Person Re-identification Attack on Wearable Sensing

TL;DR

This paper demonstrates that biometric signals from wearable healthcare data can be exploited to re-identify individuals, posing privacy risks and highlighting the need for stronger data encryption methods.

Contribution

It introduces a novel multi-modal Siamese CNN model for person re-identification using wearable sensor data, revealing privacy vulnerabilities in HIPAA-compliant datasets.

Findings

PPG-based breathing and heart rates can re-identify individuals with up to 71% accuracy.

The proposed model effectively combines physiological and physical biometric traits.

Re-identification risks are significant even with privacy-insensitive wearable data.

Abstract

Person re-identification is a critical privacy attack in publicly shared healthcare data as per Health Insurance Portability and Accountability Act (HIPAA) privacy rule. In this paper, we investigate the possibility of a new type of privacy attack, Person Re-identification Attack (PRI-attack) on publicly shared privacy insensitive wearable data. We investigate user's specific biometric signature in terms of two contextual biometric traits, physiological (photoplethysmography and electrodermal activity) and physical (accelerometer) contexts. In this regard, we develop a Multi-Modal Siamese Convolutional Neural Network (mmSNN) model. The framework learns the spatial and temporal information individually and combines them together in a modified weighted cost with an objective of predicting a person's identity. We evaluated our proposed model using real-time collected data from 3 collected datasets and one publicly available dataset. Our proposed framework shows that PPG-based breathing rate and heart rate in conjunction with hand gesture contexts can be utilized by attackers to re-identify user's identity (max. 71%) from HIPAA compliant wearable data. Given publicly placed camera can estimate heart rate and breathing rate along with hand gestures remotely, person re-identification using them imposes a significant threat to future HIPAA compliant server which requires a better encryption method to store wearable healthcare data.