Slice it up: Unmasking User Identities in Smartwatch Health Data

TL;DR

This paper demonstrates that current de-identification methods for smartwatch health data are insufficient, as a novel similarity-based attack can re-identify individuals, but adding noise can mitigate this risk with minimal impact on health monitoring accuracy.

Contribution

The paper introduces a new DTW-based re-identification attack on health time series data and evaluates noise addition as an effective privacy-preserving defense.

Findings

Re-identification can be achieved with short data segments using the proposed attack.

Adding noise significantly reduces re-identification accuracy.

The attack is computationally efficient, completing in about 2 minutes for 10,000 subjects.

Abstract

Wearables are widely used for health data collection due to their availability and advanced sensors, enabling smart health applications like stress detection. However, the sensitivity of personal health data raises significant privacy concerns. While user de-identification by removing direct identifiers such as names and addresses is commonly employed to protect privacy, the data itself can still be exploited to re-identify individuals. We introduce a novel framework for similarity-based Dynamic Time Warping (DTW) re-identification attacks on time series health data. Using the WESAD dataset and two larger synthetic datasets, we demonstrate that even short segments of sensor data can achieve perfect re-identification with our Slicing-DTW-Attack. Our attack is independent of training data and computes similarity rankings in about 2 minutes for 10,000 subjects on a single CPU core. These findings highlight that de-identification alone is insufficient to protect privacy. As a defense, we show that adding random noise to the signals significantly reduces re-identification risk while only moderately affecting usability in stress detection tasks, offering a promising approach to balancing privacy and utility.