Apolline Zehner (Universite libre de Bruxelles), Iness Ben Guirat (Universite libre de Bruxelles), Jan Tobias Muhlberg (Universite libre de Bruxelles)

Wireless devices, especially Bluetooth and Wi-Fi devices, emit radio communication both to scan for neighboring devices and to advertise themselves. For example, a mobile phone would typically be searching for Wi-Fi access points and Bluetooth devices, e.g., headsets, and advertise itself for connections. For this purpose, communication interfaces use a Medium Access Control (MAC) address which is a unique identifier to differentiate one device from another. However, the use of such unique identifiers can violate the privacy of the device and hence of the user; an attacker is able to use such unique identifiers in order to passively track a device. MAC address randomization – techniques that periodically change the MAC addresses of a device – were developed as a privacy-enhancing measure against such attacks. However research shows that this can be easily circumvented. In this paper, we survey approaches and techniques for metadata anonymization in Bluetooth and Wi-Fi, as well as the de-anonymization attacks. Many of these attacks rely on physical characteristics of the communication medium and on implementation flaws of both wireless protocols and MAC address randomization protocols. We conclude by discussing open challenges both in metadata protection and deanonymization.

View More Papers

RadSee: See Your Handwriting Through Walls Using FMCW Radar

Shichen Zhang (Michigan State University), Qijun Wang (Michigan State University), Maolin Gan (Michigan State University), Zhichao Cao (Michigan State University), Huacheng Zeng (Michigan State University)

Read More

CASPR: Context-Aware Security Policy Recommendation

Lifang Xiao (Institute of Information Engineering, Chinese Academy of Sciences), Hanyu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Aimin Yu (Institute of Information Engineering, Chinese Academy of Sciences), Lixin Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Dan Meng (Institute of Information Engineering, Chinese Academy of Sciences)

Read More

Hidden and Lost Control: on Security Design Risks in...

Haoqiang Wang, Yiwei Fang (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Indiana University Bloomington), Yichen Liu (Indiana University Bloomington), Ze Jin (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Indiana University Bloomington), Emma Delph…

Read More

NDSS Symposium 2025 Welcome and Opening Remarks

General Chairs: David Balenson, USC Information Sciences Institute and Heng Yin, University of California, Riverside Program Chairs: Christina Pöpper, New York University Abu Dhabi and Hamed Okhravi, MIT Lincoln Laboratory Artifact Evaluation Chairs: Daniele Cono D’Elia, Sapienza University and Mathy Vanhoef, KU Leuven

Read More