| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
| --- This message came from the IEEE 802.11 Working Group Reflector ---
Hello, I received several emails in support of this effort and one of them noted that since this issue deals with the behavior of STAs prior to association and while they are discovering network services, it should best be addressed in 11aq instead of waiting for 11md. I agree and am working on a submission to address it there. This will also allow us to address the urgent need identified by the US Naval Academy below in a timely manner as the timeline for 11md completion is several years out. regards, Dan. On 3/14/17, 11:43 AM, "*** IEEE stds-802-11 List *** on behalf of Harkins, Daniel" <STDS-802-11@xxxxxxxx on behalf of
daniel.harkins@xxxxxxx> wrote: --- This message came from the IEEE 802.11 Working Group Reflector ---
Greetings, Exactly 3 years ago I presented 11-14/0367r2 in 11mc. That submission proposed some language in the 802.11 standard to define certain behavior when MAC address randomization is used. There were a number of comments but the big one was that it was not necessary. Over time, implementations have come on the market that randomize MAC addresses and the results are in: we really do need some language in the standard that says exactly what to do when privacy is desired, both how and when to randomize a MAC address and how to remove information from 802.11 frames that can be used to perform tracking even when a randomized MAC address is used. Researchers from the U.S. Naval Academy have performed a study [1] and conclude with: “We propose the following best practices for MAC address randomization. Firstly, mandate a universal randomization policy to be used across the spectra of 802.11 client devices. We have illustrated that when vendors implement unique MAC address randomization schemes it becomes easier to identify and track those devices.” concluded the experts. “A universal policy must include at
minimum, rules for randomized MAC address byte structure, 802.11 IE usage, and sequence number behavior,” Based on this sage advice, I plan on introducing a submission to 11md (when formed) to define a privatization policy to be used by STAs that wish to make it harder to track them. If you wish to contribute to this effort or if you have legitimate concerns on 802.11 privacy, please unicast me back. regards, Dan. [1]
http://securityaffairs.co/wordpress/57076/uncategorized/mac-address-randomization-flaws.html _______________________________________________________________________________
If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect.
Instead, go to
http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button.
If there is no LEAVE button here, try
http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO. Further information can be found at:
http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________
If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect. Instead, go to http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button. If there is no LEAVE button here, try http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO. Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________ |