Re: Beyond MAC randomization (prevent tracking)

From: Chris Laprise <tasket openmailbox org>
To: Network Manager <networkmanager-list gnome org>
Subject: Re: Beyond MAC randomization (prevent tracking)
Date: Tue, 11 Apr 2017 11:30:15 -0400

On 04/10/2017 01:35 PM, Chris Laprise wrote:

1. A Study of MAC Address Randomization in Mobile Devices and
When it Fails
https://arxiv.org/pdf/1703.02874v1.pdf




A listing of best practices from the paper:

Randomize across the entire address, providing
2^46 bits of randomization.

Use a random address for every probe request
frame.

Remove sequence numbers from probe requests.

If sequence numbers are used, reset sequence
number when transmitting authentication and
association frames.

Never send probe requests using a global MAC
address.

Enforce a policy requiring a minimal and stan-
dard set of vendor IEs. Move any lost function-
ality to the authentication/association process,
or upon network establishment utilize discovery
protocols.

Specifically, the use of WPS attributes should
be removed except when performing P2P opera-
tions. Prohibit unique vendor tags such as those
introduced by Apple iOS 10.

Eliminate the use of directed probe requests for
cellular offloading.

Mandate that chipset firmware remove behavior
where RTS frames received while in State 1 elicit
a CTS response.

Seems like NM and careful configuration might address some of thesepoints...



(BTW, the usna.edu address appears to be disabled.)

--

Chris Laprise, tasket openmailbox org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Follow-Ups:
- Re: Beyond MAC randomization (prevent tracking)
  - From: Thomas Haller

References:
- Beyond MAC randomization (prevent tracking)
  - From: Chris Laprise

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]