1. privecsg-15-0017-00-0000 1 Tracking of Link Layer Identifiers Date: [2015-01-15] Authors: NameAffiliationPhoneEmail Juan Carlos ZúñigaInterDigital Labsj.c.zuniga@ieee.org Notice: This document does not represent the agreed view of the IEEE 802 EC Privacy Recommendation SG. It represents only the views of the participants listed in the ‘Authors:’ field above. It is offered as a basis for discussion. It is not binding on the contributor, who reserve the right to add, amend or withdraw material contained herein. Copyright policy: The contributor is familiar with the IEEE-SA Copyright Policy.http://standards.ieee.org/IPR/copyrightpolicy.html Patent policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: and.http://standards.ieee.org/guides/bylaws/sect6-7.html#6http://standards.ieee.org/guides/opman/sect6.html#6.3 Abstract This document proposes some changes to the IAB draft Confidentiality Threat Model-04

2. privecsg-15-0017-00-0000 2 Motivation The Privacy EC SG has concentrated its efforts on privacy issues related to MAC addresses There are many other privacy considerations regarding Link Layer technologies The current IAB Threat Model draft (04) mentions some issues related to MAC address tracking –However, there are other Link Layer identifiers that should also be considered, like (E)SSIDs, BSSIDs, etc.

3. privecsg-15-0017-00-0000 3 Current text 3.3.7. Tracking of MAC Addresses Moving back down the stack, technologies like Ethernet or Wi-Fi use MAC Addresses to identify link-level destinations. MAC Addresses assigned according to IEEE-802 standards are unique to the device. If the link is publicly accessible, an attacker can track it. For example, the attacker can track the wireless traffic at public Wi-Fi networks. Simple devices can monitor the traffic, and reveal which MAC Addresses are present. If the network does not use some form of Wi-Fi encryption, or if the attacker can access the decrypted traffic, the analysis will also provide the correlation between MAC Addresses and IP addresses. Additional monitoring using techniques exposed in the previous sections will reveal the correlation between MAC Addresses, IP Addresses, and user identity. Given that large-scale databases of the MAC addresses of wireless access points for geolocation purposes have been known to exist for some time, the attacker could easily build a database linking MAC Addresses and device or user identities, and use it to track the movement of devices and of their owners.

4. privecsg-15-0017-00-0000 4 Proposed text 3.3.7. Tracking of Link-Layer Identifiers Moving back down the stack, technologies like Ethernet or Wi-Fi use MAC Addresses to identify link-level destinations. MAC Addresses assigned according to IEEE-802 standards are globally-unique identifiers for the device. If the link is publicly accessible, an attacker can eavesdrop and perform tracking. For example, the attacker can track the wireless traffic at publicly accessible Wi-Fi networks. Simple devices can monitor the traffic, and reveal which MAC Addresses are present. Also, certain techniques such as the use of “hidden SSIDs” require the mobile device to broadcast the network identifier together with the device identifier. This combination can further expose the user to inference attacks, as more information can be derived from the combination of MAC address, SSID being searched and geolocation. If the network does not use some form of Wi-Fi encryption, or if the attacker can access the decrypted traffic, the analysis will also provide the correlation between link-layer identifiers such as MAC Addresses and IP addresses. Additional monitoring using techniques exposed in the previous sections will reveal the correlation between MAC Addresses, IP Addresses, and user identity. Given that large-scale databases of the MAC addresses of wireless access points for geolocation purposes have been known to exist for some time, the attacker could easily build a database linking link-layer identifiers and device or user identities, and use it to track the movement of devices and of their owners.