Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices
We present two novel noncooperative MAC layer fingerprinting and tracking techniques for Wi-Fi (802.11) enabled mobile devices. Our first technique demonstrates how a per-bit entropy analysis of a single captured frame allows an adversary to construct a fingerprint of the transmitter that is 80.0 to...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2017-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2017/6235484 |
| id |
doaj-5230addfb4304f749c916a0f226c22d9 |
|---|---|
| record_format |
Article |
| spelling |
doaj-5230addfb4304f749c916a0f226c22d92020-11-24T21:26:41ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222017-01-01201710.1155/2017/62354846235484Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile DevicesPieter Robyns0Bram Bonné1Peter Quax2Wim Lamotte3Expertise Centre for Digital Media, UHasselt-tUL-imec, Wetenschapspark 2, 3590 Diepenbeek, BelgiumExpertise Centre for Digital Media, UHasselt-tUL-imec, Wetenschapspark 2, 3590 Diepenbeek, BelgiumExpertise Centre for Digital Media, UHasselt-tUL-imec, Wetenschapspark 2, 3590 Diepenbeek, BelgiumExpertise Centre for Digital Media, UHasselt-tUL-imec, Wetenschapspark 2, 3590 Diepenbeek, BelgiumWe present two novel noncooperative MAC layer fingerprinting and tracking techniques for Wi-Fi (802.11) enabled mobile devices. Our first technique demonstrates how a per-bit entropy analysis of a single captured frame allows an adversary to construct a fingerprint of the transmitter that is 80.0 to 67.6 percent unique for 50 to 100 observed devices and 33.0 to 15.1 percent unique for 1,000 to 10,000 observed devices. We show how existing mitigation strategies such as MAC address randomization can be circumvented using only this fingerprint and temporal information. Our second technique leverages peer-to-peer 802.11u Generic Advertisement Service (GAS) requests and 802.11e Block Acknowledgement (BA) requests to instigate transmissions on demand from devices that support these protocols. We validate these techniques using two datasets, one of which was recorded at a music festival containing 28,048 unique devices and the other at our research lab containing 138 unique devices. Finally, we discuss a number of countermeasures that can be put in place by mobile device vendors in order to prevent noncooperative tracking through the discussed techniques.http://dx.doi.org/10.1155/2017/6235484 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Pieter Robyns Bram Bonné Peter Quax Wim Lamotte |
| spellingShingle |
Pieter Robyns Bram Bonné Peter Quax Wim Lamotte Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices Security and Communication Networks |
| author_facet |
Pieter Robyns Bram Bonné Peter Quax Wim Lamotte |
| author_sort |
Pieter Robyns |
| title |
Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices |
| title_short |
Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices |
| title_full |
Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices |
| title_fullStr |
Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices |
| title_full_unstemmed |
Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices |
| title_sort |
noncooperative 802.11 mac layer fingerprinting and tracking of mobile devices |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2017-01-01 |
| description |
We present two novel noncooperative MAC layer fingerprinting and tracking techniques for Wi-Fi (802.11) enabled mobile devices. Our first technique demonstrates how a per-bit entropy analysis of a single captured frame allows an adversary to construct a fingerprint of the transmitter that is 80.0 to 67.6 percent unique for 50 to 100 observed devices and 33.0 to 15.1 percent unique for 1,000 to 10,000 observed devices. We show how existing mitigation strategies such as MAC address randomization can be circumvented using only this fingerprint and temporal information. Our second technique leverages peer-to-peer 802.11u Generic Advertisement Service (GAS) requests and 802.11e Block Acknowledgement (BA) requests to instigate transmissions on demand from devices that support these protocols. We validate these techniques using two datasets, one of which was recorded at a music festival containing 28,048 unique devices and the other at our research lab containing 138 unique devices. Finally, we discuss a number of countermeasures that can be put in place by mobile device vendors in order to prevent noncooperative tracking through the discussed techniques. |
| url |
http://dx.doi.org/10.1155/2017/6235484 |
| work_keys_str_mv |
AT pieterrobyns noncooperative80211maclayerfingerprintingandtrackingofmobiledevices AT brambonne noncooperative80211maclayerfingerprintingandtrackingofmobiledevices AT peterquax noncooperative80211maclayerfingerprintingandtrackingofmobiledevices AT wimlamotte noncooperative80211maclayerfingerprintingandtrackingofmobiledevices |
| _version_ |
1725977967177236480 |