Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PrivyWave: Privacy-Aware Wireless Sensing of Heartbeat

Yixuan Gao, Tanvir Ahmed, Zekun Chang, Thijs Roumen, Rajalakshmi Nandakumar

TL;DR

The paper tackles the privacy risks of ubiquitous wireless vital-sign sensing by introducing PrivyWave, a key-based physical obfuscation system. It formulates a cryptographic framework with Gen, Enc, and Dec to inject decoy heartbeat frequencies and protect user privacy while preserving the utility for authorized monitors; it also provides a formal privacy bound via a collision-probability analysis. The authors implement a compact pneumatic prototype and validate modality-agnostic protection through a user study and performance benchmarks across mmWave and acoustic sensing, achieving high unauthorized error and substantially lower authorized error. The work demonstrates that physical-layer obfuscation can balance privacy with continuous health monitoring and lays groundwork for modality-agnostic, selective privacy in pervasive sensing scenarios.

Abstract

Wireless sensing technologies can now detect heartbeats using radio frequency and acoustic signals, raising significant privacy concerns. Existing privacy solutions either protect from all sensing systems indiscriminately preventing any utility or operate post-data collection, failing to enable selective access where authorized devices can monitor while unauthorized ones cannot. We present a key-based physical obfuscation system, PrivyWave, that addresses this challenge by generating controlled decoy heartbeat signals at cryptographically-determined frequencies. Unauthorized sensors receive a mixture of real and decoy signals that are indistinguishable without the secret key, while authorized sensors use the key to filter out decoys and recover accurate measurements. Our evaluation with 13 participants demonstrates effective protection across both sensing modalities: for mmWave radar, unauthorized sensors show 21.3 BPM mean absolute error while authorized sensors maintain a much smaller 5.8 BPM; for acoustic sensing, unauthorized error increases to 42.0 BPM while authorized sensors achieve 9.7 BPM. The system operates across multiple sensing modalities without per-modality customization and provides cryptographic obfuscation guarantees. Performance benchmarks show robust protection across different distances (30-150 cm), orientations (120° field of view), and diverse indoor environments, establishing physical-layer obfuscation as a viable approach for selective privacy in pervasive health monitoring.

PrivyWave: Privacy-Aware Wireless Sensing of Heartbeat

TL;DR

The paper tackles the privacy risks of ubiquitous wireless vital-sign sensing by introducing PrivyWave, a key-based physical obfuscation system. It formulates a cryptographic framework with Gen, Enc, and Dec to inject decoy heartbeat frequencies and protect user privacy while preserving the utility for authorized monitors; it also provides a formal privacy bound via a collision-probability analysis. The authors implement a compact pneumatic prototype and validate modality-agnostic protection through a user study and performance benchmarks across mmWave and acoustic sensing, achieving high unauthorized error and substantially lower authorized error. The work demonstrates that physical-layer obfuscation can balance privacy with continuous health monitoring and lays groundwork for modality-agnostic, selective privacy in pervasive sensing scenarios.

Abstract

Wireless sensing technologies can now detect heartbeats using radio frequency and acoustic signals, raising significant privacy concerns. Existing privacy solutions either protect from all sensing systems indiscriminately preventing any utility or operate post-data collection, failing to enable selective access where authorized devices can monitor while unauthorized ones cannot. We present a key-based physical obfuscation system, PrivyWave, that addresses this challenge by generating controlled decoy heartbeat signals at cryptographically-determined frequencies. Unauthorized sensors receive a mixture of real and decoy signals that are indistinguishable without the secret key, while authorized sensors use the key to filter out decoys and recover accurate measurements. Our evaluation with 13 participants demonstrates effective protection across both sensing modalities: for mmWave radar, unauthorized sensors show 21.3 BPM mean absolute error while authorized sensors maintain a much smaller 5.8 BPM; for acoustic sensing, unauthorized error increases to 42.0 BPM while authorized sensors achieve 9.7 BPM. The system operates across multiple sensing modalities without per-modality customization and provides cryptographic obfuscation guarantees. Performance benchmarks show robust protection across different distances (30-150 cm), orientations (120° field of view), and diverse indoor environments, establishing physical-layer obfuscation as a viable approach for selective privacy in pervasive health monitoring.

Paper Structure

This paper contains 50 sections, 3 theorems, 15 equations, 4 figures, 5 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Wireless Vital Sign Sensing and Privacy Implications
  4. Privacy Protection for Wireless Sensing
  5. Post-Collection Data Processing
  6. Real-Time Signal Protection
  7. Jamming-Based Protection
  8. Obfuscation-Based Protection
  9. background - FMCW radar
  10. FMCW Theory
  11. Signal Processing Methods for Vital Sign Extraction
  12. Non-Learning-Based signal processing Methods
  13. Learning-Based Methods
  14. Different modalities of wireless sensing
  15. System Design
  16. ...and 35 more sections

Key Result

Lemma 4.1

For any non-colliding ciphertext $c \in \mathcal{C}_{\text{good}}$, the adversary's advantage is exactly zero.

Figures (4)

  • Figure 1: Time-frequency analysis (spectrogram) of the theoretical decoy signal and the signal collected with mmWave for a person wearing PrivyWave. (a) Shows high frequency content around the fake frequencies from the key $k$. (b) mmWave collected data (User 4, trial 8) shows high frequency content around the same frequencies, with some minor distortions (which are expected because of the pulse conversion step).
  • Figure 2: (a) Complete hardware for PrivyWave (not powered-up). (b) Inflatable pneumatic device building blocks. (c) Interconnected airways inside the inflatable device. (d) Dimensions of the inflatable device.
  • Figure 3: (a) mmWave data collection setup. (b) Acoustic sensor board with microphone array and a speaker. (c) mmWave radar sensor with data collection board.
  • Figure 4: Individual participant heart rate errors for mmWave (left) and Acoustic (right) sensing. Red bars show the high absolute error for unauthorized devices, which consistently selected decoy frequencies. Green bars show the significantly lower error for authorized devices after decryption. Error bars represent the standard deviation across recordings.

Theorems & Definitions (8)

  • proof
  • Definition 1: Adversary's Advantage
  • Lemma 4.1
  • proof
  • Lemma 4.2
  • proof
  • Theorem 4.3: PrivyWave Privacy Guarantee
  • proof