research-article

Privacy-preserving 802.11 access-point discovery

Authors:

Janne Lindqvist,

George Danezis,

Annu Myllyniemi,

Michael RoeAuthors Info & Claims

WiSec '09: Proceedings of the second ACM conference on Wireless network security

Pages 123 - 130

https://doi.org/10.1145/1514274.1514293

Published: 16 March 2009 Publication History

Abstract

It is usual for 802.11 WLAN clients to probe actively for access points in order to hasten AP discovery and to find "hidden" APs. These probes reveal the client's list of preferred networks, thus, present a privacy risk: an eavesdropper can infer attributes of the client based on its associations with networks. We propose an access-point discovery protocol that supports fast discovery and hidden networks while also preserving privacy. Our solution is incrementally deployable, efficient, requires only small modifications to current client and AP implementations, interoperates with current networks, and does not change the user experience. We note that our solution is faster than the standard hidden-network discovery protocol based on measurements on a prototype implementation.

References

[1]

M. Abadi and C. Fournet. Private authentication. Theor. Comput. Sci., 322(3):427--476, Sept. 2004.

Digital Library

[2]

J. Arkko, P. Nikander, and M. Näslund. Enhancing Privacy with Shared Pseudo Random Sequences. In Proc. of Security Protocols, Cambridge, UK, Apr. 2005.

[3]

D. Balfanz, G. Durfee, R. E. Grinter, D. Smetter, and P. Stewart. Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute. In Proc. of USENIX Security, May 2004.

Digital Library

[4]

D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, and H.-C. Wong. Secret handshakes from pairing-based key agreements. In Proc. of IEEE Security and Privacy, May 2003.

Digital Library

[5]

D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Proc. of Crypto '04, Aug. 2004.

[6]

D. Boneh, C. Gentry, and B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Proc. of Crypto '05, Aug. 2005.

Digital Library

[7]

R. Chandra, P. Bahl, and P. Bahl. MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card. In Proc. of Infocom, Mar. 2004.

[8]

L. P. Cox, A. Dalton, and V. Marupadi. SmokeScreen: Flexible Privacy Controls for Presence-Sharing. In Proc. of MobiSys '07, June 2007.

Digital Library

[9]

L. C. C. Desmond, C. C. Yuan, T. C. Pheng, and R. S. Lee. Identifying unique devices through wireless fingerprinting. In Proc of WiSec, March/April 2008.

Digital Library

[10]

J.-E. Ekberg. Implementing Wibree Address Privacy. 1st International Workshop on Security for Spontaneous Interaction, 2007.

[11]

J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proc. of USENIX Security, pages 167--178, July/August 2006.

Digital Library

[12]

J. Geier. Wireless Networks first-step. Cisco Press, Aug. 2004.

Digital Library

[13]

B. Greenstein, R. Gummadi, J. Pang, M. Y. Chen, T. Kohno, S. Seshan, and D. Wetherall. Can Ferris Bueller Still Have His Day Off? Protecting Privacy in an Era of Wireless Devices. In Proc. of HotOS XI, May 2007.

Digital Library

[14]

B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In Proc. of MobiSys '08, June 2008.

Digital Library

[15]

M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: A quantitative analysis. In Proc. of ACM WMASH, Sept. 2003.

Digital Library

[16]

IEEE Std 802.11-2007 Revision of IEEE Std 802.11-1999, June 2007.

[17]

ISO/IEC. Information technology -- Security techniques -- Entity authentication -- Part 4: Mechanisms using a cryptographic check function, 1999. Reference number ISO/IEC 9798-4:1999(E).

[18]

T. Jiang, H. J. Wang, and Y.-C. Hu. Location privacy in wireless networks. In Proc. of MobiSys '07, June 2007.

Digital Library

[19]

A. Juels. RFID security and privacy: a research survey. IEEE JSAC, Feb. 2006.

Digital Library

[20]

B. Kalinski. RFC 2898: PKCS #5: Password-Based Cryptography Specification Version 2.0, Sept. 2000.

Digital Library

[21]

H. Krawczyk, M. Bellare, and R. Canetti. RFC 2104: HMAC: Keyed-Hashing for Message Authentication, Feb. 1997.

Digital Library

[22]

J. Lindqvist, T. Aura, G. Danezis, T. Koponen, A. Myllyniemi, J. Mäki, and M. Roe. Privacy-preserving 802.11 access-point discovery (full version). Microsoft Research Technical Report, MSR-TR-2009-7, Jan. 2009.

[23]

J. Lindqvist and L. Takkinen. Privacy management for secure mobility. In ACM Workshop on Privacy in the Electronic Society (WPES), Oct. 2006.

Digital Library

[24]

Meraki Inc. Meraki mini specification. http://www.meraki.com/.

[25]

R. Molva and G. Tsudik. Secret sets and applications. Information Processing Letters, 65, 1998.

Digital Library

[26]

OpenWrt. http://openwrt.org/.

[27]

ORBIT. Wireless testbed. http://www.orbit-lab.org/.

[28]

A. Palekar, D. Simon, J. Salowey, H. Zhou, G. Zorn, and S. Josefsson. Protected EAP Protocol (PEAP) Version 2, Oct. 2004. Internet-Draft. Expired.

[29]

J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 802.11 user fingerprinting. In MobiCom'07, Sept. 2007.

Digital Library

[30]

J. Pang, B. Greenstein, D. McCoy, S. Seshan, and D. Wetherall. Tryst: The Case for Confidential Service Discovery. In Proc. of HotNets-VI, Nov. 2007.

[31]

J. W. Rittinghouse and J. F. Ransome. Wireless Operational Security. Digital Press, Mar. 2004.

Digital Library

[32]

T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno. Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing. In Proc. of USENIX Security, Aug. 2007.

Digital Library

[33]

D. Stanley, J. Walker, and B. Aboba. RFC 4017: Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs, Mar. 2005.

[34]

R. Stanley. Managing Risk in a Wireless Environment: Security, Audit and Control Issues. Information Systems Audit and Control Association, 2005.

[35]

Wifi Alliance. Wi-fi protected setup specification, version 1.0h, Dec. 2006.

[36]

E. Wilding. Information Risk And Security: Preventing And Investigating Workplace Computer Crime. Gower Publishing, 2006.

Digital Library

[37]

F.-L. Wong and F. Stajano. Location Privacy in Bluetooth. In Proc. of ESAS '05, July 2005.

Digital Library

Cited By

Yu YPan YWu WYang M(2023)MASA: Measurement and Analysis of MAC Address Randomization with Sniffer Array2023 19th International Conference on Mobility, Sensing and Networking (MSN)10.1109/MSN60784.2023.00056(325-332)Online publication date: 14-Dec-2023
https://doi.org/10.1109/MSN60784.2023.00056
Qiu SLiu H(2022)A new zonotope-based attack detection method for UAV2022 41st Chinese Control Conference (CCC)10.23919/CCC55666.2022.9902124(4276-4280)Online publication date: 25-Jul-2022
https://doi.org/10.23919/CCC55666.2022.9902124
Zhou QPandey OYe F(2022)An Approach for Multi-Level Visibility Scoping of IoT Services in Enterprise EnvironmentsIEEE Transactions on Mobile Computing10.1109/TMC.2020.301287521:2(408-420)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TMC.2020.3012875
Show More Cited By

Index Terms

Privacy-preserving 802.11 access-point discovery
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks

Recommendations

Carrier sense multiple access with improvised collision avoidance and short-term fairness

In this paper, we present a simple method to simultaneously enhance collision avoidance efficiency and short-term fairness of a most popular contention based medium access control protocol, carrier sense multiple access with collision avoidance. The key ...
A study on the influence of transmission errors on WLAN IEEE 802.11 MAC performance

Since the advent of the first IEEE 802.11 standard for WLANs, several papers have been presented that evaluate the IEEE 802.11 DCF access method. In realistic WLAN environments frame errors usually occur due to non-ideal channel conditions; in this way, ...
A measurement based method for estimating the number of contending stations in IEEE 802.11 WLAN under erroneous channel condition
ICCSA'11: Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V

Performance on throughput of IEEE 802.11 distributed coordination function (DCF) is severely affected by the number of contending stations. Thus, many methods for estimating the number of contending stations have been proposed in order to improve the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '09: Proceedings of the second ACM conference on Wireless network security

March 2009

280 pages

ISBN:9781605584607

DOI:10.1145/1514274

General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '09

Sponsor:

WISEC '09: Second ACM Conference on Wireless Network Security

March 16 - 19, 2009

Zurich, Switzerland

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
763
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yu YPan YWu WYang M(2023)MASA: Measurement and Analysis of MAC Address Randomization with Sniffer Array2023 19th International Conference on Mobility, Sensing and Networking (MSN)10.1109/MSN60784.2023.00056(325-332)Online publication date: 14-Dec-2023
https://doi.org/10.1109/MSN60784.2023.00056
Qiu SLiu H(2022)A new zonotope-based attack detection method for UAV2022 41st Chinese Control Conference (CCC)10.23919/CCC55666.2022.9902124(4276-4280)Online publication date: 25-Jul-2022
https://doi.org/10.23919/CCC55666.2022.9902124
Zhou QPandey OYe F(2022)An Approach for Multi-Level Visibility Scoping of IoT Services in Enterprise EnvironmentsIEEE Transactions on Mobile Computing10.1109/TMC.2020.301287521:2(408-420)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TMC.2020.3012875
Zhou QPandey OYe F(2020)Argus: Multi-Level Service Visibility Scoping for Internet-of-Things in Enterprise Environments2020 IEEE International Parallel and Distributed Processing Symposium (IPDPS)10.1109/IPDPS47924.2020.00073(654-663)Online publication date: May-2020
https://doi.org/10.1109/IPDPS47924.2020.00073
Goovaerts FAcar GGalvez RPiessens FVanhoef M(2019)Improving Privacy Through Fast Passive Wi-Fi ScanningSecure IT Systems10.1007/978-3-030-35055-0_3(37-52)Online publication date: 13-Nov-2019
https://doi.org/10.1007/978-3-030-35055-0_3
Draghici ASteen M(2018)A Survey of Techniques for Automatically Sensing the Behavior of a CrowdACM Computing Surveys10.1145/312934351:1(1-40)Online publication date: 19-Feb-2018
https://dl.acm.org/doi/10.1145/3129343
Han XWang ZPei D(2018)Preventing Wi-Fi Privacy Leakage: A User Behavioral Similarity Approach2018 IEEE International Conference on Communications (ICC)10.1109/ICC.2018.8422764(1-6)Online publication date: May-2018
https://doi.org/10.1109/ICC.2018.8422764
Kalantar GMohammadi ASadrieh S(2018)Analyzing the Effect of Bluetooth Low Energy (BLE) with Randomized MAC Addresses in IoT Applications2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)10.1109/Cybermatics_2018.2018.00039(27-34)Online publication date: Jul-2018
https://doi.org/10.1109/Cybermatics_2018.2018.00039
Waltari OKangasharju J(2018)Quantifying the Information Leak in IEEE 802.11 Network DiscoveryWired/Wireless Internet Communications10.1007/978-3-030-02931-9_17(207-218)Online publication date: 29-Dec-2018
https://doi.org/10.1007/978-3-030-02931-9_17
Vanhoef MMatte CCunche MCardoso LPiessens FChen XWang XHuang X(2016)Why MAC Address Randomization is not EnoughProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897883(413-424)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897883
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents