1. Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era Authors: Ben Greenstein, Ramakrishna Gummadi, Jeffrey Pang, Mike Y. Chen, Tadayoshi Kohno,Srinivasan Seshan, David Wetherall Presenter: Yinzhi Cao

2. Introduction The advent of mobile devices and ubiquitous computing devices has really pushed security and privacy in this environment to the forefront and is fast developing as an important area of research. A device can be indentified and tracked over time through its persistent link-layer address, list of known networks(SSIDs), and other protocol and physical layer characteristics.

3. 802.11 Case Study (1)

4. 802.11 Case Study (1) CONT’D

5. Result People may know that Ferris went to Park on Tuesday while he says he is sick and should be at home.

6. 802.11 Case Study(2)

7. 802.11 Case Study(3)

8. Sequence Number Field (the rate of package transmissions) Traffic Indication Map in beacon frames for clients using power-save functionality(count of power-save user number)

9. Research Challenge Naming Discovering resources and binding Limiting information leakage

10. Naming Unique MAC address Leakage Solution: – Periodically Changing MAC addresses (Pseudonym) – Hiding Persistent ID Problem – Pseudonyms can be linked together – Link 802.11 with bluetooth – Prevent Normal Users

11. Discovering resources and binding Designing Goal – Only clients who are authorized to use a private service should be capable of learning of its presence. – At most the client and the service involved should know when a binding is established or broken between them; optionally, the identity of the client may be hidden from the service as well.

12. Limiting information leakage We can’t encrypt all the frames. – some link header fields are designed to be broadcast to all users. For example, the duration field. – if a client were to encrypt the remaining fields so that only the AP could decrypt them, then the AP would suffer additional computation load, and would thus be more susceptible to denial-of- service attacks

13. Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing Authors: T. Scott Saponas, Jonathan Lester, Carl Hartung, Sameer Agarwal, Tadayoshi Kohno Presenter: Yinzhi Cao

14. The Sling Media Slingbox Pro Usage – allows users to remotely view (sling) the contents of their TV over the Internet Vulnerability – Based on throughput, we can deduce which TV program users are watching

15. The Sling Media Slingbox Pro

16. The Sling Media Slingbox Pro Cont’d Method

17. The Sling Media Slingbox Pro Cont’d Result

18. The Nike+iPod Sport Kit: Devices that Reveal Your Presence Usage – The Nike+iPod Sport Kit allows runners and walkers to hear real time workout progress reports on their iPod Nanos.

19. The Nike+iPod Sport Kit: Devices that Reveal Your Presence Cont’d Vulnerability

20. Zunes: Challenges with Managing Ad Hoc Mobile Social Interactions Usage – portable media devices to include wireless capability for the purpose of sharing media – Block Mechanism

21. Zunes: Challenges with Managing Ad Hoc Mobile Social Interactions Circumventing the Zune Blocking Mechanism – Disappearing attack Zune – Fake MAC addresses – Post-blocking privacy

22. Thank you