Proceedings of the 32nd Annual Conference on Computer Security Applications 2016
DOI: 10.1145/2991079.2991098
|View full text |Cite
|
Sign up to set email alerts
|

Decomposition of MAC address structure for granular device inference

Abstract: Common among the wide variety of ubiquitous networked devices in modern use is wireless 802.11 connectivity. The MAC addresses of these devices are visible to a passive adversary, thereby presenting security and privacy threatseven when link or application-layer encryption is employed. While it is well-known that the most significant three bytes of a MAC address, the OUI, coarsely identify a device's manufacturer, we seek to better understand the ways in which the remaining low-order bytes are allocated in pra… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
40
0
1

Year Published

2017
2017
2024
2024

Publication Types

Select...
4
3
1

Relationship

3
5

Authors

Journals

citations
Cited by 46 publications
(41 citation statements)
references
References 10 publications
0
40
0
1
Order By: Relevance
“…Table 3 highlights the results of this analysis. We completed this analysis by evaluating the following; i) the MAC address prefix (OUI, CID, random), ii) WPS attributes, iii) 802.11 IE derived device signatures, and iv) mDNS fingerprinting techniques [20]. Lastly, we confirm our analysis using devices procured by our team and evaluated in a controlled Radio Frequency (RF) environment.…”
Section: Identifying Randomizationmentioning
confidence: 92%
See 2 more Smart Citations
“…Table 3 highlights the results of this analysis. We completed this analysis by evaluating the following; i) the MAC address prefix (OUI, CID, random), ii) WPS attributes, iii) 802.11 IE derived device signatures, and iv) mDNS fingerprinting techniques [20]. Lastly, we confirm our analysis using devices procured by our team and evaluated in a controlled Radio Frequency (RF) environment.…”
Section: Identifying Randomizationmentioning
confidence: 92%
“…It is trivial to identify the manufacturer as the OUI provides sufficient resolution. However, in order to conjecture as to the device model we borrow from the work of [20] in which we obtain model granularity from MAC address decomposition. Next, we look for any case where a device using a global MAC address as the source of a probe request matches the desired signature and also transmitted a mDNS packet at some point.…”
Section: :68:c3mentioning
confidence: 99%
See 1 more Smart Citation
“…Since the topic of traffic classification has been well-studied [9], [10] and the classifier itself is not the focus of this paper, we use the same statistic feature as [9] to implement the classifier. In addition, we separate connections by device's IP address and use MAC address to identify the type of devices [11] which is added in the feature. To enable run-time classification, we update statistics and predict every 2 seconds.…”
Section: Automatic Traffic Classificationmentioning
confidence: 99%
“…For example, researchers have found the way many devices utilize 802.11 Media Access Control (MAC) addresses and cellular International Mobile Equipment Identities (IMEI) and International Mobile Subscriber Identities (IMSI) can make them particularly vulnerable to tracking [15,25,29,30,34]. As such, Operating System (OS) vendors and network standards bodies have implemented protocols and policies to mitigate these vulnerabilities.…”
Section: Introductionmentioning
confidence: 99%