WristPrint: Characterizing User Re-identification Risks from Wrist-worn Accelerometry Data

Public release of wrist-worn motion sensor data is growing. They enable and accelerate research in developing new algorithms to passively track daily activities, resulting in improved health and wellness utilities of smartwatches and activity trackers. But, when combined with sensitive attribute inference attack and linkage attack via re-identification of the same user in multiple datasets, undisclosed sensitive attributes can be revealed to unintended organizations with potentially adverse consequences for unsuspecting data contributing users. To guide both users and data collecting researchers, we characterize the re-identification risks inherent in motion sensor data collected from wrist-worn devices in users' natural environment. For this purpose, we use an open-set formulation, train a deep learning architecture with a new loss function, and apply our model to a new data set consisting of 10 weeks of daily sensor wearing by 353 users. We find that re-identification risk increases with an increase in the activity intensity. On average, such risk is 96% for a user when sharing a full day of sensor data.

[1]  Ling Liu,et al.  Towards Demystifying Membership Inference Attacks , 2018, ArXiv.

[2]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[3]  Dimitrios I. Fotiadis,et al.  Assessment of Tremor Activity in the Parkinson’s Disease Using a Set of Wearable Sensors , 2012, IEEE Transactions on Information Technology in Biomedicine.

[4]  Wenyuan Xu,et al.  AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable , 2014, NDSS.

[5]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[6]  Nitesh V. Chawla,et al.  The Tesserae Project: Large-Scale, Longitudinal, In Situ, Multimodal Sensing of Information Workers , 2019, CHI Extended Abstracts.

[7]  Gregory D. Abowd,et al.  A practical approach for recognizing eating moments with wrist-mounted inertial sensing , 2015, UbiComp.

[8]  Lei Xu,et al.  Modeling Tabular data using Conditional GAN , 2019, NeurIPS.

[9]  Jun Ho Huh,et al.  Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[10]  Emin Anarim,et al.  Age group detection using smartphone motion sensors , 2017, 2017 25th European Signal Processing Conference (EUSIPCO).

[11]  O. Kwon,et al.  Gender differences in three dimensional gait analysis data from 98 healthy Korean adults. , 2004, Clinical biomechanics.

[12]  Songcan Chen,et al.  Recent Advances in Open Set Recognition: A Survey , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[13]  Mani Srivastava,et al.  I Always Feel Like Somebody's Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors , 2021, USENIX Security Symposium.

[14]  Jonathan Loo,et al.  Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing , 2017, Sensors.

[15]  Gerhard Tröster,et al.  Detection of eating and drinking arm gestures using inertial body-worn sensors , 2005, Ninth IEEE International Symposium on Wearable Computers (ISWC'05).

[16]  Jiang Zhu,et al.  KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction , 2013, MobiCASE.

[17]  Kaiqi Huang,et al.  Beyond Triplet Loss: A Deep Quadruplet Network for Person Re-identification , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[18]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[19]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[20]  Syed Monowar Hossain,et al.  mPuff: Automated detection of cigarette smoking puffs from respiration measurements , 2012, 2012 ACM/IEEE 11th International Conference on Information Processing in Sensor Networks (IPSN).

[21]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[22]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[23]  Emre Ertin,et al.  mORAL , 2019, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[24]  Gary M. Weiss,et al.  Cell phone-based biometric identification , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[25]  David R. Myers,et al.  Towards remote assessment and screening of acute abdominal pain using only a smartphone with native accelerometers , 2017, Scientific Reports.

[26]  Alastair R. Beresford,et al.  SensorID: Sensor Calibration Fingerprinting for Smartphones , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[27]  Yan Chen,et al.  RiskCog: Unobtrusive Real-Time User Authentication on Mobile Devices in the Wild , 2020, IEEE Transactions on Mobile Computing.

[28]  Nikita Borisov,et al.  The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors , 2018, CCS.

[29]  Wenyuan Xu,et al.  DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU , 2019, CCS.

[30]  Deborah Estrin,et al.  Center of excellence for mobile sensor data-to-knowledge (MD2K) , 2015, J. Am. Medical Informatics Assoc..

[31]  Emre Ertin,et al.  puffMarker: a multi-sensor approach for pinpointing the timing of first lapse in smoking cessation , 2015, UbiComp.

[32]  Nitesh Saxena,et al.  Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture , 2013, CANS.

[33]  Hiro-Fumi Yanai,et al.  Estimating Carrier's Height by Accelerometer Signals of a Smartphone , 2016, HCI.

[34]  Jingyu Hua,et al.  We Can Track You if You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[35]  Georgios Kambourakis,et al.  Introducing touchstroke: keystroke-based authentication system for smartphones , 2016, Secur. Commun. Networks.

[36]  Mani Srivastava,et al.  PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks , 2015, CCS.

[37]  Vivek Kanhangad,et al.  Investigating gender recognition in smartphones using accelerometer and gyroscope sensor readings , 2016, 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT).

[38]  Triet Vo Huu,et al.  Inferring User Routes and Locations Using Zero-Permission Mobile Sensors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[39]  Gabi Nakibly,et al.  Mobile Device Identification via Sensor Fingerprinting , 2014, ArXiv.

[40]  Gert R. G. Lanckriet,et al.  Recognizing Detailed Human Context in the Wild from Smartphones and Smartwatches , 2016, IEEE Pervasive Computing.

[41]  Lei Yang,et al.  Unlocking Smart Phone through Handwaving Biometrics , 2015, IEEE Transactions on Mobile Computing.

[42]  David Evans,et al.  Evaluating Differentially Private Machine Learning in Practice , 2019, USENIX Security Symposium.

[43]  Wu Liu,et al.  Siamese neural network based gait recognition for human identification , 2016, 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[44]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[45]  Arun Ross,et al.  Fingerprint matching using minutiae and texture features , 2001, Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205).

[46]  Kalyan Veeramachaneni,et al.  The Synthetic Data Vault , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[47]  Simson L. Garfinkel,et al.  De-Identification of Personal Information , 2015 .

[48]  Emiliano De Cristofaro,et al.  LOGAN: Membership Inference Attacks Against Generative Models , 2017, Proc. Priv. Enhancing Technol..

[49]  Reza Shokri,et al.  Machine Learning with Membership Privacy using Adversarial Regularization , 2018, CCS.

[50]  Evangelos Kalogerakis,et al.  RisQ: recognizing smoking gestures with inertial sensors on a wristband , 2014, MobiSys.

[51]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[52]  Mani B. Srivastava,et al.  mSieve: differential behavioral privacy in time series of mobile sensor data , 2016, UbiComp.

[53]  Mert R. Sabuncu,et al.  Generalized Cross Entropy Loss for Training Deep Neural Networks with Noisy Labels , 2018, NeurIPS.

[54]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[55]  Nikita Borisov,et al.  Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures , 2018, Proc. Priv. Enhancing Technol..

[56]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[57]  Philip S. Yu,et al.  DeepAuth: A Framework for Continuous User Re-authentication in Mobile Apps , 2018, CIKM.

[58]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[59]  Andrea Cavallaro,et al.  Protecting Sensory Data against Sensitive Inferences , 2018, P2DS@EuroSys.

[60]  Mani B. Srivastava,et al.  mCerebrum: A Mobile Sensing Software Platform for Development and Validation of Digital Biomarkers and Interventions , 2017, SenSys.

[61]  Mohsen Guizani,et al.  User privacy and data trustworthiness in mobile crowd sensing , 2015, IEEE Wireless Communications.

[62]  Mark Stamp,et al.  A New Dataset for Smartphone Gesture-based Authentication , 2021, ICISSP.

[63]  Shashank Agrawal,et al.  Game-Set-MATCH: Using Mobile Devices for Seamless External-Facing Biometric Matching , 2020, CCS.

[64]  Matthias R. Mehl,et al.  Rapid Automatic & Adaptive Models for Performance Prediction (RAAMP2) Dataset , 2020 .

[65]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[66]  Prateek Mittal,et al.  DEEProtect: Enabling Inference-based Access Control on Mobile Sensing Applications , 2017, ArXiv.

[67]  Yu Qiao,et al.  A Discriminative Feature Learning Approach for Deep Face Recognition , 2016, ECCV.

[68]  David Mohaisen,et al.  AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors , 2020, IEEE Internet of Things Journal.

[69]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[70]  Kevin Fu,et al.  Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving , 2019, CCS.

[71]  Kirsi Helkala,et al.  Biometric Gait Authentication Using Accelerometer Sensor , 2006, J. Comput..

[72]  Benny Pinkas,et al.  Cryptographic techniques for privacy-preserving data mining , 2002, SKDD.

[73]  Nikita Borisov,et al.  Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses , 2016, NDSS.

[74]  Mohsen Imani,et al.  Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning , 2018, CCS.