pith. sign in

arxiv: 2604.16068 · v1 · submitted 2026-04-17 · 📡 eess.SP · cs.CR· cs.IT· math.IT

A Novel Framework for Transmitter Privacy in Integrated Sensing and Communication

Vaibhav Kumar , Ahmad Bazzi , Christina P\"opper , Marwa Chafii This is my paper

Pith reviewed 2026-05-10 07:46 UTC · model grok-4.3

classification 📡 eess.SP cs.CRcs.ITmath.IT
keywords integrated sensing and communicationtransmitter privacyreconfigurable intelligent surfacechannel estimationartificial noisebeamformingISAC privacy
0
0 comments X

The pith

RIS-assisted beamforming degrades a malicious sensor's channel estimation in ISAC systems while keeping legitimate communication reliable.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper addresses transmitter privacy risks in integrated sensing and communication systems, where a shared waveform lets an unintended sensor infer transmitter details through channel estimation. It introduces a design that combines transmit-side artificial noise with reconfigurable intelligent surface phase shifts to shape the environment and maximize the sensor's estimation error. The method first derives true and predicted mean-square-error expressions under imperfect prior knowledge at the sensor, then solves a joint beamforming optimization problem via alternating optimization to maximize that error subject to a communication quality constraint and power limits. A sympathetic reader would care because ISAC deployments risk leaking location or identity information even when data payloads stay secure, and the approach shows a way to reduce that leakage through propagation control.

Core claim

The central claim is that superposition signaling with a message signal plus artificial noise, when paired with privacy-aware RIS phase configuration and solved through an augmented-Lagrangian alternating-optimization procedure, maximizes the malicious sensor's predicted channel-estimation mean-square error while satisfying a minimum signal-to-interference-plus-noise ratio at the legitimate receiver, a transmit-power budget, and unit-modulus RIS constraints.

What carries the argument

The joint active-passive beamforming optimization that maximizes the malicious sensor's predicted channel-estimation error via superposition signaling and RIS phase shifts.

If this is right

  • Unauthorized channel estimation error at the malicious sensor increases substantially compared with the non-RIS baseline.
  • The same design also degrades the malicious sensor's angle-of-arrival estimation accuracy.
  • Communication quality of service at the legitimate receiver remains satisfied under the stated constraints.
  • The alternating-optimization procedure converges to a feasible solution within the transmit-power and unit-modulus limits.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The privacy mechanism could be tested against other inference tasks such as transmitter localization rather than just channel estimation.
  • Hardware validation would need to incorporate realistic RIS phase noise and imperfect channel state information at the transmitter, which the current analysis treats as ideal.
  • The same superposition-plus-RIS idea might extend to non-RIS ISAC scenarios by increasing artificial noise power alone, though the paper does not quantify that trade-off.

Load-bearing premise

The predicted mean-square-error expression, derived under the assumption of imperfect prior knowledge at the malicious sensor, serves as a reliable proxy for actual estimation performance when designing the beamforming.

What would settle it

A physical experiment that applies the optimized beamforming and RIS phases, then measures the actual channel-estimation mean-square error achieved by a real malicious sensor receiver and checks whether it exceeds the non-RIS baseline by the amount predicted in simulation.

Figures

Figures reproduced from arXiv: 2604.16068 by Ahmad Bazzi, Christina P\"opper, Marwa Chafii, Vaibhav Kumar.

Figure 1
Figure 1. Figure 1: A typical RIS-aided communication system with a malicious sensor. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Convergence behavior of the proposed AO algorithm. [PITH_FULL_IMAGE:figures/full_fig_p008_2.png] view at source ↗
Figure 5
Figure 5. Figure 5: Impact of the number of sensor antennas on the NMSE at S. 4 8 12 16 0 0.2 0.4 0.6 0.8 1 Number of observation slots (K) Average NMSE w/o RIS (perfect prior at S) w/ RIS (perfect prior at S) w/o RIS (imperfect prior at S) w/ RIS (imperfect prior at S) [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: Impact of transmit power budget on the NMSE at S. 1 2 3 4 5 0.4 0.5 0.6 (ς 2/σ2 ) × 105 Average NMSE w/ RIS (imperfect prior at S) w/o RIS (imperfect prior at S) w/ RIS (perfect prior at S) w/o RIS (perfect prior at S) [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
read the original abstract

ISAC systems introduce new privacy risks because an unintended sensing node may exploit the shared radio waveform to infer transmitter-related information even when the communication payload remains secure. This paper investigates transmitter privacy, defined as limiting unauthorized inference of transmitter-related information through channel estimation, in a RIS-aided multi-antenna wireless system with a transmitter, a legitimate receiver, a malicious sensor, and a RIS. The malicious sensor is assumed to estimate the transmitter--sensor channel, and the resulting channel state information can then support unauthorized sensing, inference, or related signal processing. To mitigate this threat, we consider a privacy-oriented design in which the transmitter adopts superposition-based signaling with a message signal and transmit-side artificial noise, while the RIS shapes the propagation environment in a privacy-aware manner. The channel-estimation performance at the malicious sensor is first analyzed under imperfect prior knowledge, and both the true and predicted mean-square-error expressions are derived. Based on this analysis, we formulate a joint active--passive beamforming design problem that maximizes the malicious sensor's predicted channel-estimation error subject to a communication quality-of-service constraint, a transmit-power budget, and the unit-modulus constraints of the RIS. The resulting non-convex problem is handled through a numerically efficient alternating-optimization framework based on an augmented Lagrangian reformulation. Numerical results show that RIS-assisted propagation shaping can substantially degrade unauthorized channel estimation relative to the non-RIS case while preserving reliable communication, and further show that the privacy gains also improve a more direct sensing metric, namely the malicious sensor's angle-of-arrival estimation accuracy.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper proposes a privacy framework for RIS-aided ISAC systems in which the transmitter uses superposition signaling with artificial noise and the RIS performs propagation shaping to degrade a malicious sensor's ability to estimate the transmitter-sensor channel. Under an imperfect prior-knowledge model, both true and predicted MSE expressions for the channel estimate are derived. A non-convex joint active-passive beamforming problem is then formulated to maximize the predicted MSE subject to a communication QoS constraint, a transmit-power budget, and unit-modulus RIS constraints; the problem is solved via an alternating-optimization procedure based on augmented-Lagrangian reformulation. Numerical results are presented to show that the resulting design substantially increases the sensor's channel-estimation error relative to the non-RIS baseline while preserving reliable communication, and that the same design also improves the sensor's angle-of-arrival estimation accuracy.

Significance. If the central numerical claims are substantiated, the work provides a concrete, optimization-driven approach to transmitter privacy in ISAC that exploits RIS degrees of freedom without sacrificing communication performance. The explicit derivation of both true and predicted MSE expressions under imperfect priors is a methodological strength, and the use of standard reformulation techniques for the non-convex problem makes the framework reproducible. The additional demonstration that privacy-oriented beamforming can benefit a downstream sensing metric (AoA accuracy) is a useful observation for the broader ISAC security literature.

major comments (2)
  1. [Optimization framework and Numerical results] The optimization problem (formulated after the MSE analysis) maximizes only the predicted MSE subject to the stated constraints. The headline numerical claims—that unauthorized channel estimation is substantially degraded and that AoA estimation accuracy improves—therefore rest on the unverified assumption that the predicted-MSE maximizer produces comparable gains in the true MSE and in the practical AoA estimator. The manuscript should either (i) report the gap between true and predicted MSE after optimization or (ii) provide a bound or additional simulation showing that the true MSE is also increased by a comparable amount.
  2. [MSE analysis and Numerical results] The imperfect-prior-knowledge model is central to both the MSE derivations and the design. No sensitivity analysis with respect to the prior-error variance is reported in the numerical section; if the privacy gains vanish or reverse for modest changes in this parameter, the practical applicability of the framework is limited.
minor comments (2)
  1. [Analysis section] Notation for the true versus predicted MSE should be introduced earlier and used consistently in the optimization formulation and in the figure captions.
  2. [Algorithm and Numerical results] The alternating-optimization algorithm description would benefit from a brief convergence plot or iteration count in the numerical results to confirm practical efficiency.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed review. The comments highlight important aspects of the optimization and robustness analysis. We address each major comment below and will revise the manuscript to strengthen the presentation and evidence.

read point-by-point responses

  1. Referee: [Optimization framework and Numerical results] The optimization problem (formulated after the MSE analysis) maximizes only the predicted MSE subject to the stated constraints. The headline numerical claims—that unauthorized channel estimation is substantially degraded and that AoA estimation accuracy improves—therefore rest on the unverified assumption that the predicted-MSE maximizer produces comparable gains in the true MSE and in the practical AoA estimator. The manuscript should either (i) report the gap between true and predicted MSE after optimization or (ii) provide a bound or additional simulation showing that the true MSE is also increased by a comparable amount.

    Authors: We agree that explicitly verifying the impact on the true MSE strengthens the claims. The optimization uses the predicted MSE because it is the computable quantity available at design time under the imperfect-prior model; the true MSE depends on the unknown realization. In the revised manuscript we will add plots that report both the true and predicted MSE achieved by the optimized beamformer, quantify the gap, and confirm that the true MSE is increased by a comparable margin relative to the non-RIS baseline. For the AoA result, we will clarify that the reported accuracy improvement is obtained by feeding the sensor’s actual (noisy) channel estimates—produced under the optimized waveform—into the AoA estimator, thereby grounding the claim in the true estimation error. revision: yes

  2. Referee: [MSE analysis and Numerical results] The imperfect-prior-knowledge model is central to both the MSE derivations and the design. No sensitivity analysis with respect to the prior-error variance is reported in the numerical section; if the privacy gains vanish or reverse for modest changes in this parameter, the practical applicability of the framework is limited.

    Authors: We concur that sensitivity to the prior-error variance is essential for assessing practical applicability. The revised numerical section will include a new set of curves that vary the prior-error variance over a realistic range and show that the privacy gains (both in predicted and true MSE) remain substantial and do not reverse for modest deviations from the nominal value used in the original simulations. revision: yes

Circularity Check

0 steps flagged

No circularity; analytical derivation of MSE expressions followed by independent numerical verification

full rationale

The paper first derives both the true and predicted MSE expressions for the malicious sensor's channel estimate under imperfect prior knowledge. It then formulates an optimization problem that maximizes only the predicted MSE subject to explicit power, QoS, and unit-modulus constraints, solved via alternating optimization with augmented Lagrangian. Numerical results evaluate the resulting design on the actual (true) channel estimation error and on AoA accuracy, showing degradation relative to the non-RIS baseline. This is a standard approximation-based design followed by separate simulation-based verification; the optimized quantity is not redefined as the evaluated quantity, no parameters are fitted to data subsets, and no self-citations or imported uniqueness theorems appear in the load-bearing steps. The derivation chain remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The framework rests on standard wireless channel estimation models and optimization constraints; no new physical entities are postulated.

axioms (2)
  • domain assumption The malicious sensor performs channel estimation on the transmitter-sensor link using the received waveform under imperfect prior knowledge.
    Explicitly stated as the basis for the threat model and MSE analysis.
  • standard math RIS phase shifts satisfy unit-modulus constraints.
    Standard hardware limitation for passive reflecting elements invoked in the optimization formulation.

pith-pipeline@v0.9.0 · 5592 in / 1426 out tokens · 75650 ms · 2026-05-10T07:46:11.582985+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages

  1. [1]

    Integrated sensing and communications over the years: An evolution perspective,

    D. Zhanget al., “Integrated sensing and communications over the years: An evolution perspective,”IEEE Commun. Surveys Tuts., vol. 28, pp. 5014–5048, 2026

    work page 2026

  2. [2]

    Twelve scientific challenges for 6G: Rethinking the foundations of communications the- ory,

    M. Chafii, L. Bariah, S. Muhaidat, and M. Debbah, “Twelve scientific challenges for 6G: Rethinking the foundations of communications the- ory,”IEEE Commun. Surveys Tuts., vol. 25, no. 2, pp. 868–904, 2023

    work page 2023

  3. [3]

    Design of uplink ISAC systems with cooperative sensing: Power control and receive beamforming,

    L. Heet al., “Design of uplink ISAC systems with cooperative sensing: Power control and receive beamforming,”IEEE Trans. Wireless Com- mun., vol. 25, pp. 14 337–14 350, 2026

    work page 2026

  4. [4]

    A survey on integrated sensing and communication with intelligent metasurfaces: Trends, challenges, and opportunities,

    A. Magbool, V . Kumar, Q. Wu, M. Di Renzo, and M. F. Flanagan, “A survey on integrated sensing and communication with intelligent metasurfaces: Trends, challenges, and opportunities,”IEEE Open J. Commun. Soc., vol. 6, pp. 7270–7318, 2025

    work page 2025

  5. [5]

    Study on Integrated Sensing and Communication,

    3GPP, “Study on Integrated Sensing and Communication,” 3rd Gener- ation Partnership Project (3GPP), Technical Report TR 22.837, 2022, Release 19. [Online]. Available: https://portal.3gpp.org/desktopmodules/ Specifications/SpecificationDetails.aspx?specificationId=4044

    work page 2022

  6. [6]

    Integrated Sensing and Communication,

    ——, “Integrated Sensing and Communication,” 3rd Generation Partnership Project (3GPP), Technical Specification TS 22.137, 2023, Release 19. [Online]. Available: https://portal.3gpp.org/desktopmodules/ Specifications/SpecificationDetails.aspx?specificationId=4198

    work page 2023

  7. [7]

    Study on channel model for frequencies from 0.5 to 100 GHz,

    ——, “Study on channel model for frequencies from 0.5 to 100 GHz,” 3rd Generation Partnership Project (3GPP), Technical Report TR 38.901, 2026, Release 19. [On- line]. Available: https://portal.3gpp.org/desktopmodules/Specifications/ SpecificationDetails.aspx?specificationId=3173

    work page 2026

  8. [8]

    Privacy and security in ubiquitous integrated sensing and communication: Threats, challenges and future directions,

    K. Qu, J. Ye, X. Li, and S. Guo, “Privacy and security in ubiquitous integrated sensing and communication: Threats, challenges and future directions,”IEEE Internet Things Mag., vol. 7, no. 4, pp. 52–58, 2024

    work page 2024

  9. [9]

    Enabling intelligent connectivity: A survey of secure ISAC in 6G networks,

    X. Zhuet al., “Enabling intelligent connectivity: A survey of secure ISAC in 6G networks,”IEEE Commun. Surveys Tuts., vol. 27, no. 2, pp. 748–781, 2025

    work page 2025

  10. [10]

    Joint secure transceiver design for integrated sensing and communication,

    B. He, F. Wang, and J. Cheng, “Joint secure transceiver design for integrated sensing and communication,”IEEE Trans. Wireless Commun., vol. 23, no. 10, pp. 13 377–13 393, 2024

    work page 2024

  11. [11]

    Secure hybrid beamforming design for mmWave inte- grated sensing and communication systems,

    S. Liet al., “Secure hybrid beamforming design for mmWave inte- grated sensing and communication systems,”IEEE Trans. Veh. Technol., vol. 74, no. 7, pp. 10 622–10 638, 2025

    work page 2025

  12. [12]

    Physical layer security design and performance evalua- tion for 3D communication-2D sensing enabled spatial separation and interference decoupling in ISAC-IoV networks,

    K. Yuet al., “Physical layer security design and performance evalua- tion for 3D communication-2D sensing enabled spatial separation and interference decoupling in ISAC-IoV networks,”IEEE J. Sel. Areas Commun., vol. 44, pp. 2102–2115, 2026

    work page 2026

  13. [13]

    Robust transmit beamforming for secure integrated sensing and communication,

    Z. Ren, L. Qiu, J. Xu, and D. W. K. Ng, “Robust transmit beamforming for secure integrated sensing and communication,”IEEE Trans. Com- mun., vol. 71, no. 9, pp. 5549–5564, 2023

    work page 2023

  14. [14]

    Secure full duplex integrated sensing and communications,

    A. Bazzi and M. Chafii, “Secure full duplex integrated sensing and communications,”IEEE Trans. Inf. Forensics Security, vol. 19, pp. 2082– 2097, 2024

    work page 2082

  15. [15]

    Joint beamforming design for integrated sensing and communication systems with hybrid-colluding eavesdroppers,

    M. Liuet al., “Joint beamforming design for integrated sensing and communication systems with hybrid-colluding eavesdroppers,”IEEE Trans. Commun., vol. 73, no. 8, pp. 6484–6498, 2025

    work page 2025

  16. [16]

    Robust and secure resource allocation for ISAC systems: A novel optimiza- tion framework for variable-length snapshots,

    D. Xu, X. Yu, D. W. K. Ng, A. Schmeink, and R. Schober, “Robust and secure resource allocation for ISAC systems: A novel optimiza- tion framework for variable-length snapshots,”IEEE Trans. Commun., vol. 70, no. 12, pp. 8196–8214, 2022

    work page 2022

  17. [17]

    Unified framework for outage-constrained rate maximization in secure ISAC under various sensing metrics,

    H. Zhu, Z. Li, and Y .-C. Wu, “Unified framework for outage-constrained rate maximization in secure ISAC under various sensing metrics,”IEEE J. Sel. Areas Commun., vol. 44, pp. 3812–3827, 2026

    work page 2026

  18. [18]

    RIS-based physical layer security for integrated sensing and communication: A comprehensive survey,

    Y . Liet al., “RIS-based physical layer security for integrated sensing and communication: A comprehensive survey,”IEEE Internet Things J., vol. 12, no. 16, pp. 32 444–32 468, 2025

    work page 2025

  19. [19]

    Beamforming design for secure RIS-enabled ISAC: Passive RIS versus active RIS,

    V . Kumar and M. Chafii, “Beamforming design for secure RIS-enabled ISAC: Passive RIS versus active RIS,”IEEE Trans. Wireless Commun., vol. 24, no. 9, pp. 7719–7732, 2025

    work page 2025

  20. [20]

    Achievable sum secrecy rate of STAR-RIS-enabled MU-MIMO ISAC,

    A. Kazymova, V . Kumar, C. Pöpper, and M. Chafii, “Achievable sum secrecy rate of STAR-RIS-enabled MU-MIMO ISAC,” inIEEE ICC Workshops, 2025, pp. 947–952

    work page 2025

  21. [21]

    Exploring passive eves with self-refine sensing: A novel ISAC-aided secure communication system with STAR-RIS,

    Y . Wenet al., “Exploring passive eves with self-refine sensing: A novel ISAC-aided secure communication system with STAR-RIS,”IEEE Trans. Wireless Commun., vol. 25, pp. 1209–1222, 2026

    work page 2026

  22. [22]

    Beamforming and phase shift design for STAR-RIS- assisted secure sensing and communication in ISAC systems,

    H. Zhanget al., “Beamforming and phase shift design for STAR-RIS- assisted secure sensing and communication in ISAC systems,”IEEE J. Sel. Areas Commun., vol. 44, pp. 4037–4050, 2026

    work page 2026

  23. [23]

    Covert ISAC against collusive wardens,

    Y . Wuet al., “Covert ISAC against collusive wardens,”IEEE Trans. Wireless Commun., vol. 24, no. 11, pp. 9763–9776, 2025

    work page 2025

  24. [24]

    Joint secure and covert communications for active STAR- RIS assisted ISAC systems,

    L. Guoet al., “Joint secure and covert communications for active STAR- RIS assisted ISAC systems,”IEEE Trans. Wireless Commun., vol. 24, no. 9, pp. 7501–7516, 2025

    work page 2025

  25. [25]

    ISAC-assisted covert transmission: Joint secure sensing and communication,

    Y . Zhanget al., “ISAC-assisted covert transmission: Joint secure sensing and communication,”IEEE J. Sel. Areas Commun., vol. 44, pp. 2038– 2051, 2026

    work page 2038

  26. [26]

    Hiding in plain sight: RIS-aided target obfuscation in ISAC,

    A. Magbool, V . Kumar, M. Di Renzo, and M. F. Flanagan, “Hiding in plain sight: RIS-aided target obfuscation in ISAC,”IEEE Trans. Wireless Commun., vol. 25, pp. 14 550–14 563, 2026

    work page 2026

  27. [27]

    On beamforming for transmitter location privacy in MIMO systems,

    U. A. Khan, L. Ho, H. Claussen, M. F. Flanagan, and C. Kundu, “On beamforming for transmitter location privacy in MIMO systems,” in IEEE ICC, 2026. [Online]. Available: https://arxiv.org/abs/2508.09882

    work page arXiv 2026

  28. [28]

    Sensing-secure ISAC: Ambiguity function engineering for impairing unauthorized sensing,

    K. Han, K. Meng, and C. Masouros, “Sensing-secure ISAC: Ambiguity function engineering for impairing unauthorized sensing,”IEEE Trans. Wireless Commun., vol. 25, pp. 5386–5400, 2026

    work page 2026

  29. [29]

    Robust beamforming design for active-RIS aided MIMO SWIPT communica- tion system: A power minimization approach,

    J. Yaswanth, M. Katwe, K. Singh, S. Prakriya, and C. Pan, “Robust beamforming design for active-RIS aided MIMO SWIPT communica- tion system: A power minimization approach,”IEEE Trans. Wireless Commun., vol. 23, no. 5, pp. 4767–4785, 2024

    work page 2024

  30. [30]

    L. L. Scharf and C. J. Demeure,Statistical Signal Processing: Detection, Estimation, and Time Series Analysis. Addison-Wesley Publishing Company, 1991

    work page 1991

  31. [31]

    Penalty dual decomposition method for non- smooth nonconvex optimization—Part I: Algorithms and convergence analysis,

    Q. Shi and M. Hong, “Penalty dual decomposition method for non- smooth nonconvex optimization—Part I: Algorithms and convergence analysis,”IEEE Trans. Signal Process., vol. 68, pp. 4108–4122, 2020

    work page 2020

  32. [32]

    Minimization of functions having lipschitz continuous first partial derivatives,

    L. Armijo, “Minimization of functions having lipschitz continuous first partial derivatives,”Pacific Journal of Mathematics, vol. 16, no. 1, pp. 1–3, 1966

    work page 1966

  33. [33]

    Intelligent reflecting surface-aided wireless communications: A tutorial,

    Q. Wu, S. Zhang, B. Zheng, C. You, and R. Zhang, “Intelligent reflecting surface-aided wireless communications: A tutorial,”IEEE Trans. Commun., vol. 69, no. 5, pp. 3313–3351, 2021

    work page 2021

  34. [34]

    Two-timescale channel estimation for reconfigurable intelligent surface aided wireless communications,

    C. Hu, L. Dai, S. Han, and X. Wang, “Two-timescale channel estimation for reconfigurable intelligent surface aided wireless communications,” IEEE Trans. Commun., vol. 69, no. 11, pp. 7736–7747, 2021

    work page 2021

  35. [35]

    Rayleigh fading modeling and channel hardening for reconfigurable intelligent surfaces,

    E. Björnson and L. Sanguinetti, “Rayleigh fading modeling and channel hardening for reconfigurable intelligent surfaces,”IEEE Wireless Com- mun. Lett., vol. 10, no. 4, pp. 830–834, 2020

    work page 2020

  36. [36]

    Complex-valued matrix differentiation: Techniques and key results,

    A. Hjørungnes and D. Gesbert, “Complex-valued matrix differentiation: Techniques and key results,”IEEE Trans. Signal Process., vol. 55, no. 6, pp. 2740–2746, 2007

    work page 2007