Communication and Sensing: Wireless PHY-Layer Threats to Security and Privacy for IoT Systems and Possible Countermeasures

Recent advances in signal processing and AI-based inference enable the exploitation of wireless communication signals to collect information on devices, people, actions, and the environment in general, i.e., to perform Integrated Sensing And Communication (ISAC). This possibility offers exciting opportunities for Internet of Things (IoT) systems, but it also introduces unprecedented threats to the security and privacy of data, devices, and systems. In fact, ISAC operates in the wireless PHY and Medium Access Control (MAC) layers, where it is impossible to protect information with standard encryption techniques or with any other purely digital methodologies. The goals of this paper are threefold. First, it analyzes the threats to security and privacy posed by ISAC and how they intertwine in the wireless PHY layer within the framework of IoT and distributed pervasive communication systems in general. Secondly, it presents and discusses possible countermeasures to protect users’ security and privacy. Thirdly, it introduces an architectural proposal, discussing the available choices and tradeoffs to implement such countermeasures, as well as solutions and protocols to preserve the potential benefits of ISAC while ensuring data protection and users’ privacy. The outcome and contribution of the paper is a systematic argumentation on wireless PHY-layer privacy and security threats and their relation with ISAC, framing the boundaries that research and innovation in this area should respect to avoid jeopardizing people’s rights.