802.11 user fingerprinting
- 9 September 2007
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
The ubiquity of 802.11 devices and networks enables anyone to track our every move with alarming ease. Each 802.11 device transmits a globally unique and persistent MAC address and thus is trivially identifiable. In response, recent research has proposed replacing such identifiers with pseudonyms (i.e., temporary, unlinkable names). In this paper, we demonstrate that pseudonyms are insufficient to prevent tracking of 802.11 devices because implicit identifiers, or identifying characteristics of 802.11 traffic, can identify many users with high accuracy. For example, even without unique names and addresses, we estimate that an adversary can identify 64% of users with 90% accuracy when they spend a day at a busy hot spot. We present an automated procedure based on four previously unrecognized implicit identifiers that can identify users in three real 802.11 traces even when pseudonyms and encryption are employed. We find that the majority of users can be identified using our techniques, but our ability to identify users is not uniform; some users are not easily identifiable. Nonetheless, we show that even a single implicit identifier is sufficient to distinguish many users. Therefore, we argue that design considerations beyond eliminating explicit identifiers (i.e., unique names and addresses), must be addressed in order to prevent user tracking in wireless networks.Keywords
This publication has 18 references indexed in Scilit:
- JigsawACM SIGCOMM Computer Communication Review, 2006
- BLINCACM SIGCOMM Computer Communication Review, 2005
- RFID Privacy: An Overview of Problems and Proposed SolutionsIEEE Security & Privacy, 2005
- Internet traffic classification using bayesian analysis techniquesACM SIGMETRICS Performance Evaluation Review, 2005
- Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative AnalysisMobile Networks and Applications, 2005
- Location Privacy in BluetoothLecture Notes in Computer Science, 2005
- Reading ratiosNature Structural & Molecular Biology, 2004
- Private authenticationTheoretical Computer Science, 2004
- Location privacy in pervasive computingIEEE Pervasive Computing, 2003
- How people revisit web pages: empirical findings and implications for the design of history systemsInternational Journal of Human-Computer Studies, 1997