and crowd counting can be used to verify the human presence, especially the former one can disclose a person's physiological status. Many studies have demonstrated success in applying channel state information (CSI) to estimate the breathing rates of stationary individuals and count the number of people in motion. Due to the invisibility of radio signals, the ubiquitous deployment of wireless infrastructures, and the elimination of the line-of-sight (LOS) requirement, such wireless inference techniques can surreptitiously work and violate user privacy. However, little research has been conducted specifically in mitigating misuse of those techniques. This paper proposes new proactive countermeasures against all existing CSI-based vital signs and crowd counting inference methods. Specifically, we set up ambush locations with carefully designed wireless signals, allowing eavesdroppers to infer a false breathing rate or person count specified by the transmitter. The true breathing rate or person count is thus protected. Experimental results on software-defined radio platforms with 5 participants demonstrate the effectiveness of the proposed defenses. An eavesdropper can be misled into believing any desired breathing rate with an error of less than 1.2 bpm when the user lies on a bed in a bedroom, and 0.9 bpm when the user sits in a chair in an office room. Additionally, our proposed defense mechanisms can deceive an attacker into believing there are moving individuals in an empty room with a 100% success rate, using both Support Vector Machine (SVM) and Decision Tree (DT) classifiers.