Using Wi-Fi Signals to Identify People by Body Shape

Another paper on using Wi-Fi for surveillance. This one is on identifying people by their body shape. "FreeSense:Indoor Human Identification with WiFi Signals":

Abstract: Human identification plays an important role in human-computer interaction. There have been numerous methods proposed for human identification (e.g., face recognition, gait recognition, fingerprint identification, etc.). While these methods could be very useful under different conditions, they also suffer from certain shortcomings (e.g., user privacy, sensing coverage range). In this paper, we propose a novel approach for human identification, which leverages WIFI signals to enable non-intrusive human identification in domestic environments. It is based on the observation that each person has specific influence patterns to the surrounding WIFI signal while moving indoors, regarding their body shape characteristics and motion patterns. The influence can be captured by the Channel State Information (CSI) time series of WIFI. Specifically, a combination of Principal Component Analysis (PCA), Discrete Wavelet Transform (DWT) and Dynamic Time Warping (DTW) techniques is used for CSI waveform-based human identification. We implemented the system in a 6m*5m smart home environment and recruited 9 users for data collection and evaluation. Experimental results indicate that the identification accuracy is about 88.9% to 94.5% when the candidate user set changes from 6 to 2, showing that the proposed human identification method is effective in domestic environments.

EDITED TO ADD (9/13): Related paper.

Posted on August 30, 2016 at 12:57 PM • 19 Comments


DennisAugust 30, 2016 8:11 PM

I have doubts about this. Infrared cams are fooled by 3d prints. I'm not so sure what this extra layer of identification can do.

Winston SmithAugust 30, 2016 8:16 PM

Both of these creative WiFi attacks (this one and the WiFi Keystroke Recognition attack) engender a certain anxiety given their reported effectiveness which will possibly be refined over the months and years ahead .

If anonymity, security, and privacy are the objective then consider that there are so many varied (and effective!) attacks on a surface so large that the only winning move, now, is to not play at all. (Think: we're all going to sit around in chainmail surrounded by metal fans that spew precisely cut chaff measuring 1/4 the wavelength of the surrounding RF, using noisy diodes as RNGs to feed to our Qubes boxes running open sourced CPUs and TrueCrypt 7.1a, and quite possibly (ironically) wearing tin foil hats to maintain our privacy at the cost of our sanity-- exaggerated, yes, but only to illustrate the impracticality of the *sum* of these mitigations.) But if someone were to exit the grid altogether, they would "print" a telltale signature by their suspicious lack of a signature, not to mention that truly doing so is a bit unrealistic.

So, I guess that the best way to play is to have two signatures against the backdrop of 21st century society: one as a credit card-carrying, direct deposit-loving employee, Fitbit consuming, Windows 10 user... and another as the one who communicates with a OTP, or (a somewhat less secure) energy-gapped (thank you, Clive) laptop using PGP encrypted files sent through the post office. The big problem with protecting the latter mentioned signature is to get your communication partner to take you as seriously as you are. Prepare for 1984-- the stage is almost ready, I fear.

Marcos MaloAugust 30, 2016 8:58 PM

A positive application for this could be intruder detection.

A couple of scenarios:

Imagine entering a secure area with a card or rfid, even a fingerprint or iris scan. On top of that, you receive a wifi body scan.

You are going on vacation and have engaged a house sitter/dog sitter. You already have your dog registered with the home security system, so you need only register the house sitter, who will now take the "no parties" rule more seriously.

rAugust 30, 2016 9:02 PM

@Marcos Malo,

May be able to detect guns/wires++;

I'm very happy with the biometrics applications behind this for person use I think. (?)

fajensenAugust 31, 2016 7:55 AM

Yes. The novelty is that today one does not need about two 19" racks full of GaAs chips DSPS and FPGA. And another four for power conditioning and cooling.

What used to belong only to people like Thales, BAE Systems and whoever did AEGIS (RCA?) is becoming not exactly COTS but DIY projects, well within the reach of dedicated and smart person.

I don't know if this is good or bad, but, Interesting it is.

Clive RobinsonAugust 31, 2016 9:54 AM

@ fajensen, Herman,

What used to belong only to people like Thales, BAE Systems and whoever did AEGIS (RCA?) is becoming not exactly COTS but DIY projects, well within the reach of dedicated and smart person.

A lot of the early stuff was done by Plessey (later owned by GEC then Siemens, now Chemring) out of a very pleasent campus known as Roke Manor. Quite a lot of what they did spun off into their consumer ICs one of which is well known to the Amateur / Ham communities for thirty odd years was the "NE602" still going as the SA612, from NXP.

ab praeceptisAugust 31, 2016 1:48 PM

I can't but note two things:

a) There seems to have happend a major shift (not only) in science. Some decades ago science was factiodal. It was about reality and it served as reference. Nowadays even well reputed professors of well reputed ivy league universities or institutions like nasa seem to find it perfectly normal to provide a continuous stream of "could be" statements and peripheral and even fringe cases.

b) There seems to be a fixation an fringe edges while at the same time, the big fat and solid core is regrettably neglected. At the same time the human seem to be ever more neglegible while pretty anything vaguely technical, no matter how strange, gets lots and lots of attention. One might almost think that humans are hardly more than disturbance factors and, of course, helpless victims.

The einsteinian/darwinian world view happens to have major flaws? No problem, just inven.., err, discover, dark matter. After a while that doesn't stand anymore? No problem, science at your service, dark energy is ivente..., err, discovered. Running into problems again? Don't you worry, science is at your side, discovering what seems to be - how practical! - a big fat galaxy that seems to consist mainly of dark matter. We still can not even fly to all planets of our tiny solar system, you say, yet talk about dark matter galaxies gogolion miles away? You heretic! How dare you!

You shall be wifi-radar-ed and don't you hope for enhanced fans! Even consisting of dark matter couldn't save you from our prying sensors and devices!

OK, OK, there are tiny gaps in that image. Like, for instance, the fact that the military and secret services have *plenty* of money and are the classical case of getting the bleeding edge toys, which, however, seem incapable of protecting them from evil hackers (certainly in Russia. Where else could they be? Hackers are russian; that's the law of reason) using devices that are certainly from our modest little planet, using approaches like "abusing the fact that the whole web is a swiss cheese" (not sellable, though; too many and too big holes and almost no cheese) or plain simple stupidity or carelessness.

I'm not worried about being wifi-radar-ed (New! Now with body recognition!) or about aes-256 not being good enough.

I'm worried about gazillion bugs and 1000 lurking O-days for any major OS, or about (Pardon me, that's a little vulgar, I know) some low level nsa drones kidnapping my package with my new computer in it and installing evil stuff the very, very old-school way. But maybe I shouldn't? Why should I be bothered, even non kidnapped computers come with plenty of their evil stuff standard built in (like disk OS). And intel and others make it easy, producing new attack vectors every weak.

I'm a weird guy. I shouldn't worry but keep the holiest of law in mind, the law that *actually and really* concerns us: Thou shalt not speak "disparagingly" about the fine people who mindlessly cook that acid-soup we all have to swim in.

I'll go right away and buy a wifi festering boil and then praise the people who created it without thinking too much about unimportant details like the security of a couple of billion people.

Praised be they. I refrain from fans. They might feel offended.

rAugust 31, 2016 6:37 PM

@by the rules,

Well, first and foremost - let me be the one to welcome you to Club Snarkism and bestow upon you your proud OT membership lapel. You should be proud; I am.

I have a responses for you, but first:

I think you're forgetting about blackmail and kidnapping, the age of mass sensors be upon us - for good OR for bad. We are by NSA standards likely 3 hops from a target at all times, what's to stop them or their allies or their unfrandly competitors from employing CIA style attacks on civilians? You're educated, are your friends educated? Are they potential end-targets or hops? Could you or your family be co-erced into line? I'm not talking gas-chambers here, I'm refering to echo ones and cubicles. These technologies are every bit as dangerous in the governments hands as they are in criminals hands, maybe not **this** technology but any technology really. It's a danger two us.

Did I just say dual use?

Anyways, onto my responses to your short list.

@ A),

The differences between then and now are maybe what we are bathing in, you claim acid but I think it's the acid (LSD) of television and the internet itself; e.g. the free exchange of fiction and data. Could it also be, that as we've made great strides in science and education we are reaching the end of the tangible plane? Is there less concrete to explore?

I leave you with that last part to ponder while you complain. :)

@ B),

Actually, B and A fit together nicely. Please, see the paragraph above.

rAugust 31, 2016 6:41 PM

@by the rules,

Sorry upon re-membering the above link from batman (I think), let me add Impersonation to the list of blackmail/kidnapping that ubiquitous spying is enabling.

neillSeptember 1, 2016 1:54 AM

maybe in the lab it works 80% of the time

what if someone has a thick coat on, wears glasses (or not), has metallic clothing (eg reflective artsy prints, shiny beads etc), jewelry etc i guess that would change the wave patterns significantly

TatütataSeptember 1, 2016 5:53 AM

In the spirit of the previous post, there is now a now an excellent case for wearing a tin-foil beanie with a propeller. ;-)

paulSeptember 1, 2016 8:47 AM

It doesn't really matter if this stuff is 100% accurate as long as it's all being collected and correlated with all the other information trails from phones, CCTV and so forth. Surveillance in depth.

albertSeptember 1, 2016 11:24 AM

Passive radar, indeed, not new.

All of this disappears like a puff of smoke when you eliminate wifi. Of course, that's impossible. With tablets and phones that will not accept direct connections, only 'convenience' and the insatiable appetite of the LE/IC/Corporate-BSP apparatus insures that wifi won't go away.

The aforementioned community doesn't really care about percentages. What difference does it make if 5% of your advertising is misdirected, or 3% of your arrest/convictions are of innocent people? As long as the convictions rates and profits remain high, life is good.

Despite all the BS about 'terrorism' and 'crime', personal identification is all about control and retribution. Technical discussions are fun, but let's not ignore the fundamentals.

Technology can't mitigate abuses of technology. And it seems, the higher the tech*, the more it can be abused.
*I refer to analysis tech, not hardware.
. .. . .. --- ....

TatütataSeptember 6, 2016 6:46 AM

Trade magazine "RF Globalnet" published a sort of OP-ed piece titled "Wi-Fi-Based Sensing: The Myths, The Facts, The Opportunities!".

The piece summarizes various secondary applications of WiFi links in the spatial supervision of areas, some of which were reported here.

There is the "usual" optimism and hoopla (note the exclamation mark at the end of the caption), but the following caveat is nevertheless provided:

However, most of those articles fail to account for the fact that these experiments were conducted under controlled conditions, by willing participants. Add more voices or unnecessary movements to the equation, and the accuracy of the results suffers considerably. Kamran Ali, who led the MSU research, told The Atlantic that these limitations mean such technology is “not a big privacy concern for now.”

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.