通过定时攻击击败MAC地址随机化

Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI:10.1145/2939918.2939930

Célestin Matte, M. Cunche, F. Rousseau, M. Vanhoef

{"title":"通过定时攻击击败MAC地址随机化","authors":"Célestin Matte, M. Cunche, F. Rousseau, M. Vanhoef","doi":"10.1145/2939918.2939930","DOIUrl":null,"url":null,"abstract":"MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"59","resultStr":"{\"title\":\"Defeating MAC Address Randomization Through Timing Attacks\",\"authors\":\"Célestin Matte, M. Cunche, F. Rousseau, M. Vanhoef\",\"doi\":\"10.1145/2939918.2939930\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.\",\"PeriodicalId\":387704,\"journal\":{\"name\":\"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"59\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2939918.2939930\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2939918.2939930","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 59

摘要

MAC地址随机化是当今主要操作系统中常见的隐私保护措施。它用于防止在IEEE 802.11网络扫描期间传输的探测请求跟踪用户。我们提出了一种攻击，通过使用现成的Wi-Fi接口观察网络扫描的时间来击败MAC地址随机化。这种攻击依赖于基于探测请求帧间到达时间的签名，该签名用于将来自同一设备的帧分组在一起，尽管它们使用不同的MAC地址。我们提出了几个基于时间的距离度量，并将它们与增量学习算法一起使用，以便对帧进行分组。我们表明，这些签名随着时间的推移是一致的，可以用作跟踪设备的伪标识符。我们的框架能够正确分组帧使用不同的MAC地址，但属于同一设备在高达75%的情况下。这些结果表明，802.11探测帧的时序可以被滥用来跟踪单个设备，并且单独的地址随机化并不总是足以保护用户免受跟踪。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Defeating MAC Address Randomization Through Timing Attacks

MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks

自引率

0.00%

发文量