engleski

Location Privacy and User Deanonymization within Wireless Local Area Networks

Considering the widespread and continuous increase in devices using WiFi networks, privacy implications are a growing concern. Passively monitoring WiFi traffic, forcing devices to initiate a connection or compromising WiFi security can be used by an adversary in order to reveal private location data or even enable long term tracking of individuals by deanonymizing victims MAC address. Device’s Preferred Network List (PNL) - a list of previously used WiFi access points is a particularly interesting source of private location data. PNL can be obtained by monitoring victims WiFi traffic, however a 4-year study on more than 150, 000devices, reveals that the device manufacturers are implementing more secure WiFi initialization protocols, not vulnerable to passive monitoring attacks. A new active attack called SSID Oracle attack is modeled, optimized and proved to work in practice. It is shown that SSID Oracle attack is almost 20 times faster than previously proposed active attacks, allowing the attacker to perform the attack in a much shorter opportunity window. However, revealing the device’s PNL and the private location data does not have high implications if one does not know the real person behind the WiFi’s MAC address. A new MAC address deanonymization algorithm is modeled, optimized and verified on a real-life data. The algorithm scores the match of the WiFi device’s PNL with social network location tags, allowing us to match the devices MAC address to the user’s social network profile. Another approach to device deanonymization is performed by exploiting a known WPA2-Enterprise vulnerability where it is shown that almost 87% of a widespread student WiFi network eduroam are vulnerable.

WLAN, WiFi, security, location privacy, probe request, MAC deanonymization

nije evidentirano