Apolline Zehner (Universite libre de Bruxelles), Iness Ben Guirat (Universite libre de Bruxelles), Jan Tobias Muhlberg (Universite libre de Bruxelles)

Wireless devices, especially Bluetooth and Wi-Fi devices, emit radio communication both to scan for neighboring devices and to advertise themselves. For example, a mobile phone would typically be searching for Wi-Fi access points and Bluetooth devices, e.g., headsets, and advertise itself for connections. For this purpose, communication interfaces use a Medium Access Control (MAC) address which is a unique identifier to differentiate one device from another. However, the use of such unique identifiers can violate the privacy of the device and hence of the user; an attacker is able to use such unique identifiers in order to passively track a device. MAC address randomization – techniques that periodically change the MAC addresses of a device – were developed as a privacy-enhancing measure against such attacks. However research shows that this can be easily circumvented. In this paper, we survey approaches and techniques for metadata anonymization in Bluetooth and Wi-Fi, as well as the de-anonymization attacks. Many of these attacks rely on physical characteristics of the communication medium and on implementation flaws of both wireless protocols and MAC address randomization protocols. We conclude by discussing open challenges both in metadata protection and deanonymization.

View More Papers

ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control...

Corban Villa (New York University Abu Dhabi), Constantine Doumanidis (New York University Abu Dhabi), Hithem Lamri (New York University Abu Dhabi), Prashant Hari Narayan Rajput (InterSystems), Michail Maniatakos (New York University Abu Dhabi)

Read More

Inspecting Compiler Optimizations on Mixed Boolean Arithmetic Obfuscation

Rachael Little, Dongpeng Xu (University of New Hampshire)

Read More

cozy: Comparative Symbolic Execution for Binary Programs

Caleb Helbling, Graham Leach-Krouse, Sam Lasser, Greg Sullivan (Draper)

Read More

Mnemocrypt

André Pacteau, Antonino Vitale, Davide Balzarotti, Simone Aonzo (EURECOM)

Read More