Computer Science Department
School of Computer Science, Carnegie Mellon University
Quantifying and Mitigating Privacy Threats
Jeffrey Anson Pang
The ubiquity of mobile wireless devices greatly magnifies the threats of clandestine physical tracking, profiling, and surveillance. This is because these devices often reveal their identities and locations to third parties, either inadvertently to eavesdroppers nearby or in reports to location-based services.
In this dissertation, we address the challenges in building practical wireless protocols and services that protect users from these threats. To understand the nature of the problem, we first quantify how easily eavesdroppers can track devices that use 802.11, the dominant local area wireless protocol for the foreseeable future. Using wireless traffic from hundreds of real devices, we show that eavesdroppers can track 802.11 devices accurately even if explicit identifiers, such as MAC addresses, are changed over time. This is because implicit identifiers, or identifying characteristics of 802.11 traffic, can still identify many users with high accuracy. We develop an automated procedure that can identify users even when countermeasures, such as pseudonyms and encryption, are employed.
In response to these shortcomings, we present the design and evaluation of an 802.11-like wireless link layer protocol that obfuscates all transmitted bits, ather than select fields, to increase privacy. By obscuring all bits, we greatly increase the difficulty of identifying or profiling users from their transmissions. Our design, called SlyFi, is nearly as efficient as existing schemes for discovery, link setup, and data delivery because transmission requires only symmetric key encryption and reception requires a table lookup followed by symmetric key decryption. Experiments using our implementation on Atheros 802.11 drivers show that SlyFi performs comparably with 802.11 using WPA.
Finally, we demonstrate how to build wireless service directories that can not track users who submit location-aware reports. This problem is increasingly relevant for 802.11 hotspot directories, which may rely on users that submit accurate information about hotspot location and characteristics but want to remain anonymous. We present Wifi-Reports, a location-based service that provides Wi-Fi clients with historical information about AP location, performance, and application support. Wifi-Reports addresses two conflicting goals: preserving the privacy of users' reports and limiting fraudulent reports.
Our contributions demonstrate that future wireless protocols and services need not sacrifice users' privacy in order to be practical.