Reduce to the MACs -- Privacy Friendly Generic Probe Requests

Johanna Ansohn McDougall,Alessandro Brighente,Anne Kunstmann,Niklas Zapatka,Hannes Federrath
2024-05-15
Abstract:Abstract. Since the introduction of active discovery in Wi-Fi networks, users can be tracked via their probe requests. Although manufacturers typically try to conceal Media Access Control (MAC) addresses using MAC address randomisation, probe requests still contain Information Elements (IEs) that facilitate device identification. This paper introduces generic probe requests: By removing all unnecessary information from IEs, the requests become indistinguishable from one another, letting single devices disappear in the largest possible anonymity set. Conducting a comprehensive evaluation, we demonstrate that a large IE set contained within undirected probe requests does not necessarily imply fast connection establishment. Furthermore, we show that minimising IEs to nothing but Supported Rates would enable 82.55% of the devices to share the same anonymity set. Our contributions provide a significant advancement in the pursuit of robust privacy solutions for wireless networks, paving the way for more user anonymity and less surveillance in wireless communication ecosystems.
Cryptography and Security,Networking and Internet Architecture
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is to improve user privacy protection and prevent devices from being tracked by reducing the information elements (IEs) in Wi - Fi probe requests. Specifically, the author proposes a method called "generic probe requests", aiming to make the probe requests of different devices indistinguishable by removing all unnecessary IE content, thereby expanding the anonymity set and enhancing user privacy. ### Main problems: 1. **Device tracking**: The information elements (IEs) included in current Wi - Fi probe requests can be used as device fingerprints to track users. Even if MAC address randomization technology is widely used, these IEs may still disclose the device identity. 2. **Insufficient privacy protection**: Existing privacy protection measures (such as MAC address randomization) cannot completely prevent device fingerprint attacks based on IE content. ### Solutions: - **Generic probe requests**: The author proposes to reduce the IE content in the probe request to the minimum necessary level, that is, only retain the Supported Rates and the empty SSID field. In this way, the differences between devices are minimized, so that a single device can disappear in the largest anonymity set, thereby improving privacy protection. - **Function evaluation**: The research also evaluates the impact of this simplified probe request on network connection establishment. The results show that, on the premise of maintaining normal connection functions, simplifying IE content will not significantly affect the connection speed or quality. ### Experimental verification: - The author verifies the performance of different devices when sending simplified probe requests through experiments, and uses the Time - to - Traffic (TtT) metric to evaluate the connection establishment time. - The results show that simplifying IE content will not slow down the connection establishment speed, but will help improve user privacy. ### Key contributions: - Proposed the concept of generic probe requests and proved its feasibility. - Verified through experiments that simplifying IE content has no negative impact on the connection establishment function, while significantly improving user privacy. - Analyzed and compared the sizes of anonymity sets under different IE contents, and proved the effectiveness of generic probe requests. In summary, this paper solves the privacy problems existing in current Wi - Fi probe requests by introducing generic probe requests, providing stronger privacy protection for users in wireless networks.