Wi-Fi channel state information (CSI)-based biometric authentication lacks a standardized security evaluation framework, suffering from narrow metrics (e.g., overreliance on overall accuracy), absent threat models, insufficient user-level risk analysis, and weak validation of adversarial robustness. Method: We propose the first systematic security assessment framework for CSI-based biometric authentication, introducing security-sensitive metrics—including class-wise equal error rates (EER), feature discriminability score (FCS), and Gini coefficient—to uncover risk concentration phenomena. Our empirical analysis spans the entire pipeline—from sensing and signal representation to feature extraction, model architecture, and evaluation—quantifying attack surfaces such as replay, geometric mimicry, and environmental perturbation, along with their methodological dependencies. Contribution/Results: The study establishes the practical security boundaries of CSI authentication, delivering a reproducible benchmark, a rigorous evaluation paradigm, and an extensible research guideline for future work.

Wi-Fi Channel State Information (CSI) has been repeatedly proposed as a biometric modality, often with reports of high accuracy and operational feasibility. However, the field lacks a consolidated understanding of its security properties, adversarial resilience, and methodological consistency. This Systematization of Knowledge (SoK) examines CSI-based biometric authentication through a security perspective, analyzing how existing work differs across sensing infrastructure, signal representations, feature pipelines, learning models, and evaluation methodologies. Our synthesis reveals systemic inconsistencies: reliance on aggregate accuracy metrics, limited reporting of FAR/FRR/EER, absence of per-user risk analysis, and scarce consideration of threat models or adversarial feasibility. We construct a unified evaluation framework to empirically expose these issues and demonstrate how security-relevant metrics, such as per-class EER, FCS, and the Gini Coefficient, uncover risk concentration that remains hidden under traditional reporting practices. Our analysis highlights concrete attack surfaces and shows how methodological choices materially influence vulnerability profiles, which include replay, geometric mimicry, and environmental perturbation. Based on these findings, we articulate the security boundaries of current CSI biometrics and provide guidelines for rigorous evaluation, reproducible experimentation, and future research directions. This SoK offers the security community a structured, evidence-driven reassessment of Wi-Fi CSI biometrics and their suitability as an authentication primitive.