Skip to main content
SpringerLink
Log in

Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The recent proliferation of wireless local area networks (WLAN) has introduced new location privacy risks. An adversary controlling several access points could triangulate a client’s position. In addition, interface identifiers uniquely identify each client, allowing tracking of location over time. We enhance location privacy through frequent disposal of a client’s interface identifier. While not preventing triangulation per se, it protects against an adversary following a user’s movements over time. Design challenges include selecting new interface identifiers, detecting address collisions at the MAC layer, and timing identifier switches to balance network disruptions against privacy protection. Using a modified authentication protocol, network operators can still control access to their network. An analysis of a public WLAN usage trace shows that disposing addresses before reassociation already yields significant privacy improvements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. P.E. Agre, RRE notes and recommendations (1999) http://commons.somewhere.com/rre/1999/RRE.notes.and.recommenda14.html.

  2. J. Al-Muhtadi, R. Campbell, A. Kapadia, M.D. Mickunas and S. Yi, Routing through the mist: Privacy preserving communication in ubiquitous computing environments, in International Conference of Distributed Computing Systems (2002).

  3. P. Bahl and V.N. Padmanabhan, RADAR: An in-building RF-based user location and tracking system, in: IEEE INFOCOM (2000) pp. 775–784.

  4. A. Balachandran, G. Voelker, P. Bahl and P. Rangan, Characterizing user behavior and network performance in a public wireless LAN, in: Proceedings of ACM SIGMETRICS (2002).

  5. M. Balazinska and P. Castro, Characterizing mobility and network usage in a corporate wireless local-area network, in: The First International Conference on Mobile Systems, Applications, and Services (MobiSys) (2003).

  6. M.K. Base, Article 164903 – How to troubleshoot duplicate media access control address conflicts, (2002) http://support.microsoft.com/default.aspx?scid=KB;en-us;q164903.

  7. V. Bharghavan, A dynamic addressing scheme for wireless media access, in: International Conference on Communications (1995).

  8. Black Alchemy, FakeAP (2003) http://www.blackalchemy.to/project/fakeap/.

  9. N. Borisov, I. Goldberg and D. Wagner, Intercepting mobile communications: the insecurity of 802.11, in: Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking (2001) pp. 180–189.

  10. P. Castro, P. Chiu, T. Kremenek and R. Muntz, A probabilistic room location service for wireless networked environments, in: Ubicomp (2001).

  11. CNN, Police: GPS device used to stalk woman, (2002) http://www.cnn.com/2002/TECH/ptech/12/31/gps.stalk.ap/index.html.

  12. EAP TLS, PPP EAP TLS authentication protocol Requests for Comments 2716 (1999).

  13. D. Eastlake, S. Crocker and J. Schiller, RFC 1750: Randomness recommendations for security, (1994) http://www.ietf.org/rfc/rfc1750.txt.

  14. A. Ebner and H. Rohling, A self-organized radio network for automotive applications, in: Proceedings of the 8th World Congress on Intelligent Transportation Systems (2001).

  15. A. Fasbender, D. Kesdogan and O. Kubitz, Analysis of security and privacy in mobile ip, in: 4 th International Conference on Telecommunication Systems Modeling and Analysis (1996).

  16. D. Goldschlag, M. Reed and P. Syverson, Onion routing for anonymous and private Internet connections, Communications of the ACM (USA) 42(2) (1999) 39–41.

    Article  Google Scholar 

  17. M. Gruteser and D. Grunwald, Anonymous usage of location-based services through spatial and temporal cloaking, in: Proceedings of the First International Conference on Mobile Systems, Applications, and Services (2003a).

  18. M. Gruteser and D. Grunwald, A methodological assessment of location privacy risks in wireless hotspot networks, in: Proceedings of the First International Conference on Security in Pervasive Computing (2003b) (to appear).

  19. IEEE, 1999, IEEE Standard 802.11b – Wireless LAN Medium Access Control (MAC) and Physical layer (PHY) specications: High Speed Physical Layer (PHY) in the 2.4 GHZz Band (1999).

  20. IEEE, OUI assignments (2003) http://standards.ieee.org/regauth/oui/index.shtml.

  21. D. Kesdogan, H. Federrath, A. Jerichow and A. Pfitzmann, Location management strategies increasing privacy in mobile communication, in: 12th International Information Security Conference. Samos, Greece (1996) pp. 39–48.

  22. D. Kotz and K. Essien, Analysis of a campus-wide wireless network, in: Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (2002) pp. 107–118.

  23. A.M. Ladd, K.E. Bekris, A. Rudys, L.E. Kavraki, D.S. Wallach and G. Marceau, Robotics-based location sensing using wireless ethernet, in: Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (2002) pp. 227–238.

  24. C.-H. Lee, M.-S. Hwang and W.-P. Yang, Enhanced privacy and authentication for the global system for mobile communications, Wireless Networks 5(4) (1999) 231–243.

    Article  Google Scholar 

  25. U. Leonhardt and J. Magee, Security considerations for a distributed location service, Journal of Network and System Management 6 (1998) 51–70.

    Article  Google Scholar 

  26. Location Privacy Protection Act, Location privacy protection act, (2001) http://www.techlawjournal.com/cong107/privacy/location/s1164is.asp.

  27. T. Narten and R. Draves, RFC3041 – Privacy Extensions for Stateless Address Autoconfiguration in IPv6, http://www.faqs.org/ftp/rfc/rfc3041.txt.

  28. N. Negroponte, Being wireless, Wired 10(10) (2003).

  29. M. Piszczalski, The next big thing: Wi-Fi, Automotive Design and Production (2002).

  30. J. Reed, K. Krizman, B. Woerner and T. Rappaport, An overview of the challenges and progress in meeting the e-911 requirement for location service, IEEE Personal Communications Magazine 5(3) (1998) 30–37.

    Article  Google Scholar 

  31. M.K. Reiter and A.D. Rubin, Crowds: Anonymity for Web transactions, ACM Transactions on Information and System Security 1(1) (1998) 66–92.

    Article  Google Scholar 

  32. C. Schurgers, G. Kulkarni and M.B. Srivastava, Distributed assignment of encoded MAC addresses in sensor networks, in: Proceedings of the 2001 ACM International Symposium on Mobile Ad Hoc Networking and Computing (2001) pp. 295–298.

  33. A. Smailagic and D. Kogan, Location sensing and privacy in a context-aware computing environment, IEEE Wireless Communications 9 (2002) 10–17.

    Article  Google Scholar 

  34. M. Spreitzer and M. Theimer, Providing location information in a ubiquitous computing environment, in: Proceedings of the Fourteenth ACM Symposium on Operating System Principles (1993) pp. 270–283.

  35. W.R. Stevens, TCP/IP Illustrated, (Addison-Wesley, 1994), Vol. 1.

  36. A. Stubblefield, J. Ioannidis and A. Rubin, Using the Fluhrer, Mantin, and Shamir attack to break WEP, Technical Report TD4ZCPZZ, ATT Labs (2001).

  37. N.H. Vaidya, Weak duplicate address detection in mobile ad hoc networks, in: Proceedings of the Third ACM International Symposium on Mobile Ad Hoc Networking and Computing (2002) pp. 206–216.

  38. Wireless Geographic Logging Engine, Wireless geographic logging engine (2002) http://wigle.net/gpsopen/gps/GPSDB/.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Colorado, Boulder, CO

    Marco Gruteser & Dirk Grunwald

Authors
  1. Marco Gruteser
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dirk Grunwald
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Gruteser.

Additional information

Marco Gruteser is a Ph.D. candidate in computer science, advised by Prof. Dirk Grunwald at the University of Colorado at Boulder. His research interests include location privacy, context-aware applications, and wireless networks. He received his MS in computer science from the University of Colorado at Boulder and completed a Vordiplom at the Technical University Darmstadt, Germany. During a one-year leave at the IBM T.J. Watson Research Center, he developed software infrastructure that integrates sensors to support context-aware applications in the BlueSpace smart office project. He is a student member of the ACM. Contact him at Campus Box 430, Boulder, CO 80309-0430;.

Dirk Grunwald received his Ph.D. from the University of Illinois in 1989 and joined the University of Colorado the same year. His work addresses research and teaching in the broad area of “computer systems”, which includes computer architecture, operating systems, networks, and storage systems. His interests also include issues in pervasive computing, novel computing models, and enjoying the mountains. He is currently an Associate Professor in the Department of Computer Science and in Electrical and Computer Engineering and is also the Director of the Colorado Center for Information Storage.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gruteser, M., Grunwald, D. Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis. Mobile Netw Appl 10, 315–325 (2005). https://doi.org/10.1007/s11036-005-6425-1

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-005-6425-1

Keywords

Search

Navigation