Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: 2005-03-10 Notice: This.

Published byGeraldine Pierce Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: 2005-03-10 Notice: This."— Presentation transcript:

1 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: 2005-03-10 Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http:// ieee802.org/guides/bylaws/sb-bylaws.pdfstuart.kerry@philips.compatcom@ieee.org Authors: NameOrganizationE-Mail Jon EdneyNokiaemail@jon.edney.name Stefano FaccinNokia

2 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 2 Abstract Proposes the use of “Session MAC Address” by STAs in order to provide “on air” anonymity and prevent the tracking of station mobility patterns

3 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 3 The Anonymity Problem Currently stations use a fixed MAC address that is unique worldwide Stations that visit public access areas leave a record of their MAC address There are many ways to link MAC address to identity –Link MAC address to hotel registration –Link MAC address to credit card information –Link MAC address to purchase records Once MAC address is linked to identity, user can be tracked –Businesses can track which people enter their building and for how long –Coffee bars can profile your travel behaviour through registering changes of location –etc. In general the ability to track individual users is divisive and could be used for a range of purposes from unwanted surveillance to crime

4 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 4 Two cases of problem User connecting to service –Service provider will usually require authentication and authorisation –Therefore Service provider knows identity anyway –Therefore MAC anonymity does not protect identity tracking –Anonymity only possible through independent authentication (see next slide) User probing service –User’s STA issues probe requests, looking for service –User will probe both trusted and untrusted networks –User does not join untrusted network - but MAC address may disclose identity –Therefore MAC address anonymity is important to avoid identity tracking

5 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 5 First case: Secure Anonymous Service Access Idea is that user is securely authenticated but the identity is protected Requires separation of authentication and service networks User identification and authorization performed at higher layers with trusted party Authentication not based on global MAC address, but on higher layer identifier Locally assigned MAC address used for authorised session connection New MAC address assigned for each session No relationship between identity and session MAC address

6 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 6 Example, anonymous service access Service Provider Network AP Service Router Trusted Validator AAA STA Authentication Keys Anonymous MAC address required in this zone

7 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 7 Second case: Avoiding Identity compromise on the wireless link Protect against identity disclosure during probing Protect against snoopers scanning wireless network Does not protect against identity tracking when user connects to service

8 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 8 Anonymous Probing Trusted Service AP STA Anonymous MAC address required in this zone AP Untrusted Service

9 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 9 Anonymous Probing - issues To avoid identity disclosure during probing, the MAC address sent over the air needs to be unconnected to identity This also protects against 3 rd party network snoopers To achieve this we propose that a “Session MAC address” be issued by the AP The “Real MAC address” can be used inside STA protocol stack and on wired network

10 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 10 Session MAC address domain AP Client Real MAC Address Convert Address Session MAC Address Real MAC Address PTK Application Real MAC Sess. MAC Real MAC Network

11 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 11 Session MAC Address Allocation MAC Addresses are usually globally unique –but “Local administration bit is available” –“Universe” of the MAC address is just the BSS Session MAC Address is only valid for a single BSS. STA must acquire new address if transitions to new AP Intent of Local Administration is a “manual process” where addresses are allocated and logged to prevent duplication –Can we create automatic allocation in a way that guarantees no duplication? Allocation by “random number” has been rejected by RAC –Automatic allocation might be OK if it assures no duplication

12 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 12 Additional requirement AP must learn real MAC Address of STA –Can be sent securely as part of handshake –Not needed until DS is open (Real MAC Address not needed for management frames) All existing provisions of 802.11i are unchanged.

13 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 13 Allocation Approaches AP is responsible for allocation of Session MAC addresses Managed (Non-Volatile Storage) –Start with low value and allocate block of addresses (say 1024). –Write block limit to NV memory. –Allocates more blocks as required and update NVM –On reboot start with last written bound from NVM Unmanaged (no Non Volatile Storage) –Start with true random value –Follow block allocation procedure –If block exceeds address range loop to low value.

14 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 14 Distribution of MAC to STA The STA needs to obtain a session MAC address from the AP prior to starting the association attempt Various methods are possible: –Specific request mechanism –Advertising by AP –Piggyback on probe messages Need to ensure unique MAC address issued in case of two STA joining in parallel (race condition)

15 doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 15 Summary Use of Session MAC address: –provides MAC address anonymity –Solve identity disclosure during probing

Download ppt "Doc.: IEEE 802.11-05/0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: 2005-03-10 Notice: This."

Similar presentations

Doc.: IEEE 802.11-05/1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 1 Alternative Lock-up Solution Notice: This document has been prepared.

Doc.: IEEE /1007r0 Submission September 2005 Fred Haisch, Proxim WirelessSlide 1 Alternative Lock-up Solution Notice: This document has been prepared.
Doc.: IEEE 802.11-07/0256r0 Submission February 2007 A. Centonza, D. StephensonSlide 1 Limitations on the Use of EBR Notice: This document has been prepared.

Doc.: IEEE /0256r0 Submission February 2007 A. Centonza, D. StephensonSlide 1 Limitations on the Use of EBR Notice: This document has been prepared.
Doc.: IEEE 802.11-05/0866r1 Submission September 2005 Michael Montemurro, Chantry NetworksSlide 1 Mobility Domain Definition and Description Notice: This.

Doc.: IEEE /0866r1 Submission September 2005 Michael Montemurro, Chantry NetworksSlide 1 Mobility Domain Definition and Description Notice: This.
Doc.: IEEE 802.22-12/90r0 Submission Nov., 2012 NICTSlide 1 802.22b NICT Proposal IEEE P802.22 Wireless RANs Date: 2011-10-28 Authors: Notice: This document.

Doc.: IEEE /90r0 Submission Nov., 2012 NICTSlide b NICT Proposal IEEE P Wireless RANs Date: Authors: Notice: This document.
Doc.: IEEE 802.11-06/0930r0 Submission July 2006 Nancy Cam-Winget, Cisco Slide 1 Editor Updates since Jacksonville Notice: This document has been prepared.

Doc.: IEEE /0930r0 Submission July 2006 Nancy Cam-Winget, Cisco Slide 1 Editor Updates since Jacksonville Notice: This document has been prepared.
Doc.: IEEE 802.11-06/1867r1 Submission November 2006 802.11r Security TeamSlide 1 TGr Security Requirements Notice: This document has been prepared to.

Doc.: IEEE /1867r1 Submission November r Security TeamSlide 1 TGr Security Requirements Notice: This document has been prepared to.
Doc.: IEEE 802.19-09/0094r0 Submission November 2009 Steve Shellhammer, QualcommSlide 1 Comments on 802.22.3 PAR Notice: This document has been prepared.

Doc.: IEEE /0094r0 Submission November 2009 Steve Shellhammer, QualcommSlide 1 Comments on PAR Notice: This document has been prepared.
Doc.: IEEE 802.11-06/0121r0 Submission January 2006 S. Bezzateev, A. Fomin, M. WongSlide 1 Broadcast Management Frame Protection Notice: This document.

Doc.: IEEE /0121r0 Submission January 2006 S. Bezzateev, A. Fomin, M. WongSlide 1 Broadcast Management Frame Protection Notice: This document.
Doc.: IEEE 802.11-05/1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.

Doc.: IEEE /1063r0 Submission Nov 2005 Jon Edney, NokiaSlide 1 The Lock-out Problem - an Analysis Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-06/0644r2 Submission May 2006 Päivi Ruuska, NokiaSlide 1 Measurement Pilot Transmission Information as optional information in Probe.

Doc.: IEEE /0644r2 Submission May 2006 Päivi Ruuska, NokiaSlide 1 Measurement Pilot Transmission Information as optional information in Probe.
Doc.: IEEE 802.11-05/0971r0 Submission Sept 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Redefining the SSID Notice: This document has been prepared to.

Doc.: IEEE /0971r0 Submission Sept 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Redefining the SSID Notice: This document has been prepared to.
Doc.: IEEE 802.11-06/1807r2 Submission November 2006 Matthew Fischer (Broadcom)Slide 1 TGN adhoc MAC subgroup report for November 2006 Notice: This document.

Doc.: IEEE /1807r2 Submission November 2006 Matthew Fischer (Broadcom)Slide 1 TGN adhoc MAC subgroup report for November 2006 Notice: This document.
Doc.: IEEE 802.11-05/0239r0 Submission March 2005 Montemurro, Smith, Edney, KumarSlide 1 Resource pre-allocation and commmunication adhoc report Notice:

Doc.: IEEE /0239r0 Submission March 2005 Montemurro, Smith, Edney, KumarSlide 1 Resource pre-allocation and commmunication adhoc report Notice:
Doc.: IEEE 802.11-05/1628r1 Submission January 2005 Lee Armstrong, Armstrong Consulting, Inc.Slide 1 WAVE Random MAC Address Notice: This document has.

Doc.: IEEE /1628r1 Submission January 2005 Lee Armstrong, Armstrong Consulting, Inc.Slide 1 WAVE Random MAC Address Notice: This document has.
Doc.: IEEE 802.11-05/0308r0 Submission March 2005 J. Walker, Intel Corporation, D. Stanley, Agere SystemsSlide 1 March 2005 ADS Closing Report Notice:

Doc.: IEEE /0308r0 Submission March 2005 J. Walker, Intel Corporation, D. Stanley, Agere SystemsSlide 1 March 2005 ADS Closing Report Notice:
Doc.: IEEE 802.11-05/1212r0 Submission TGT and MEF Liaison Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for.

Doc.: IEEE /1212r0 Submission TGT and MEF Liaison Notice: This document has been prepared to assist IEEE It is offered as a basis for.
Doc.: IEEE 802.11-10/86r2 Submission March, 2010 Gabor BajkoSlide 1 Location Proxy Notice: This document has been prepared to assist IEEE 802.11. It is.

Doc.: IEEE /86r2 Submission March, 2010 Gabor BajkoSlide 1 Location Proxy Notice: This document has been prepared to assist IEEE It is.
Doc.: IEEE 802.11-05/0667r0 Submission July 2005 Mike Moreton, STMicroelectronicsSlide 1 Multiple Networks Notice: This document has been prepared to assist.

Doc.: IEEE /0667r0 Submission July 2005 Mike Moreton, STMicroelectronicsSlide 1 Multiple Networks Notice: This document has been prepared to assist.
Doc.: IEEE 802.11-05/0028r0 Submission January 2005 Eleanor Hepworth, Siemens Roke ManorSlide 1 Definitions and Terminology Notice: This document has been.

Doc.: IEEE /0028r0 Submission January 2005 Eleanor Hepworth, Siemens Roke ManorSlide 1 Definitions and Terminology Notice: This document has been.
Doc.: IEEE 802.11-06/1528r0 Submission 22 September 2006 Naveen Kakani, Nokia, IncSlide 1 TGn PSMP adhoc Group September Closing Report Notice: This document.

Doc.: IEEE /1528r0 Submission 22 September 2006 Naveen Kakani, Nokia, IncSlide 1 TGn PSMP adhoc Group September Closing Report Notice: This document.

Similar presentations

Ads by Google