The hacker doesn’t want to be identified on the wireless medium. Her individual presence on the medium should not be inferrable (except with negligible probability of course).
I don’t want to be identified on the wireless medium. When I say ‘I’, I mean an I as an end-user of a WiFi-enabled device, e.g., my phone or my laptop. My individual presense on the medium should not be inferrable (except with negligible probability of course).
I perceive the location of my cell phone to be personal data that Google has no business obtaining, or maintaining.
What is the function of a media access protocol? According to Wikipedia,
What does an adversary “see” on the medium?
Here’s an idea: Prior to sending messages on the medium, I first listen to figure out the types of devices that are already there. In doing so, I’m trying to decide if I will be identified if I behave according to my nature. Will my IEs and timing information reveal me?
Whatever is sent on the wireless medium should not identify the mobile station.
The attacker has a target and is able to monitor the wireless signals in the vicinity of the target. The attacker has one Wi-Fi card and he can monitor only one channel at a single location. The attacker’s goal is to “distinguish” the signals of all devices in range from the crowd even though they use MAC address randomization, and to “track” individual devices among “extended periods of time”.
Research question: Things being the way they are, can a user do something on an arbitrary phone to prevent themselves from being “tracked” in the various senses that are envisioned/shown/conjectured by literature? There are different stakeholders some of them may not care for example apple may not actually care to stop sending out sequence numbers in their probe request frames but as a user can I counter this somehow?
No “location” identifying information is to be broadcast on the wireless medium: location identifying information could be for instance the signal strength at a location or the id of the AP I’m currently connected to as set by the ESS.
Maybe if you are to be able to access the wireless medium effectively then you’re going to have to be trackable, to some extent. The extent to which you are willing to be tracked corresponds to the level of quality of service that you hope to receive. In other words, if you hope to receive a higher quality of service then you must be willing to be tracked.
This property, due to the restrictions of the physical world, is naturally impossible to satisfy.
The location of some of our mobile devices thus become \emph{personal data}.
A solution that is currently explored by industry is identity randomization. In this solution, stations change their addresses on the fly. To remain in session,
picks a pseudonym on the fly, and advertises this identity in its basic service area. every time it sends a message to another station, and writes that pseduonym on the sendor’s field. To authenticate itself, The other party The access
For them to remain in session.
Another solution is to to use anonymity sets, that is,
We describe an address randomization protocol that preserves a user’s privacy and at the same time enables. The protocol gurantees the following.
How do we allow for use cases of a people counter without compromising the individual privacy? Is differential privacy relevant here?
Two questions: When exploring the security of an identity randmozation scheme,
A station attempts to disguise its presence in a service area by using a pseudonym, when communicating on the medium, instead of its actual identity.
Does the distribution system really have to track me? Maybe If I need to be authenticated I guess.
How do I know you’re authentic without knowing your identity
In the first work the distribution system is malicious.
It appears that the distribution system needs to track me, but it doesn’t need to identify me
Generalized Attack strategy:
The attacker builds a distribution profile.
If the majority of stations in the universe adopt the protocol faithfully, no indivdual station can be tracked.
Interestingly, this protocol requires that access points be more computationanally capable, which gives the access point operators a justification for asking for more money.
The attacker maintains a structure that represents the
Note that these challenges do not apply to physically protected media
Ramblings and Musings 