Defeating MAC Address Randomization Through Timing Attacks

Abstract : MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.
Type de document :
Communication dans un congrès
ACM WiSec 2016, Jul 2016, Darmstadt, Germany. 2016, 〈10.1145/2939918.2939930〉
Liste complète des métadonnées

Littérature citée [10 références]  Voir  Masquer  Télécharger
Contributeur : Célestin Matte <>
Soumis le : lundi 14 novembre 2016 - 15:53:55
Dernière modification le : samedi 27 octobre 2018 - 01:20:32
Document(s) archivé(s) le : lundi 20 mars 2017 - 16:50:38


Fichiers produits par l'(les) auteur(s)



Célestin Matte, Mathieu Cunche, Franck Rousseau, Mathy Vanhoef. Defeating MAC Address Randomization Through Timing Attacks. ACM WiSec 2016, Jul 2016, Darmstadt, Germany. 2016, 〈10.1145/2939918.2939930〉. 〈hal-01330476〉



Consultations de la notice


Téléchargements de fichiers