Over-the-Air Runtime Wi-Fi MAC Address Re-randomization

Read original: arXiv:2405.15747 - Published 5/27/2024 by Hongyu Jin, Panos Papadimitratos

Over-the-Air Runtime Wi-Fi MAC Address Re-randomization

Overview

This research paper explores a novel approach to enhancing user privacy in Wi-Fi networks by dynamically re-randomizing the MAC (Media Access Control) addresses of devices over-the-air.
The proposed solution aims to prevent long-term tracking of users by making it more difficult for adversaries to link a device to its owner across multiple locations or over time.
The paper discusses the design, implementation, and evaluation of this MAC address re-randomization system, as well as its potential benefits and limitations.

Plain English Explanation

In Wi-Fi networks, each device has a unique identifier called a MAC address. This address can be used to track the movements and activities of users, potentially compromising their privacy. This research proposes a way to continuously change, or "re-randomize," a device's MAC address while it is in use, making it much harder for anyone to follow the device and its owner around.

Imagine you have a car with a license plate that never changes. If someone was trying to track your movements, they could easily follow your car by looking for that same license plate everywhere you go. But what if your license plate randomly changed every time you drove somewhere? It would be much harder for someone to keep track of your car and where you've been.

That's the idea behind this MAC address re-randomization system. By constantly changing the "license plate" (MAC address) of your Wi-Fi device, it becomes very difficult for anyone to link your device to you or your activities over time. This helps protect your privacy and makes it harder for your movements and behavior to be monitored or profiled.

Technical Explanation

The key elements of this research include:

Design: The authors propose a system that can dynamically re-randomize a device's MAC address over-the-air, without requiring any changes to the device's hardware or software. This is achieved by introducing an intermediary "MAC Address Randomization" (MAR) module between the device and the Wi-Fi access point.
Implementation: The researchers developed a prototype MAR module and evaluated its performance in real-world Wi-Fi environments. This involved integrating the module into the Wi-Fi communication stack and ensuring seamless operation without disrupting network connectivity.
Evaluation: Through extensive experiments, the authors assessed the effectiveness of their approach in preventing long-term tracking of devices. They measured factors such as the unlinkability of re-randomized MAC addresses, the impact on network performance, and the robustness of the system against various attack scenarios.

The findings suggest that the proposed MAC address re-randomization system can significantly enhance user privacy in Wi-Fi networks without introducing substantial overhead or performance degradation. By making it more difficult for adversaries to correlate a device's activities over time, this approach helps mitigate the risks of Wi-Fi-based positioning systems and other privacy-infringing techniques.

Critical Analysis

The research paper presents a comprehensive and well-designed solution for improving user privacy in Wi-Fi networks. However, the authors acknowledge several limitations and areas for further study:

Compatibility: The proposed system requires modification to the Wi-Fi communication stack, which may introduce compatibility issues with certain devices or network configurations. The authors suggest exploring more seamless integration approaches.
Scalability: The performance and scalability of the MAR module when handling a large number of devices in dense Wi-Fi environments warrant further investigation.
Adversarial Considerations: While the system is designed to be resilient against various attacks, the authors recommend exploring additional countermeasures to address potential vulnerabilities, such as off-path TCP hijacking or EMF-based eavesdropping.
User Adoption: The real-world deployment and user acceptance of such a system could be influenced by factors like ease of use, integration with existing Wi-Fi infrastructure, and user awareness of privacy concerns.

Overall, this research presents a promising approach to enhancing user privacy in Wi-Fi networks by dynamically re-randomizing MAC addresses. The findings contribute to the ongoing efforts to develop privacy-friendly Wi-Fi technologies and secure transmission techniques that can better protect individuals' digital privacy and autonomy.

Conclusion

This research paper introduces a novel over-the-air MAC address re-randomization system that aims to enhance user privacy in Wi-Fi networks. By constantly changing the unique identifiers of devices, the proposed solution makes it significantly more difficult for adversaries to track and profile users over time, addressing a critical privacy concern in modern wireless communication.

The technical details and evaluation results presented in the paper demonstrate the feasibility and potential benefits of this approach. While some limitations and areas for further improvement are identified, the research contributes to the broader efforts to develop privacy-preserving technologies that empower users and protect their digital rights in an increasingly connected world.

This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!

Follow @aimodelsfyi on 𝕏 →

Related Papers

Over-the-Air Runtime Wi-Fi MAC Address Re-randomization

Hongyu Jin, Panos Papadimitratos

Medium Access Control (MAC) address randomization is a key component for privacy protection in Wi-Fi networks. Current proposals periodically change the mobile device MAC addresses when it disconnects from the Access Point (AP). This way frames cannot be linked across changes, but the mobile device presence is exposed as long as it remains connected: all its communication is trivially linkable by observing the randomized yet same MAC address throughout the connection. Our runtime MAC re-randomization scheme addresses this issue, reducing or eliminating Wi-Fi frames linkability without awaiting for or requiring a disconnection. Our MAC re-randomization is practically 'over-the-air': MAC addresses are re-randomized just before transmission, while the protocol stacks (at the mobile and the AP) maintain locally the original connection MAC addresses - making our MAC layer scheme transparent to upper layers. With an implementation and a set of small-scale experiments with off-the-shelf devices, we show the feasibility of our scheme and the potential towards future deployment.

5/27/2024

Reduce to the MACs -- Privacy Friendly Generic Probe Requests

Johanna Ansohn McDougall, Alessandro Brighente, Anne Kunstmann, Niklas Zapatka, Hannes Federrath

Abstract. Since the introduction of active discovery in Wi-Fi networks, users can be tracked via their probe requests. Although manufacturers typically try to conceal Media Access Control (MAC) addresses using MAC address randomisation, probe requests still contain Information Elements (IEs) that facilitate device identification. This paper introduces generic probe requests: By removing all unnecessary information from IEs, the requests become indistinguishable from one another, letting single devices disappear in the largest possible anonymity set. Conducting a comprehensive evaluation, we demonstrate that a large IE set contained within undirected probe requests does not necessarily imply fast connection establishment. Furthermore, we show that minimising IEs to nothing but Supported Rates would enable 82.55% of the devices to share the same anonymity set. Our contributions provide a significant advancement in the pursuit of robust privacy solutions for wireless networks, paving the way for more user anonymity and less surveillance in wireless communication ecosystems.

5/16/2024

A MAC Protocol with Time Reversal for Wireless Networks within Computing Packages

Ama Bandara, Abhijit Das, F'atima Rodr'iguez-Gal'an, Eduard Alarc'on, Sergi Abadal

Wireless Network-on-Chip (WNoC) is a promising concept which provides a solution to overcome the scalability issues in prevailing networks-in-package for many-core processors. However, the electromagnetic propagation inside the chip package leads to energy reverberation, resulting in Inter-Symbol Interference (ISI) with high delay spreads. Time Reversal (TR) is a technique that benefits the unique time-invariant channel with rich multipath effects to focus the energy to the desired transceiver. TR mitigates both ISI and co-channel interference, hence providing parallel communications in both space and time. Thus, TR is a versatile candidate to improve the aggregate bandwidth of wireless on-chip networks provided that a Medium Access Control (MAC) is used to efficiently share the wireless medium. In this paper, we explore a simple yet resilient TR-based MAC protocol (TR-MAC) design for WNoC. We propose to manage multiple parallel transmissions with simultaneous spatial channels in the same time slot with TR precoding and focused energy detection at the transceiver. Our results show that TR-MAC can be employed in massive computing architectures with improved latency and throughput while matching with the stringent requirements of the physical layer.

8/15/2024

Characterizing Encrypted Application Traffic through Cellular Radio Interface Protocol

Md Ruman Islam (University of Nebraska Omaha), Raja Hasnain Anwar (University of Massachusetts Amherst), Spyridon Mastorakis (University of Notre Dame), Muhammad Taqi Raza (University of Massachusetts Amherst)

Modern applications are end-to-end encrypted to prevent data from being read or secretly modified. 5G tech nology provides ubiquitous access to these applications without compromising the application-specific performance and latency goals. In this paper, we empirically demonstrate that 5G radio communication becomes the side channel to precisely infer the user's applications in real-time. The key idea lies in observing the 5G physical and MAC layer interactions over time that reveal the application's behavior. The MAC layer receives the data from the application and requests the network to assign the radio resource blocks. The network assigns the radio resources as per application requirements, such as priority, Quality of Service (QoS) needs, amount of data to be transmitted, and buffer size. The adversary can passively observe the radio resources to fingerprint the applications. We empirically demonstrate this attack by considering four different categories of applications: online shopping, voice/video conferencing, video streaming, and Over-The-Top (OTT) media platforms. Finally, we have also demonstrated that an attacker can differentiate various types of applications in real-time within each category.

7/23/2024