WalkAnon: Defeating Gait-Based Wi-Fi Identity Inference via Differential Privacy and Circular Variance Equalization on Givens Rotation Angles OVERVIEWRecent work (BFId, Todt et al. , ACM CCS 2025) shows that IEEE 802. 11ac/ax Beamforming Feedback Information (BFI) frames — unencrypted, mandatory, and passively capturable — carry a biometric gait signature sufficient to identify individuals with up to 99. 5% accuracy, through walls and without specialized hardware. WalkAnon is a firmware-level defense that injects calibrated noise directly into the Givens rotation angles (phi, psi) encoded in BFI frames before transmission. The output remains a standard-compliant unit-norm beamforming vector; the access point observes no anomaly. THE CENTRAL TRADE-OFFBFI is not inert payload: the access point uses it to compute its steering matrix, so excessive noise degrades the very beamforming the frame exists to enable. WalkAnon makes this privacy/utility trade-off explicit. Modeling beamforming gain as g = |hH v|² / ||h||² over Rayleigh channels, the key fact is that gain degrades only as cos² (sigma) in the angular perturbation sigma — so small, well-placed noise is quadratically cheap. CIRCULAR VARIANCE EQUALIZATIONRather than spending a worst-case differential-privacy budget uniformly (which, calibrated to the full 2*pi sensitivity, overshoots the ~0. 2 rad gait signal by two orders of magnitude and breaks the link), WalkAnon adds per-subcarrier noise calibrated to flatten the circular-variance profile that the attack exploits. Noise is spent only where identity information resides. RESULTS (simulation, N=20, SNR=15 dB) Against a nearest-centroid attacker on the BFId circular-variance feature: - Circular variance equalization reduces identification to the 1/N random baseline at a mean beamforming-throughput loss of only ~2%. - Uniform noise requires ~20% throughput loss to reach the same privacy. This is a ~10x improvement, showing that how noise is allocated matters more than its total magnitude. A per-frame temporal phase scramble is additionally provided against sequence-model (BiLSTM) attackers. STANDARD COMPLIANCE AND DEPLOYMENTWalkAnon modifies angle values, not frame structure; the unit-norm constraint is preserved by construction. It operates STA-side at the firmware/driver level, with the privacy strength set by user or network policy — a natural candidate for an optional privacy mode in IEEE 802. 11bf, with no change to the mandatory frame format. LIMITATIONSResults are at the simulation level. We use synthetic gait-modulated BFI rather than the real 197-subject corpus; our privacy metric is the variance-profile feature rather than a full BiLSTM on raw sequences; and the utility model is single-stream Nr=4 Rayleigh beamforming. Validation on real BFI captures and multi-stream channels requires NIC firmware access and is the subject of ongoing work. Author: Mikheil Galoian (mgaloyan79@gmail. com) Demo: https: //walkanon. vercel. appLicense: Creative Commons Attribution 4. 0 International
Mikheil Galoian (Wed,) studied this question.