Docstoc

11-05-0170-00-000u-session-mac-address-anonymity

Document Sample
11-05-0170-00-000u-session-mac-address-anonymity Powered By Docstoc
					March 2005                                                                                                                 doc.: IEEE 802.11-05/0170r0


             Session MAC Address For Anonymity
                                                                         Date: 2005-03-10

Authors:


Name                                                             Organization                                                       E-Mail
Jon Edney                                                        Nokia                                                              email@jon.edney.name
Stefano Faccin                                                   Nokia



Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in
this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE
Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit
others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.

Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement
"IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents
essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is
essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair
<stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being
developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>.


Submission                                                                                  Slide 1                                            Jon Edney, Stefano Faccin, Nokia
March 2005                           doc.: IEEE 802.11-05/0170r0


                       Abstract

 Proposes the use of “Session MAC Address” by STAs in
   order to provide “on air” anonymity and prevent the
   tracking of station mobility patterns




Submission                 Slide 2          Jon Edney, Stefano Faccin, Nokia
March 2005                                                  doc.: IEEE 802.11-05/0170r0


                         The Anonymity Problem

 •    Currently stations use a fixed MAC address that is unique worldwide
 •    Stations that visit public access areas leave a record of their MAC address
 •    There are many ways to link MAC address to identity
        – Link MAC address to hotel registration
        – Link MAC address to credit card information
        – Link MAC address to purchase records
 •    Once MAC address is linked to identity, user can be tracked
        – Businesses can track which people enter their building and for how long
        – Coffee bars can profile your travel behaviour through registering changes of location
        – etc.
 •    In general the ability to track individual users is divisive and could be used
      for a range of purposes from unwanted surveillance to crime



Submission                                   Slide 3                  Jon Edney, Stefano Faccin, Nokia
March 2005                                               doc.: IEEE 802.11-05/0170r0


                      Two cases of problem

 • User connecting to service                   • User probing service
       – Service provider will usually               – User’s STA issues probe
         require authentication and                    requests, looking for service
         authorisation                               – User will probe both trusted
       – Therefore Service provider                    and untrusted networks
         knows identity anyway                       – User does not join untrusted
       – Therefore MAC anonymity                       network - but MAC address
         does not protect identity                     may disclose identity
         tracking                                    – Therefore MAC address
       – Anonymity only possible                       anonymity is important to
         through independent                           avoid identity tracking
         authentication (see next slide)



Submission                                 Slide 4                Jon Edney, Stefano Faccin, Nokia
March 2005                                            doc.: IEEE 802.11-05/0170r0


       First case: Secure Anonymous Service Access

   •   Idea is that user is securely authenticated but the identity is protected
   •   Requires separation of authentication and service networks
   •   User identification and authorization performed at higher layers with
       trusted party
   •   Authentication not based on global MAC address, but on higher layer
       identifier
   •   Locally assigned MAC address used for authorised session connection
   •   New MAC address assigned for each session
   •   No relationship between identity and session MAC address




Submission                              Slide 5                Jon Edney, Stefano Faccin, Nokia
March 2005                                              doc.: IEEE 802.11-05/0170r0


             Example, anonymous service access
               Service Provider Network

                      Service                          Trusted Validator




                       Router                                     AAA


                                              Keys

                         AP                    Authentication




                        STA
                                               Anonymous MAC address required in this zone



Submission                          Slide 6                         Jon Edney, Stefano Faccin, Nokia
March 2005                             doc.: IEEE 802.11-05/0170r0

 Second case: Avoiding Identity compromise
            on the wireless link


   • Protect against identity disclosure during probing
   • Protect against snoopers scanning wireless network
   • Does not protect against identity tracking when user
     connects to service




Submission                   Slide 7          Jon Edney, Stefano Faccin, Nokia
   March 2005                                            doc.: IEEE 802.11-05/0170r0


                                     Anonymous Probing
                            Trusted Service              Untrusted Service




                                     AP                         AP




                                                   STA




Anonymous MAC address required in this zone




  Submission                                  Slide 8           Jon Edney, Stefano Faccin, Nokia
March 2005                            doc.: IEEE 802.11-05/0170r0


             Anonymous Probing - issues

  • To avoid identity disclosure during probing, the MAC
    address sent over the air needs to be unconnected to
    identity
  • This also protects against 3rd party network snoopers
  • To achieve this we propose that a “Session MAC
    address” be issued by the AP
  • The “Real MAC address” can be used inside STA
    protocol stack and on wired network



Submission                  Slide 9          Jon Edney, Stefano Faccin, Nokia
March 2005                                 doc.: IEEE 802.11-05/0170r0


                Session MAC address domain

                             Real MAC Address
                              Convert Address
                     AP

    Network
   Real MAC
                                                              PTK
   Sess. MAC                Session MAC Address
   Real MAC
  Application
                   Client     Convert Address
                             Real MAC Address


Submission                      Slide 10          Jon Edney, Stefano Faccin, Nokia
March 2005                                               doc.: IEEE 802.11-05/0170r0


                   Session MAC Address Allocation

     • MAC Addresses are usually globally unique
             – but “Local administration bit is available”
             – “Universe” of the MAC address is just the BSS
     • Session MAC Address is only valid for a single BSS. STA
       must acquire new address if transitions to new AP
     • Intent of Local Administration is a “manual process” where
       addresses are allocated and logged to prevent duplication
             – Can we create automatic allocation in a way that guarantees no
               duplication?
     • Allocation by “random number” has been rejected by RAC
             – Automatic allocation might be OK if it assures no duplication




Submission                                 Slide 11              Jon Edney, Stefano Faccin, Nokia
March 2005                                       doc.: IEEE 802.11-05/0170r0


                   Additional requirement

• AP must learn real MAC Address of STA
       – Can be sent securely as part of handshake
       – Not needed until DS is open
• (Real MAC Address not needed for management frames)
• All existing provisions of 802.11i are unchanged.




Submission                          Slide 12            Jon Edney, Stefano Faccin, Nokia
March 2005                                                           doc.: IEEE 802.11-05/0170r0



                          Allocation Approaches

      • AP is responsible for allocation of Session MAC
        addresses
      • Managed (Non-Volatile Storage)
             –   Start with low value and allocate block of addresses (say 1024).
             –   Write block limit to NV memory.
             –   Allocates more blocks as required and update NVM
             –   On reboot start with last written bound from NVM

      • Unmanaged (no Non Volatile Storage)
             –   Start with true random value
             –   Follow block allocation procedure
             –   If block exceeds address range loop to low value.




Submission                                        Slide 13                     Jon Edney, Stefano Faccin, Nokia
March 2005                                    doc.: IEEE 802.11-05/0170r0


               Distribution of MAC to STA

   • The STA needs to obtain a session MAC address from
     the AP prior to starting the association attempt
   • Various methods are possible:
         – Specific request mechanism
         – Advertising by AP
         – Piggyback on probe messages
   • Need to ensure unique MAC address issued in case of
     two STA joining in parallel (race condition)




Submission                         Slide 14          Jon Edney, Stefano Faccin, Nokia
March 2005                                doc.: IEEE 802.11-05/0170r0


                          Summary


       • Use of Session MAC address:
             – provides MAC address anonymity
             – Solve identity disclosure during probing




Submission                     Slide 15          Jon Edney, Stefano Faccin, Nokia

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/13/2012
language:
pages:15