Pregled bibliografske jedinice broj: 1114676
Location Privacy and User Deanonymization within Wireless Local Area Networks
Location Privacy and User Deanonymization within Wireless Local Area Networks, 2020., doktorska disertacija, FESB, Split
CROSBI ID: 1114676 Za ispravke kontaktirajte CROSBI podršku putem web obrasca
Naslov
Location Privacy and User Deanonymization within Wireless Local Area Networks
Autori
Dagelić, Ante
Vrsta, podvrsta i kategorija rada
Ocjenski radovi, doktorska disertacija
Fakultet
FESB
Mjesto
Split
Datum
08.12
Godina
2020
Stranica
159
Mentor
Mario Čagalj
Ključne riječi
WLAN, WiFi, security, location privacy, probe request, MAC deanonymization
Sažetak
Considering the widespread and continuous increase in devices using WiFi networks, privacy implications are a growing concern. Passively monitoring WiFi traffic, forcing devices to initiate a connection or compromising WiFi security can be used by an adversary in order to reveal private location data or even enable long term tracking of individuals by deanonymizing victims MAC address. Device’s Preferred Network List (PNL) - a list of previously used WiFi access points is a particularly interesting source of private location data. PNL can be obtained by monitoring victims WiFi traffic, however a 4-year study on more than 150, 000devices, reveals that the device manufacturers are implementing more secure WiFi initialization protocols, not vulnerable to passive monitoring attacks. A new active attack called SSID Oracle attack is modeled, optimized and proved to work in practice. It is shown that SSID Oracle attack is almost 20 times faster than previously proposed active attacks, allowing the attacker to perform the attack in a much shorter opportunity window. However, revealing the device’s PNL and the private location data does not have high implications if one does not know the real person behind the WiFi’s MAC address. A new MAC address deanonymization algorithm is modeled, optimized and verified on a real-life data. The algorithm scores the match of the WiFi device’s PNL with social network location tags, allowing us to match the devices MAC address to the user’s social network profile. Another approach to device deanonymization is performed by exploiting a known WPA2-Enterprise vulnerability where it is shown that almost 87% of a widespread student WiFi network eduroam are vulnerable.
Izvorni jezik
Engleski
Znanstvena područja
Računarstvo, Informacijske i komunikacijske znanosti
POVEZANOST RADA
Ustanove:
Fakultet elektrotehnike, strojarstva i brodogradnje, Split
