Doc.: IEEE 802.11-13/1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 802.11 Privacy Date: 2013-11-14 Authors: November 2013.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1521r2 Submission January 2012 Marc Emmelmann, FOKUSSlide 1 AP and Network Discovery Enhancements Date: Authors:
Advertisements

Submission doc.: IEEE 11-14/0430r2 March 2014 Dan Harkins, Aruba NetworksSlide 1 Randomized MAC Addresses for Privacy Enhancement Date: Authors:
Doc.: IEEE /1002r0 July 2011 Hyangsun You, LG Electronics Inc. Submission IPv6 for ah Author: Date: July 19, 2011 NameCompanyAddressPhone .
Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Doc.: IEEE /1323r0 November 2012 Submission Relays for ah Date: Authors: Slide 1.
Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
Doc.: IEEE /941r0 Submission July 2012 Slide 1 Access Control Mechanism for 11ah Date: Authors: NameAffiliationsAddressPhone Fang.
Doc.: IEEE /0499r1 Submission May 2006 Srinivas SreemanthulaSlide 1 TGu Proposal: Network Selection Notice: This document has been prepared to.
Doc.: IEEE /0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: Authors:
Doc.: IEEE /1042 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang, Kyungki,
Doc.: Submission January 22, 2014 Rene Struik (Struik Security Consultancy)Slide Privacy & HEW Date: Authors: NameCompanyAddressPhone .
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Doc.: IEEE /0585r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 IEEE ah and Security Date: Authors:
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
Doc.: IEEE /1468r0 Submission Dec 2008 Ashish Shukla, Marvell SemiconductorSlide 1 ERP Protection in IEEE s Mesh Network Date:
Doc.: IEEE /0893 r00 Submission July 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Service Discovery Proposal Date: Authors: Previous.
Doc.: IEEE /0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for Date: Authors:
Submission doc.: IEEE 11-12/0281r0 March 2012 Jarkko Kneckt, NokiaSlide 1 Recommendations for association Date: Authors:
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Network security Product Group 2 McAfee Network Security Platform.
Privecsg ‹#› IEEE 802 Privacy concerns about 802c PAR Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZunigaInterDigital.
Submission doc.: IEEE 11-13/0523r2 May 2013 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Understanding Current Situation of Public Wi-Fi Usage - Possible.
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
Lecture 24 Wireless Network Security
Doc.: IEEE /1164 r00 Submission September 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Some Par and 5C Requirements Date: Authors:
Submission doc.: IEEE 11-12/0553r4 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: Authors:
1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.
Doc.: IEEE /843r0 Submission Cheng Hong, Tan Pek-Yew, Panasonic Slide 1 November 2003 Interworking – WLAN Control Cheng Hong & Tan Pek Yew Panasonic.
Doc.: IEEE /1042r1 Submission NameAffiliationsAddressPhone Giwon ParkLG Electronics LG R&D Complex 533, Hogye- 1dong, Dongan-Gu, Anyang,
Doc.: IEEE /0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.
Doc.: IEEE /0093r0 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Computer Security By Duncan Hall.
Doc.: IEEE /109r1 Submission July 2002 J. Edney, H. Haverinen, J-P Honkanen, P. Orava, Nokia Slide 1 Temporary MAC Addresses for Anonymity Jon.
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
Doc.: IEEE /0263r1 SubmissionJae Seung Lee, ETRI Spec Framework Proposal: Selection of the AP for Scanning Date: Slide 1 March 2012.
Doc.: IEEE /0850r2 Submission September, 2005 Yao Zhonghui, Huawei Slide u Proposal Notice: This document has been prepared to assist.
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:
Doc.: IEEE /0896r0 SubmissionJae Seung Lee, ETRISlide 1 Probe Request Filtering Criteria Date: July 2012.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Key Centric Identity Date: Authors:
Doc.: IEEE /1219r4 Submission March, 2006 S. Ponnuswamy (Aruba Networks)Slide 1 Virtual AP Presentation Notice: This document has been prepared.
Doc.: IEEE /1436r0 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 L2 Domain Indication Mike Moreton, STMicroelectronics 15 th.
Doc.: IEEE /1468r1 Submission Jan 09 Ashish Shukla, Marvell SemiconductorSlide 1 ERP Protection in IEEE s Mesh Network Date:
Doc.: IEEE /xxxr0 Submission Nov Jonathan Segev (Intel)Slide 1 Rapid Scanning Procedure Date: Authors:
Doc: IEEE /0395r2 Submission March 2009 R. Roy, ConnexisSlide 1 WAVE ITS Station Technical Capabilities Summary Date: Authors:
Randomized MAC Addresses for Privacy Enhancement
Security and Privacy Consideration of aq
September 2011 April 2009 doc.: IEEE /xxxxr0
Improvement on Active Scanning
Multiple Frequency Channel Scanning
Enhancements to Mesh Discovery
Follow-Up on WUR Discovery Frame and Discovery Channel
Fast Session Transfer Date: Authors: May 2010 March 2010
WIEN Study Group Proposed Roadmap
Listen to Probe Request from other STAs
Follow-Up on WUR Discovery Frame and Discovery Channel
Month Year doc.: IEEE yy/xxxxr0
Proposal for authentication cluster
FILS Frame Content Date: Authors: February 2008
Fast Session Transfer Date: Authors: May 2010 March 2010
Month Year doc.: IEEE yy/xxxxr0
The pitfalls of address randomization in wireless networks
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
The pitfalls of address randomization in wireless networks
Do Not Fear Random MAC Addresses!
Presentation transcript:

doc.: IEEE /1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide Privacy Date: Authors: November 2013

doc.: IEEE /1448 r00 Submission Privacy Paul Lambert, MarvellSlide 2 November 2013

doc.: IEEE /1448 r00 Submission Communication privacy is not a new issue. Paul Lambert, MarvellSlide 3 November 2013 Privacy was an important selling point for dial based phones (1912) since they did not require an operator.

doc.: IEEE /1448 r00 Submission Wi-Fi Privacy Concerns Seattle Police Deactivate Wi-Fi Spy Grid After Privacy OutcrySeattle Police Deactivate Wi-Fi Spy Grid After Privacy Outcry (Nov 2013) A DHS and Seattle police network collecting location information CreepyDOL WiFi surveillance project debuts at Blackhat/DEFCONCreepyDOL WiFi surveillance project debuts at Blackhat/DEFCON (Aug 2013) DIY surveillance with low-cost Wi-Fi based sensors that capture MAC addresses Wi-Fi Trashcans Now Silently Tracking Your Smartphone DataWi-Fi Trashcans Now Silently Tracking Your Smartphone Data (Aug 2013)... the company boasted that the cans, which included LCD advertising screens, "provide an unparalleled insight into the past behavior of unique devices"—and hence of the people who carry them around "Technopanic" mounts over Google's Wi-Fi Privacy violations"Technopanic" mounts over Google's Wi-Fi Privacy violations (Mar 2013) A DHS and Seattle police network collecting location information Paul Lambert, MarvellSlide 4 November 2013

doc.: IEEE /1448 r00 Submission But wait – Wi-Fi “location” is also a service! Location-based Wi-Fi services can add immediate value to Wi-Fi deployments Location-based Wi-Fi services can add immediate value to Wi-Fi deployments (Oct 2013) “Knowing where someone is can be important because you are then in a better position to do something for or with them.” In-Location AllianceIn-Location Alliance (Nov 2013) “There are countless uses for accurate indoor positioning...” Renew - Wi-Fi based market information Renew - Wi-Fi based market information (Nov 2013) The Renew Network extends to over three million professionals in the City of London everyday. Our units have been strategically placed to achieve optimum viewing time, enabling our clients to receive a constant and continuous space to accommodate commercial campaigns. Paul Lambert, MarvellSlide 5 November 2013

doc.: IEEE /1448 r00 Submission Risk Analysis and Privacy Risk = Vulnerability x Threat x Cost Vulnerability: is the probability of success of an attack for a particular threat category. The “value” of vulnerability in the risk equation can vary depending on the type of attacker, for example a government may have more resources to be successful than a single hacker. Threat: is the likelihood of an adverse event. It is based on a particular threat category (hacker, paparazzi, disgruntled employee, government agency). Cost: is the impact of an attack against the vulnerability by the particular threat. Breaking into an online banking account typically has a higher cost than a denial of service attack against a single user. Paul Lambert, MarvellSlide 6 November 2013

doc.: IEEE /1448 r00 Submission Privacy versus other Security Services in Privacy protection is provided by encryption and authentication –But this just protects the disclosure “data” –Good security (e.g. RSN) is a first step and is not the subject of this analysis and is assumed as a starting point Privacy of identity and location must consider other information in frames that can be used to track a device –Like the MAC address Paul Lambert, MarvellSlide 7 November 2013

doc.: IEEE /1448 r00 Submission Where are the privacy vulnerabilities? MAC Addresses are unique per device –Enable detailed tracking by passive capture –MAC addresses may be used in IPv6 addresses and carried beyond the WLAN and will directly identify the connecting device SSIDs are sometimes unique –Enable tracking when used in probe requests and indicate a devices commonly used APs –The profile of multiple SSIDs used in probing are a good fingerprint of a users identity u is unprotected and may indicate user interests Others? Paul Lambert, MarvellSlide 8 November 2013

doc.: IEEE /1448 r00 Submission Privacy Threats Source of Threats: –Hackers, private investigators, stalkers, paparazzi –Marketing firms and retail outlets –Police, Government Agencies Non-threats: –Marketing firms and retail outlets (with user approval) –Personal home automation (of home user) –... Etc. It is very important to identify ways to enable tracking when it is a “service”, but prevent unauthorized tracking Paul Lambert, MarvellSlide 9 November 2013

doc.: IEEE /1448 r00 Submission Attack Vectors for Communications The location and capabilities of an attacker in the network is a useful way to categorize vulnerabilities. Slide 10Paull Lambert - Marvell November 2013

doc.: IEEE /1448 r00 Submission Passive Scanning and Monitor APs The primary scenarios to consider that are “threat” and not “services” are passive monitoring and APs used for monitoring Slide 11Paull Lambert - Marvell November 2013

doc.: IEEE /1448 r00 Submission Possible Technical Solutions Ephemeral MAC Addresses –use local addresses that change occasionally Limit active scanning Capability bits to indicate “willingness to be tracked” Others? Paul Lambert, MarvellSlide 12 November 2013

doc.: IEEE /1448 r00 Submission Ephemeral MAC Addresses Virtual STAs could be defined that allow a device to have a different MAC address for each BSSID What happens to DHCP allocation and routing tables? –Rapid changes are a problem, occasional changes are enough to prevent correlation of a device to a human Not easy to change with an active association –But could only change on new connections Roaming and fast handoff might be impacted –But MAC addresses could remain the same for roaming and only change when not actively associated While there are issues with Ephemeral MAC Addresses to solve, it appears viable to define procedures for MAC address privacy! Paul Lambert, MarvellSlide 13 November 2013

doc.: IEEE /1448 r00 Submission Straw Poll Would this group support the definition of privacy mechanisms for IEEE ? yes: no: abstain: Paul A. Lambert (Marvell)Slide 14 November 2013

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.