Openwifi CSI fuzzer for authorized sensing and covert channels

CSI (Channel State Information) of WiFi systems has become a hot topic in recent years. The information contains the environment channel response between the transmitter and the receiver, so that the people/objects and their movement in between can be detected by analyzing CSI. CSI is the channel estimation result in the receiver based on the pre-known training field of the transmitted signal. CSI information is useful in many cases, but it also brings concerns on privacy and security. In this paper, we open sourced a CSI fuzzer to enhance the privacy and security. It is built and embedded into the transmitter of openwifi, which is an open source full-stack WiFi chip design, to prevent unauthorized sensing without sacrificing the WiFi link performance. The CSI fuzzer imposes an artificial channel response to the signal before it leaves the transmitter, so the CSI extracted at the receiver will indicate the actual channel response combined with the artificial response. Only the authorized receiver, that knows the artificial response, can calculate the actual channel response and perform the CSI sensing. Another potential application of the CSI fuzzer is covert channels. A set of artificial response patterns can be predefined between transmitter and receiver, so covert messages can be delivered via selecting a pattern at the transmitter and recognizing it at the receiver.