Cross-Modality Continuous User Authentication and Device Pairing With Respiratory Patterns

At-home screening systems for obstructive sleep apnea (OSA) can bring convenience to remote chronic disease management. However, the unsupervised home environment is subject to spoofing and unintentional interference from the household member. To improve robustness, this work presents SIENNA, an insider-resistant breathing-based authentication/pairing protocol. SIENNA leverages the uniqueness of breathing patterns to automatically and continuously authenticate a user and pairs a mobile OSA app and a physiological monitoring radar system (PRMS). SIENNA does not require biometric enrollment and instead transforms the respiratory measurements taken during the user’s routine physical checkup into breathing biometrics comparable with the PRMS readings. Furthermore, it can operate within a noisy multitarget home environment and is secure against a co-located attacker through the usage of joint approximate diagonalization of eignematric-independent component analysis, fuzzy commitment, and friendly jamming. We fully implemented SIENNA and evaluated its performance with medium-scale trials. Results show that SIENNA can achieve reliable $(>90$ % success rate) user authentication and secure device pairing in a noisy environment against an attacker with full knowledge of the authorized user’s breathing biometrics.


I. INTRODUCTION
O VER 25 million adults in the U.S. suffer from obstructive sleep apnea (OSA), an airway muscle-related breathing condition that involuntarily causes respiratory cessations during sleep. Poor treatment can lead to excessive daytime fatigue, high blood pressure, cardio-metabolic conditions, along with a myriad of health problems [1]. A traditional diagnostic procedure is the polysomnography (PSG). It requires the patient to stay in a laboratory overnight and be attached to multiple sensors/electrodes to track various sleep-related physiological parameters, which renders the procedure highly obtrusive, expensive, and scarce.
Compared to PSG, emerging at-home OSA monitoring systems leverage radar sensing technologies to monitor respiratory symptoms related to OSA. They allow users to conduct self-administered tests without visiting sleep laboratories. However, at home, noncontact medical testing is vulnerable to spoofing and unintentional interference from other household members [2], [3]. One proposed countermeasure is a wearable smartband [3], [4], this approach also requires user compliance.
Aiming to address vulnerability to spoofing and user compliance, this work introduces SIENNA: insider-resistant breathing-based authentication/pairing, a respiratory-based continuous user authentication and device pairing protocol. This system is more broadly applicable to continuous authentication in Internet of Things (IoT) systems [5]. The protocol automatically pairs an OSA app and an OSA radar sensor by comparing the heterogeneous breathing measurements between a chest belt and a continuous wave (CW) Dopple radar, and continuously authenticates the user using unique and activity-invariant breathing features. We introduce the first class of continuous authentication system across sensing modalities that is applicable to general IoT-based continuous sensing systems. It does not require user efforts to enroll the physiological measurements (i.e., respiration biometric). Instead, it transforms the respiratory belt measurements collected during routine physical checks to the radar readings, hence minimizing user interactions and preventing spoofing. Other than the differences in hardware component specifications, such as sampling rate differences of analog-to-digital converter (ADC) [6] caused by the heterogeneity between the two measurements modalities, SIENNA also addresses the fundamental difference in measurement principles, such as the phase aliasing of a CW radar. In particular, the signal artifacts caused by both differences are removed with an automatic phase unwrapping and filtering algorithm in SIENNA.
From a security perspective, SIENNA faces a stronger attacker than other systems. That is, SIENNA defends against an insider attacker (noncompliant user) with knowledge of the breathing patterns. To address the security vulnerabilities against such an attacker, the design integrates joint approximate diagonalization of eignematrices (JADE)-independent component analysis (ICA) [7], fuzzy commitment [8], and friendly jamming [9], [10], [11]. The JADE-ICA allows the radar to identify the unique patterns of a person's breathing in a multiperson environment. The fuzzy commitment authenticates the user and establishes a shared secret key between the radar and the mobile phone. The friendly jamming prevents the insiders from learning the security key.
We formally analyzed the security of SIENNA based on the attacker's knowledge of the context information, and implemented a laboratory prototype consisting of a physiological radar monitoring system (PRMS) and an Android-based OSA app. We conducted an evaluation consisting of 20 subjects spanning over one month. The results show that SIENNA achieves reliable user authentication and device pairing within a noisy at-home environment with multiple free moving persons in the background. It also prevents unauthorized receivers from retrieving the secret key, regardless of their locations or knowledge of the user's respiration patterns. This work significantly expands on that reported in an earlier conference publication [12], with advances including the addition of vitalsigns-based user authentication to the device pairing protocol, the introduction of cross-modality pattern mapping, and a new design of feature extraction algorithms.

II. RESPIRATORY ASSESSMENT MODALITIES
Here, we briefly overview the two modalities used to measure breathing: 1) the respiratory belt and 2) the PRMS.
A respiratory belt is a chest belt that measures changes in thoracic or abdominal circumference during respiration. It is often used during the physical checks before respiratory disease studies, such as OSA, asthma, emphysema, and cystic fibrosis. A transducer is embedded within each belt to generate a substantial linear signal in response to changes in thoracic circumference [ Fig. 1(a)]. The analog output is connected to a data acquisition (DAQ) system that filters and digitizes the signal. As a clinical instrument, the DAQ uses a high ADC sampling rate (100 kS/s) to assure data quality.
An at-home PRMS is a low-cost radar sensor developed for at-home OSA screening purposes. It utilizes the working principle of the CW Doppler radar, in which a patient's chest displacement due to respiratory motion is detected through phase shifts of the reflected transmission signal. We consider Fig. 1(b), with the distance offset due to chest movements being x(t), and the in-phase (I) and quadrature phase (Q) being where λ is the signal wavelength, θ 0 is the phase delay due to the nominal distance between the radar transmitter and the user's torso, surface scattering, and radar's RF chains, and δθ(t) is the residual phase noise. The phase shift corresponds to the respiratory movement and can be computed via arctangent demodulation The demodulated signal is sampled by a low-cost ADC (less than 1 kS/s) to create the digital recordings.

III. PROBLEM DESCRIPTION
Wearable respiratory monitoring systems can achieve higher signal-to-noise ratios and produce more accurate measurements than noncontact monitoring systems. Nevertheless, they may induce unpleasant skin irritation and discomfort, particularly in cases where extended monitoring is necessary or during sleep [13]. Alternatively, if a person has symptoms of OSA, such as loud snoring, morning headaches, and lack of energy during the daytime, he will first visit a physician for an examination. Several measurements will be taken during the physical check-up, including heart rate, breathing rate, and blood pressure. If the physician suspects that the patient suffers from OSA, he will refer the patient to an at-home sleep test. The clinic will follow up with the patient by sending a PRMS to the patient's home and instructing the patient to download an OSA app. The patient will set up the PRMS and pair it with the OSA app to prepare for the test. Assuming the patient is a noncompliant patient who aims to launch a spoofing attack on the system, SIENNA provides a countermechanism that aims to address two security challenges: 1) allow the OSA app to recognize and pair with the intended PRMS and 2) allow the PRMS to authenticate and monitor the intended subject. We elaborate on these challenges in the system and adversarial models below. Fig. 2. Left to right: (a) in hospital: a medical technician measures the patient's breathing patterns using a respiratory belt and upload to the mobile OSA app; (b) at home: the PRMS authenticates the user and pairs with the OSA app by matching with the patterns stored in the OSA app; (c) user starts the OSA test with the PRMS recording the breathing and securely uploading the data to the OSA app; and (d) doctor examines the data for any abnormalities (from [12]).

A. System Model
We consider an OSA screening system with two modules: 1) A mobile phone app that aggregates the screening data and 2) a PRMS to collect the breathing related OSA data. Furthermore, we assume the following.
1) Wireless Interface: The phone app and the PRMS are equipped with radio interfaces such as Bluetooth. 2) Computation: The PRMS can perform computational inexpensive cryptographic algorithms, such as SHA-256 hash and AES. 3) Security: The phone app and the PRMS do not have any prior security associations. The user's health records, including the vital measurements taken during the initial physical examination [ Fig. 2(a)], are stored within the associated OSA mobile app (assuming the user has already set it up and logged into it).

B. Adversary Model
A key difference of our adversary model compared to existing work is that the system's legitimate user could also be an attacker. The objective of this noncompliant user is to either eavesdrop on the communication between the system modules or manipulate the system into accepting false data.
Eavesdrop: The patient may listen to the communication channel between the PRMS and the phone, intending to extract the content during their pairing process. For instance, the patient may intercept the key exchanged between the PRMS and the phone to decrypt and review all data records before a doctor examines them. If the patient identifies patterns related to OSA symptoms, he can have time to come up with an excuse.
Spoofing: The patients may ask another individual to substitute them for the test. The patient may also leverage the eavesdropped key to inject false data and manipulate the OSA test outcome. For instance, the patient may collect normal patterns prior to the test and replay the normal data records to the phone during the test.

IV. SIENNA
Here, we present SIENNA: insider-resistant breathing-based authentication/pairing. SIENNA derives a symmetric key by leveraging the user's respiratory measurements collected during triage screening to enable zero-interaction user authentication and device pairing between the PRMS and its associated OSA mobile application. SIENNA applies phase unwrapping and digital filtering to enable cross-modal comparison between respiratory patterns collected by the respiratory belt and those collected by the PRMS. SIENNA further employs a combination of JADE-ICA, fuzzy matching, and friendly jamming to account for the signal noise generated from a multiperson environment and to prevent a noncompliant user from tampering with the OSA screening process.

A. Overview
The system flow of SIENNA is shown in Fig. 2. It begins when the user visits the sleep clinic for an OSA preexamination. As a part of the physical examination, a medical staff measures the user's breathing with a respiratory belt [ Fig. 2(a)]. If an at-home OSA test is deemed necessary, the clinic issues a PRMS and instructs the user to install a mobile OSA app with records of the belt measurements. Upon returning home, the user sets up the PRMS and activates the app. The app automatically seeks to pair with a PRMS that observes similar respiration patterns as the belt measurements. Thus, the pairing is achieved when the PRMS successfully authenticates the user. [ Fig. 2(b)]. After the authentication and pairing steps, the PRMS continuously monitors the user and securely forwards the breathing data to the app [ Fig. 2(c)]. Once the OSA test is completed, the app uploads the breathing data to the server. The doctor analyzes the OSA data to provide a prognosis and prescribe OSA treatment options if necessary.

B. Activity-Invariant Respiratory Features
To enable continuous user authentication and device pairing, SIENNA utilizes the following activity-invariant respiratory features that are unique and robust to changes in physical activities: waveform morphology analysis (WMA) with discrete wavelet transform (DWT). It has been demonstrated in various clinical investigations that sedentary adult human subjects exhibit a diversity in respiratory pattern while awake, not only in terms of tidal volume and inspiratory and expiratory duration, but also in terms of air flow profile. Every individual selects to exhibit one pattern among the infinite number of possible ventilatory variables and air flow profiles. These variabilities are nonrandom and may be explained by either central neural mechanisms or chemical feedback loops. In addition, each individual has a different physical size and shape of lungs, as well as different rib cage and abdominal muscle strength that contributes to the variations in breathing patterns. These distinct characters can be extracted from the breathing measurements via are WMA with DWT.
A WMA is a time-domain analysis that characterizes the shape, amplitude, and duration of the waveform signal. When applying to the breathing measurements, it quantifies the inhaling/exhaling rhythm, depth, and duration. Consider the waveform of one human breathing cycle, which consist of one trough and one crest. The cause of these troughs and crests is not deterministic and may be either inhalation or exhalation. For a given fraction, 0 ≤ p ≤ 1, let h t,p be the p depth of the trough and w t,p be the width of the trough at h t,p . The morphological feature at p% depth of the trough is defined as: e t,p = w t,p /h t,p . Similarly, The morphological feature at p% height of the crest is defined as: e c,p = w c,p /h c,p , where h c,p is the p height of the crest and w c,p is the width of the crest at h t,p . For a given vector [p 0 , . . . , p n−1 ], a morphological feature vector is defined as: Fig. 3(a)]. As WMA features are ratio-based, they are not subject to the breathing rate changed due as the subject going through different activities, hence invariant over time for the same subject [14].
A DWT is a frequency-domain transform that decomposes a given signal into a set of mutually orthogonal wavelet basis functions. Each function is a time series describing the time evolution of the signal in the corresponding wavelet basis. Applying to the breathing measurements, it can separate the respiration-induced movements and vibrations of different parts of the body, e.g., thoracic and abdominal movements, into different time series. Let x(n) be the original breathing measurements. A single-level DWT decompose x(n) in to a low-pass filtered version x l (n) and a high-pass filtered version x h (n) with discrete-time, low-pass and high-pass filter (LPF/HPF), where x l (n) can be further transformed using the identical procedure as outlined above and shown in Fig. 3(b), resulting a j level DWT with j + 1 time series. Each series is then input to the WMA to extract the morphological features, leading to a final vector with 2i * (j + 1) morphological features.

C. Cross-Modality Pattern Mapping
The principal element of SIENNA is the relationship between the respiratory belt and PRMS measurements. Albeit monitoring the same respiratory events, the mechanisms and hardware of the respiratory belt are in stark contrast to those of the PRMS. For instance, the respiratory belt transducer provides a linear response to the thoracic or abdominal circumference changes during respiration; while the arctangent demodulation of PRMS gives the same value when the observed chest motions differ by multiples of the carrier signal wavelength. The latter phenomenon, known as phase aliasing, creates artificial jumps in the PRMS readings. In addition, the respiratory belt is connected to a benchtop DAQ hardware with a high ADC sampling rate of 100 kS/s, allowing the system to capture the full spectrum of the breathing motion, including its fundamental frequency component (representing the breathing rate) and the harmonic frequency components (representing detailed shapes of the breathing patterns). On the other hand, the PRMS has a less capable ADC (1 kS/s) and a corresponding low pass filter to remove signals above the ADC's Nyquist rate. Hence, it can only capture a partial spectrum of the breathing motion, including the fundamental and a few harmonic frequency components.
To extract comparable respiratory patterns, SIENNA applies an unwrapping function on PRMS readings to mitigate phase aliasing. Let r be the time-domain PRMS readings. The unwrapping function checks the difference between every two consecutive samples If the current value is greater than or equal to π radians, it shifts r(t i ) by adding multiples of ±2π until the jump is less than π . The results are filtered through a high pass filter to remove the DC bias caused by unwrapping and normalized withr The time-domain signal is then transformed into frequency domain via fast Fourier transform (FFT) to produce the respiratory pattern. For the belt readings, SIENNA filters the signal using a low pass filter to match the PRMS's frequency range, normalizes the results, and applies FFT(·) to provide the frequency-domain respiratory pattern.

D. Breathing Separation With JADE-ICA
Home environments are noisy and unpredictable, with the possibility of irrelevant individuals being in close vicinity to the user. To retrieve the correct context in an environment with potentially multiple subjects, SIENNA augments the PRMS modality with a breathing separation module, which reconstructs the breathing signals of multiple co-located individuals to select the correct target. The goal of the separation module is to reconstruct the source signals from a set of mixtures, without knowledge of the sources' properties or the proportions of the mixtures. Since respiration signals are non-Gaussian and independent from individuals, whilst mixed linearly at the PRMS receiver, one can recover the source signals using ICA [15], which is formulated as the following. Assume N independent time varying sources and the observed mixtures as an M × T matrix The mixtures are produced as the product of the source and a mixing matrix W M×N , e.g., The goal of ICA is to recover R N×T and W M×N given only X M×T , assuming r i (t), i = 1, . . . , N are independent and non-Gaussian. We employ the JADEs algorithm [16] to perform ICA, with the details omitted to conserve space. The JADE algorithm extracts independent non-Gaussian sources R N×T , e.g., the breathing pattern of individual targets, from signal mixtures with Gaussian noise X M×T , e.g., the breathing mixture received by the PRMS, by constructing a fourth-order cumulants array from X M×T . Specifically, assuming T > M, N, the algorithm first applies PCA to whiten X M×T , yielding with a whitening matrix B K×M . Post-whitening, the columns of the whitened matrix P T×K are orthogonal with equal variance. Any rotation of P T×K will not change the independence between it column vectors. The algorithm then tries to find a rotation matrix V N×N to maximize the independence between the row vectors of the rotated P T×K , which is achieved when the fourth-order cross-cumulants between the row vectors are zero and their auto-cumulants are maximal. Once V N×N has been identified, the demixing matrix can be computed as and the source matrix as More detailed information on JADE and cumulant tensor array can be found at [7] and the MATLAB code on the website [17].

E. Fingerprinting With Level-Crossing Quantization
After target separation, the PRMS compares the breathing patterns of individual targets with the belt measurements preloaded in the OSA app to authenticate the user and pair with the app. A fingerprint extraction function, EXT(·), is used to generate the binary fingerprints for authentication and pairing. Thus, the binary strings produced by EXT(·) must meet two criteria: 1) they must look sufficiently similar in Hamming space if they are to represent the breathing process of the same person and 2) they must preserve the uniqueness of the breathing dynamic that distinguishes the subject from other individuals.
To achieve these objectives, EXT(·) uses level-crossing quantization to sample the morphological features, R, with two predefined thresholds (Fig. 4). Let q + , q − be the thresholds values such that q + > q − , we define a quantizer QTZ(·) Let δf be the time interval between adjacent sampling instants. The binary fingerprints obtained by EXT(·) is which can be compared in Hamming space. However, the result of a single level-crossing quantization loses details in the original breath pattern and fails the second objective. To address this issue, we apply multiple passes of level-crossing binary quantizations, each at a distinct pair of levels, q i+ , q i− , and concatenate them to generate the binary fingerprints. Intuitively, it is equivalent to create a pair-wise linear approximation of the breathing pattern, with quantization error equal to the level density.
A binary fingerprint longer than a predefined length, is padded and divided into multiple subsequences, [p 1 , p 2 , . . . , p n ], to create with denoting the exclusive OR (XOR) operation.

F. User Authentication and Device Pairing
Finally, SIENNA compares the binary fingerprints via a jamming-protected fuzzy matching protocol to authenticate the user and establish a symmetric key in the presence of an eavesdropper (Fig. 5).
Traditional context-based authentication and key establishment protocols are not secure when the context information is known to an adversary [18]. In our case, the user whose identity is pending verification is the same individual who wishes to compromise the secret key, and therefore has complete knowledge of the context, that is, their breathing patterns. SIENNA addresses such an insider threat with a cross-layer design that employs two security primitives: 1) fuzzy commitment [8] and 2) friendly jamming based on dialog codes [9], [10], [11]. The fuzzy commitment scheme is a cryptographic protocol that allows secure sharing of a secret using similar-but-not-identical context information, while the friendly jamming scheme corrupts the signal toward the unintended receiver. Both protocols combined ensure that an eavesdropper with the correct context cannot recover the key exchanged between the pairing devices.
Let σ be a secret value. A fuzzy commitment using an opening feature, φ, and a hash function, H(·) transforms a secret value σ into a commitment such that χ appears random and devoid of any information about σ . All opening featuresφ reveal σ via if and only if the Hamming distance HAM(φ,φ) ≤ τ , where τ is a parameter denoting the maximum allowable Hamming distance betweenφ and φ to reveal σ .
To initiate the protocol, the OSA app, a, broadcasts a message, {H(k 0 ), t str , t end }, where k 0 denotes the a public parameter known to all parties. 1 t str and t end denote the starting and ending timestamps for the PRMS, b, to capture the respiratory patterns.
Let R a = FFT(r a (t 0 , t 0 + t end − t str )) be the breathing pattern stored in the OSA app, and R b = FFT(r b (t str , t end )) be the breathing pattern captured by the PRMS within the specified time interval. The two devices extract breathing fingerprints p a = EXT(R a ) and p b = EXT(R b ), via the fingerprint extraction function EXT(·) : {1, 0} * → {1, 0} M * 2 K (detailed in Section IV-E). If the PRMS observes a breathing mixture of multiple subjects, the mixture is first separated into the breathing patterns of individual subjects (detailed in Section IV-D), which are processed by EXT(·) to create multiple fingerprints, one for each subject.
Once the breathing fingerprints are generated, a randomly selects a key salt, s ∈ {1, 0} N * 2 K , and transforms it into a commitment {c ∈ {1, 0} M * 2 K , H(s)} using the breathing fingerprint, p a . Specifically, a encodes s via the Reed-Solomon (RS) encoding function and computes Henceforth, a and b exchange c through dialog codes to defend against an insider attack. First, a converts the commitment into OFDM symbols, duplicates each symbol back-to-back and broadcasts all the symbols. Simultaneously with a's broadcast, b randomly jams either the original symbol or its repetition [9], [10] PHYJAM( DUPSYM({c, H(s)}) ).
To jam a symbol, b transmits a signal drawn randomly from a zero-mean Gaussian distribution with the same variance as the OFDM signal's. Since b knows which symbols are jammed, it stitches the unjammed symbols together to create a clean version of the OFDM transmission and decodes the signal to obtain the clear message.
and decommits the salt by decodingl using the RS decoding functionŝ Due to the error correction capability of RS codes, s equalŝ s if and only if l andl differ in less than 2 K−1 (M − N) bits.
Since l = p a d andl = p b d, it is equivalent in saying that p a and p b must differ in less than 2 K−1 (M − N) bits for b to retrieve s. To confirm whether the retrieval was successful, b computes H(ŝ) and compares it with H(s). Depending on whether they were equal, an ACK or a NAK message is transmitted from b to a, where the ACK signal signifies successful patient identification by which the final step of the key establishment can proceed; and the NAK signal initiates the reattempts.
To conclude the key establishment, both a and b apply a key derivation function to obtain the secret key.

V. SECURITY ANALYSIS
The security of SIENNA can be formally analyzed based on the properties of commitment values, and extended accordingly based on the attacker's knowledge of the user's breathing fingerprint, p.

A. Concealment and Binding
Following the analytical conventions of the fuzzy commitment scheme by Juels and Wattenberg [8], we use the properties of concealment and binding to assess the key evolution protocol employed by SIENNA. , 0} μ is said to be binding if it is infeasible for any polynomially bounded player to retrieve σ using an incorrect opening feature, e.g.,φ, HAM(φ,φ) > τ , with probability greater than PROB = 1/2 μ .

B. Attacker Without Knowledge of p
When the eavesdropper does not have the correct context, SIENNA inherits the security properties of fuzzy commitments, which are reiterated below from [8].
Claim 1: Suppose s ∈ R {1, 0} N * 2 K and p ∈ R {1, 0} M * 2 K , the fuzzy commitment construction used by SIENNA, with l = RS(2 K , M, N, s) ∈ R F M 2 K and c = p l, is concealing with PROB = 1/2 N * 2 K against an attacker with no prior knowledge of p.
Overall, Claims 1 and 2 characterize the hardness for an attacker without prior knowledge of f to determine s from {c, H(s)}; and identify two security parameters, ν and μ, which govern the security level for concealment and binding. Assuming that the most effective means of finding a collision for a hash function is a birthday attack, which induces a work factor of 2 μ/2 , we can set ν = 128, and μ = 256 to guarantee strong concealment and binding properties, with the hardness similar to finding a collision in SHA-256.

C. Attacker With General Knowledge of p
While the binding level of Claim 2 holds regardless of the opening feature p's probability distribution, the concealment level of Claim 1 would degrade if p is drawn from a nonuniform distribution known to the attacker. By knowing the distribution of p, the attacker's strategy to determinel in the proof for Claim 1 can be computationally less expensive than inverting H(r) for a uniform random value, r.
One way to improve the concealment level against an attacker with knowledge of p's distribution is to commit and decommit l using multiple samples (segments) of p as shown in Section IV-E. The security enhancement stems from Yao's XOR lemma [19], which states that computational weakunpredictability of Boolean predicates is amplified when the results of several independent instances are XOR together. In other words, the attacker's advantage due to bias in p's distribution diminishes with the increasing number of ps in the XOR chain; and the diminishing rate defined in [19].

D. Attacker With Full Knowledge of p
The XOR-chain trick would not prevent an attacker with perfect knowledge of p from retrieving s. This case considers a malicious, noncompliant patient capable of measuring his own breathing patterns. Were he also able to capture the commitment message, {c, H(s)}, he can accurately compute l = c p and decode to obtain s. To prevent such an insider attack, SIENNA leverages friendly jamming at the physical layer to obfuscate the commitment for any unintended receivers.
While SIENNA's friendly jamming technique is universally applicable at the physical layer of any digital communication system, it is particularly effective when augmenting an OFDM system due to the pseudorandom nature of the signal. During OFDM modulation, a binary sequence is converted into N complex numbers in the frequency-domain, X n , via quadrature amplitude modulation (QAM), and subsequently converted into a time-domain sequence, x k , via the inverse FFT (IFFT) where each x k can be regarded as a weighted sum of N pseudorandom variables, resulting in a pseudorandom Gaussian signal according to the central limit theorem (CLT). When the jamming signal is drawn randomly from a zero-mean Gaussian with the same variance as the OFDM signal, a single-antenna attacker cannot distinguish between the jammed and clear signals, 2 and therefore cannot properly reconstruct {c, H(s)}.
We can analyze the jamming protection against an insider attack based on a wiretap channel model [22]. We consider a noncompliant patient using an unauthorized receiver to intercept the commit message. We denote the main channel as the wireless channel between a and b, and the wiretap channel as the medium between the unauthorized receiver and either a or b. The frequency-domain representation of the main channel is then while the frequency-domain representation of the wiretap channel is where P 0 and σ 2 0 denote the average power and variance of the intrinsic wireless noise, P 1 and P 2 denote the average powers of the OFDM signal observed by the receiver and the unauthorized receiver, and P and σ 2 denote average power and variance of the jamming signal observed by the unauthorized receiver. The secrecy capacity [23] of the wiretap model is It has been shown in [10], that the jamming scheme performs optimally when the OFDM system operates with high order modulation (at least QPSK), and 1 < P/P 2 < 9. 3 Therefore, SIENNA prohibits BPSK transmission at any SNR. The bit error probability for such an OFDM system, allowing only M-QAM transmission, is for the main channel and for the wiretap channel, where Q(·) denotes the tail distribution function of the standard normal distribution. The receiver may adjust P to elevate B tap beyond the error correction capability of the fuzzy commitment to prevent an insider attack. However, although jamming is only effective when 1 < P/P 2 < 9, P 2 is dependent on the location of the unauthorized receiver, and is unknown to the legitimate receiver. To address this, the transmitter must create L commitments, each with one subsalt, and transmit them one by one. Meanwhile, the receiver must jam the targeted signal at L different power levels, {P max , P max /9, . . . , P max /9 L−1 }. Given that B main is not affected by P, the receiver can recover all subsalts and XOR them together to obtain the key evolution salt. In contrast, the unauthorized receiver will fail to decode at least one subsalt, and therefore cannot recover the key evolution salt. The number of jamming levels, L, can be computed based on the upper bound (the maximum power supported by the hardware, P max ) and lower bound (the noise floor, P 0 ) on the OFDM signal power.

VI. EVALUATION
We implemented and empirically evaluated the performance of SIENNA. The system prototype consists of a PRMS implemented with mmWave transceivers/radio heads, a respiration belt sensor implemented with a piezoelectric respiration transducer, and a Android-based OSA application [ Fig. 6(a)]. We conducted laboratory and field experiments over one month with the SIENNA prototype and 20 subjects selected through a random sample recruitment process. All experiments with human subjects are approved by the institutional review board (IRB) based on the written consent.
A. Implementing SIENNA SIENNA was developed and tested from 2019 to 2020. The system design employs a commercial off-the-shelf 4-channel 24-GHz monopulse radar transceiver (K-MC4 from RFbeam Microwave GmbH) interfacing a LabVIEW controlled DAQ through four LNA's (SR560 from Stanford Research System). The 3dB beam aperture is 12 • horizontally and 30 • vertically. The angle coverage is between +/-15 • horizontally.
The respiratory belt is implemented with a piezoelectric respiration transducer (Model 1132 Pneumotrace II from UFI), which interfaces with a LabVIEW controlled DAQ. The Android application communicates via bluetooth low energy (BLE) with the host computers that control the mmWave radar(s). The fuzzy committment implementation leverages the Android BLE APIs to connect to the generic attribute profile (GATT) servers set up by the LabVIEW Bluetooth Toolkit on the host computers. The physical layer jammer is implemented via the Android application connecting to a Wi-Fi-BT-Bluetooth LE breakout board [ESP32-WROVER-IB from ESPRESSIF, see Fig. 6(b)].

B. Experiment Setup
We conducted laboratory and field experiments over a onemonth period with 20 subjects selected through a random sample recruitment process. The subjects are between the ages of 16 and 35, weigh between 42 and 85 kg, and have no prior history of heart disease. The subjects are asked to participate in multiple trials of sleep studies under laboratory and everyday settings as detailed below.

Sleep Environment and Data Collection:
We furnished a sleep environments for experimentation. The laboratory environment consists of two twin-size areas under a quiet and dim ambience. During each trial, the subjects are positioned 0.5 m below the mmWave radar system for data collection [ Fig. 7(a)]. We continuously monitor the respiration of the subjects for 1 h, during which adversarial activities (if planned) are attempted every 10 min. After the experiment, we extract a 60-s data segment around each activities to evaluate SIENNA's performance, with the remaining data to serve as references. Overall, we collected approximately 30 000 breathing cycle samples for each subject.
Eavesdrop/Spoof: We designed the eavesdropping and spoofing attacks with a BLE sniffer and spoofer, implemented via Ubertooth and Kismet [24]. During each experiment, one subject was asked to lay down under a mmWave radar [ Fig. 7(b)]. A third party operated the computer running the Ubertooth. The packets transmitted by the OSA application and the mmWave radar were identified based on their bluetooth device addresses (BDAs) obtained prior of the experiment. To implement the eavesdropping attack, the host's codes recorded the packets containing the fuzzy commitment and hash value of the new key, which were analyzed offline in attempt to deduce the keys. To implement the spoofing attacks, an attacker-generated compliance tracking data encrypted with the deduced key was transmitted at higher power during data upload toward the OSA app, in attempt to manipulate the latter into accepting the fraudulent data, which was verified during offline analysis.

C. Performance of Breathing Separation
During each experiment, the signal (mixture) captured by the mmWave radar [ Fig. 8(a)] was filtered in real time by the ICA-JADE-based breathing separation module implemented through a MATLAB script running within LabVIEW. The script filtered the signal with a digital FIR low-pass filter with cut-off frequency of 10 Hz to suppress the high-frequency noise while preserving the physiological-related information. The filtered signal was linearly demodulated to compute the phase shifts caused by the displacement(s) of the chest(s) surface(s) during breathing (Fig. 8(b) top). Specifically, the script calculated the covariance matrices of the I and Q channel signals and applied eigenvalue decomposition to the covariance matrices to extract the maximum chest displacement information. The demodulated signal was separated by the ICA-JADE method to isolate individual respiratory signatures (Fig. 8(b) bottom).
Finally, the script evaluated the performance of ICA-JADE by computing the cross-correlation between the isolated signatures with the ground truth obtained from the respiration transducer. The empirical result shows that the similarity is above 90% when we limit the experiment within 60 s. As time increases, the subjects tend to move/turn on the bed, which changes the contribution of their breathing to the signal mixture, e.g., the mixing matrix, and the ICA-JADE result deviates from the truth. Thus, we limited the sensing period of SIENNA during the subsequent experiments to within 60 s to achieve a stable source separation.

D. Performance of Fingerprint Extraction
An individual breathing signature was quantized in parallel by multiple level-crossing LabVIEW VIs to generate the binary fingerprint after breathing separation. The breathing signature (torso deformation) due to changes in respiratory movement is a complex 3-D pattern, and varies greatly with subject parameters and activity context. Based on our preliminary data, the thorax motions due to respiration and heartbeat are limited within +/-0.5 and +/-0.05 cm (Fig. 9, and the rates of respiration and heartbeat are below 15 and 60 per minute, when the subject is at rest. Therefore, we employed ten level-crossing quantization branches with a quantization step size of 0.05 cm at a sample rate of 10 per second, to preserve the fine-grained respiratory motion when extracting the breathing fingerprint. To be compatible with the fuzzy commitment protocol, the quality of the binary fingerprints was evaluated based on the Hamming distances between fingerprints of the same subjects observed by the PRMS, as well as different subjects observed by the PRMS. It has been demonstrated in various works that human subjects can be sufficiently distinguished based on their inhales (local maxima), exhales (local minima), and breathing depth (the area between two consecutive maxima and in between one minima point). The similarities of these features directly translate to the Hamming distances between the quantized fingerprints. Therefore, comparing the Hamming distances is equivalent to constructing an equal-weighted linear classifier for patient identification.
The empirical results [ Fig. 9(b)] show that the average Hamming similarity per bit between fingerprints of the same subject observed from different modalities is around 63% when extracted from 6-s breathing signatures (with two breathing cycles). The Hamming similarity increases almost logarithmically toward 100% as we extend the duration of the breathing signature to 60 s (with 20 breathing cycles). The elevated mean and reduced variance in the Hamming similarity is mostly due to the extended time, which allows repeated measurements of the periodic respiratory effort motion unique to each subject.
On the contrary, the average Hamming similarity per bit between different subjects' fingerprints remains below 5% despite the measurement duration [ Fig. 9(b)]. The position between the mmWave and the subject also poses a significant factor, which attenuates the Hamming similarity. As the subject moves away from the radar's downrange direction, the radar measurements deviate from the ground truth (obtained from the chestband). But their similarity remains sufficiently high compared to the breathing fingerprints between different subjects. Overall, the results show that the Hamming similarity per bit for SIENNA can be set to around 70% to allow accurate patient tracking.

E. Performance of Key Extraction
The binary breathing fingerprints, are chunked into multiple 10-s segments and padded with 0s to meet the codeword length of the (2 8 , 255, n) RS codes, e.g., 8 × 255 = 2040 bits. The particular group of RS codes are chosen to ensure the communicated data can be measured in exact multiple of bytes (8 bits). A key salt of 8 × n bits is randomly selected and encoded with the RS(2 8 , 255, n) RS encoder to generate the 2040 bits opening value. The opening value and the (multiple) padded fingerprint segments are XORed together to generate the 2040 bits commitment.
We evaluate the security of the fuzzy commitment via a randomness test using the NIST statistical test suite. Based on ten million randomly generated key evolution salts (with entropy per bit equal to one), we measured and showed the randomness of the opening values, e.g., single and XOR of multiple 10-s breathing fingerprint segments, and the commitments [ Fig. 10(a)]. The empirical test shows that the entropy per bit drops almost by half when the key salt is converted into a commitment. In other words, the entropy of a 2040-bit commitment is approximately 1000 bits. The primary causes of the reduction are due to the redundancy in the RS codes and the human respiratory motion's cyclic character. Two additional factors that affect the randomness of the commitment are the quantization levels and the number of the XOR operation rounds. When the quantization levels increase, the randomness of the breathing fingerprints slightly improves due to the enhanced granularity of the binary sequencing, suggesting a higher quantization level for a stronger breathing fingerprint. However, this also leads to a longer binary fingerprint, requiring the commitment to be generated with multiple rounds of XOR operations, resulting in reduced entropy of the commitment due to the cross-correlation between different segments of the fingerprint. Therefore, there is a tradeoff between the randomness of the generated breathing fingerprint and the commitment when selecting the quantization level.
We further measured the commitment and reconstruction time of the key evolution protocol. As the binary quantization takes negligible time to perform, the RS encoder and decoder's efficiency dominates the protocol's turnaround time. We timed our LabVIEW-based protocol implementation with different parity symbol lengths, k = 255 − n, in the (2 8 , 255, n) RS codes. The results show that the overall commitment time is below 0.3 s and grows linearly to the maximum number of correctable symbols, k/2, due to the additional Lagrange interpolations needed to compute the parity symbols [ Fig. 10(b)]. The overall reconstruction time is below 0.02 s and grows linearly to k/2, due to the additional syndromes computed for error corrections [ Fig. 10(c)]. The decoding time is invariance to the number of errors in the codewords, which is a security advantage as the attacker cannot infer the decoded message's correctness based on decoding time.

F. Performance Under Adversarial Settings
SIENNA's performance against eavesdropping and spoofing is evaluated by comparing the aggregated bit error rate (BER) at the receiver versus the aggregated BER at the attacker side. Due to the application of fuzzy commitment, the key establishment protocol allows a maximum of 27% BER in the breathing fingerprints (when using (2 8 , 255, 201) RS codes) to recover the key salt. Compared to Fig. 9(c), such a BER alone prevents any outside attackers who cannot observe and mimick the patient's breathing patterns from stealing the key salt. Our experiment further showed that the jamming signal could suppress the attacker's BER to approximately 50% within the PRMS's transmission range, rendering the fuzzy commitment message that is not decodable, even if an attacker could obtain the patient's breathing fingerprint. Overall, the CDF of the accumulated BERs for attackers at any locations within the PRMS's transmission range concentrated between 41% to 50% [ Fig. 10(d)] and is well beyond the correctable range of the selected RS codes. Thus, the combination of both techniques ensures sufficient and ensures complete protection of the security key during modality-switching against both outsider and insider attacks.

VII. RELATED WORKS
The following section provides a brief survey on test compliance tracking, radio-based sensing/verification, and copresence authentication.

A. Test Compliance Tracking
One major issue preventing the wide adoption of at-home OSA and other remote medical screen systems is cheating. Several professions with occupational safety requirements, including truck drivers, pilots, etc., worry that positive OSA test results could jeopardize their careers. Some may ask their friends or family members to substitute for the test, or eavesdrop/spoof the data communication during the test to manipulate the outcomes.
Many at-home OSA test kits today employ countermeasures to fend off user spoof or data spoof. But they are often cumbersome and require additional steps to set up. For example, some kits use tamper-resistant bracelets to link a user to the test kit, hence preventing user spoofing and ensuring secure data transfer [4]. However, the patient is tethered to the kit throughout the test, limiting the range of motion and lowering the comfort level. Other kits leverage vital-based biometric authentication to verify the user's identity [4]. But the systems require the user's assistance to collect and train with the user's vital patterns, which is not secure for at-home OSA screening. Further, both types of systems lack the capability to perform continuous user and device verification and are subject to attacks after the initial authentication step passes.
Existing industry solutions also utilize skin-contacting sensors to execute test compliance tracking. These approaches are reliable and have minimal chance of false identifications.
However, the patient may feel discomfort due to the attached sensors, which hampers the confidence of the test results. Several relevant experiments achieve identity verification by remotely monitoring and verifying the subject's physiological or behavioral traits. Common methods use imaging or audio sensors to perform facial-based or voice-based recognition [25], [26], [27] or authenticate the subject through behavioral characteristics, such as tactile dynamics and gait patterns [28], [29]. Though essential, these methods are not suitable in addressing our problem due to the low-light and low-sound conditions and the subject's state of consciousness during such sleep studies.

B. Radio-Based Identity Verification
Radio-based identity verification is one of among a few promising directions in addressing the aforementioned issues. It obtains unique physiological traits from radio signals reflected from the subject and does not require the subject's active involvement or ambient conditions unsuitable for the sleeping study. Several research works employ Doppler radar measurement of cardiopulmonary motion at decimeter or mmWave band for continuous user authentication [30], [31], [32], [33]. Others utilize the channel measurement protocols inherent to off-the-shelf WiFi devices to extract unique features for individual identification [34], [35], [36]. Recent development further incorporates advanced signal processing algorithms and machine learning techniques to improve the identification accuracy and reliability [37], [38].
Despite many advances, two fundamental problems associated with our setting remain unsolved. First, the challenges to establish the connection between the radio signature and the subject's identity are largely omitted in existing work. In other words, the initial enrollment, during which the system captures the subject's physiological measurements to be compared with the traits extracted from radio signals, is contingent upon the assurance of the user's identity, which must be verified in a more reliable method. Second, the results in existing work are mostly obtained through single-subject experiments under controlled settings [39], [40], [41], [42]. The challenges to apply radio-based approaches in complex environments subject to disruptive events and multiple targets, e.g., scenarios mostly encountered for in-home sleep arrangements, remain to be addressed.

C. Co-Presence Authentication
Another group of authentication methods applicable to test compliance tracking is co-presence verification, through which authenticator-certified devices perceive roughly the same ambient context via their onboard sensors. Context-based co-presence verification has been a long-standing challenge in security research. In [43], [44], and [45], fluctuations in the radio signal have been used in verifying the immediate proximity between unmet/unassociated users/devices. In [18], [46], [47], and [48], mutually observed ambient context-such as sound, luminosity, and the correlation between different sensory modalities-have been exploited to secure the trust between legitimate parties. Since the context information are usually noisy and differ between observers, co-presence verification predominately incorporates error-tolerant algorithms to match close-to but not identical data. Common techniques include distance-bounding protocols [49], fuzzy extractor [44], [45], and commitment schemes [18], and machine learning classifiers [50].
There exist two antithetical issues regarding context-based co-presence verification, however. On the one hand, momentary snapshots of the ambient context contain little entropy to be robust against forgery or brute-force attacks. In our case, the intrinsic entropy of a person's short-term breathing pattern can be as low as 3 bits (based on our empirical analysis), which is significantly lower than the entropy level required for security credentials. On the other hand, long-term observations of the ambient context may increase the randomness of the shared experience, but require strict data synchronization and processing techniques to extract usable fingerprints that serve as proof of sustained co-presence among devices.

VIII. CONCLUSION
We presented SIENNA, a novel insider-resistant breathingbased authentication and pairing scheme for at-home OSA screening systems. By combining fuzzy commitment, friendly jamming, and JADE-ICA, SIENNA can extract the unique patterns of a person's breathing dynamics to perform user authentication and device pairing in the presence of co-located attackers. SIENNA requires minimal setup from the user's side to enroll the breathing biometrics as it transforms the respiratory belt measurements taken during the user's routine physical checkup into breathing biometrics comparable with the PRMS readings, resolving the phase ambiguity and sampling rate differential between measurement modalities during the transformation. We formally analyzed the security of SIENNA according to the attacker's knowledge of the breathing fingerprints and implemented and tested SIENNA using USRPs and mmWave beamformers. Our results show that SIENNA allows the system to uniquely identify the authorized user in an at-home environment with multiple persons at a greater than > 90% success rate, while protecting the security key during the pairing process against an attacker with full knowledge of the user's breathing biometrics.