Cloning Mac Address Results Review

Every network interface has a media access control (MAC) address. Network interface cards come from the factory with a unique MAC address associated with the hardware. Most network cards and routers allow one to set a custom MAC address [1], overriding the MAC address present in the hardware. Cloning a MAC address, or changing the MAC address on one device to the MAC address associated with a different device, can be useful when an Internet connection is associated with a particular MAC address and that MAC address is no longer existed in the network. On the other hand if the ISP blocked the Mac address of the original device, changing Mac address is efficient way to communicate to the internet. Another function of cloning MAC address is used to jam the network with the IP address conflict associated with two devices.  

Valkyrie: A Generic Framework for Verifying Privacy Provisions in Wireless Networks

International audienceWireless communications integrated in connected devices can expose their users to tracking via the exposure of link layer identifiers (e.g. MAC addresses). To counter this threat, it has been proposed to replace those permanent identifiers with periodically changing random pseudonyms [16]. This practice, called address randomization has been progressively adopted by vendors [27, 36] and has even made its way to wireless standards [1, 35]. However, an effective implementation of address randomization requires more than periodically rotating the link layer identifier. Indeed, several works [7, 10, 11, 15, 26, 27, 36] identified issues with address randomization implementation, where in-frames counters and identifiers can undermine the anti-tracking measure. In this paper, we address the problem of verifying the correctness of an address randomization implementation. To this end, we introduce an approach to identify issues based on a capture of the traffic generated by a device. This approach relies on rules specifying requirements for a correct implementation of address randomization. Then, we prototype Valkyrie (Verification of Addresses LinKabilitY in address Randomization ImplemEntations), a software tool that, based on a set of rules, verifies that a given sequence of frames generated by a device does not compromise the address randomization scheme. Finally, we evaluate this tool on a corpus of frame captures corresponding to 60 devices implementing address randomization for Wi-Fi and Bluetooth Low Energy (BLE)

Automatic Passenger Counting on the Edge via Unsupervised Clustering

We present a device- and network-based solution for automatic passnger counting that operates on the edge in real time. The proposed solution consists of a low-cost WiFi scanner device equipped with custom algorithms for dealing with MAC address randomization. Our low-cost scanner is able to capture and analyze 802.11 probe requests emitted by passengers' devices such as laptops, smartphones, and tablets. The device is configured with a Python data-processing pipeline that combines data coming from different types of sensors and processes them on the fly. For the analysis task, we have devised a lightweight version of the DBSCAN algorithm. Our software artifact is designed in a modular way in order to accommodate possible extensions of the pipeline, e.g., either additional filters or data sources. Furthermore, we exploit multi-threading and multi-processing for speeding up the entire computation. The proposed solution has been tested with different types of mobile devices, obtaining promising experimental results. In this paper, we present the key ingredients of our edge computing solution

Ré-identification d'adresses dans les réseaux LoRaWAN

LoRaWAN is a long range, low energy and low throughput network technology used to provide connectivity to all kind of devices. Encryption ensure the confidentiality of the conveyed data but do not protects metadata, including the DevAddress which is the device identifier allocated by the LoRa network. Because of the long range of the radio signals and the open nature of the wireless medium, this metadata can be easily collected and can leak potentially sensitive information about a system communicating through LoRa.In addition to the DevAddress, a device is also identified by a DevEUI, a globally unique and permanent identifier. As opposed to the DevAddress, the DevEUIis a static identifier and it can generally be linked to the device manufacturer or the device type. The DevEUI is thus a source of additional information that could be combined with the traffic metadata to gain additional knowledge on a device. However, on the wireless link the DevEUIis only exposed during the join procedure and is never directly associated with other identifiers, and in particular not with the DevAddress.In this documente, focus on this problem and present a method to link a DevEUI to a DevAddress and thus to the associated metadata. Our method relies on the time correlation between messages exchanged during the device activation and registration on the LoRa network. The proposed method is tested on two sets of LoRa traces: a real-world dataset and a synthetic one. The corresponding simulation results shows that a significant fraction of the DevEUI can be matched to a DevAddress. Finally we discuss a number of measures that could be adopted to reduce the efficiency of the presented address linking attack.LoRaWAN est une technologie réseau à longue portée, faible débit et basse consommation d’énergie utilisée pour fournir une connectivité à toutes sortes d’appareils. Le chiffrement assure la confidentialité des données mais ne protège pas les métadonnées, en particulier la DevAddress qui est l’identifiant de l’appareil alloué par le réseau LoRa. A cause de la longue portée des signaux radio et de la nature ouverte du medium sans-fil, ces métadonnées peuvent être aisément collectées et peuvent exposer des informations potentiellement sensibles à propos d’un système.En plus de la DevAddress, un appareil est aussi identifié par un DevEUI, un identifiant unique. Contrairement au DevAddress, le DevEUIest statique et il peut être rattaché à un constructeur ou au type de l’appareil. Le DevEUIest donc une source d’information qui pourrait être combiné avec d’autres métadonnées. Cependant, sur le canal radio, le DevEUIest seulement exposé durant la procédure d’association et n’est jamais directement associé à d’autres identifiant, et en particulier jamais avec le DevAddress.Dans ce document, nous traitons ce problème et présentons une méthode permettant de lier un DevEUI à un DevAddress, et ainsi aux métadonnées associées. Notre méthode repose sur une corrélation temporelle entre les messages échangés durant la phase d’activation et d’association au réseau LoRa. Cette méthode est testée sur un jeu de traces réel et un jeu de traces synthétique. Les résultats de simulation obtenus montrent qu’une fraction significative des DevEUI peuventêtre associé à un DevAddress. Nous terminons en proposant des mesures qui pourraient être adoptées pour empêcher cette attaque

Embedded Module for WiFi Analysis

Tématem této bakalářské práce je vytvoření kompaktního zařízení, které bude napájeno bateriemi a poslouží pro sběr dat pomocí WiFi. Výsledná data budou zařízením zpracována a uložena na externí paměť, ze které poté poslouží k následné analýze na výkonnějším stroji. Analýza se bude zaměřovat na počítání aktivních zařízení v okolí a celkovou problematikou.The topic of this thesis is to create a compact device that will be powered by batteries and will be used for data collection using WiFi. The resulting data will be processed by the device and stored on external memory, which will then be used for following analysis on a more powerful machine. The analysis will focus on the counting of active devices in the vicinity of the device and overall problematics.460 - Katedra informatikydobř

Defeating MAC address randomization through timing attacks

MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.status: publishe

Defeating MAC Address Randomization Through Timing Attacks

International audienceMAC address randomization is a common privacy protection measure deployed in major operating systems today.It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking