IETF Logo Mail Archive

Re: [homenet] [Int-area] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications

Juan Carlos Zuniga <j.c.zuniga@ieee.org> Tue, 29 September 2020 20:10 UTC

Return-Path: <j.c.zuniga@ieee.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D5953A113E for <homenet@ietfa.amsl.com>; Tue, 29 Sep 2020 13:10:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.298
X-Spam-Level:
X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uF4LRVU11EP for <homenet@ietfa.amsl.com>; Tue, 29 Sep 2020 13:10:41 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C513A113B for <homenet@ietf.org>; Tue, 29 Sep 2020 13:10:41 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id k6so3944854ior.2 for <homenet@ietf.org>; Tue, 29 Sep 2020 13:10:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DxPESRM2XScl63SBNDAd48Y2HEIkWfmACREHiRAdr8M=; b=dzrfNG0C4T1Cm/iBPLZtSNZkugqRx7wll+VS3+yLB7Z9KVC0rn6JDvcchGfGcEPfL3 qCgwHm6Wc9a5rPHGp1iTkELodfvRBafa8JBHL3SFLIJ7fnv3B/21XfJJk3rhlAgvTtjY XML2u9HWNN9JXmSavHYchWdb8/kqYmHr4vIyo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DxPESRM2XScl63SBNDAd48Y2HEIkWfmACREHiRAdr8M=; b=gAPp6Xz84S2/VJQ8J5rpjWc1qDEcC2Eaq4iJAPniVGA4BiAmK8GldehkM1Q+hwRgxG zh0m85htcTyZQXXRVmFYImm08cTePFqRX0m3cGCcbYNu2RfFYuiFzPvbifn2vXqxmgB1 0fKeJbkUgkPXkVnpeFUDeGVTcgeZ1kUFVJ3RLd/E6ao2Zz4gav+sSml4ri5fgi72vIjd bzwr81KseGCwNCxiGzev7f7iEf6F4+AfRAcR0ObfidA9HXS/v0PDSJPDrjgIc5urx3Qa lf7QpIyh2wDvazC+D9thRGcLe1JmA+LRuy/hTz0bVvmafXli/mkHb6bWPkFrgZ9RA9wh ZX9g==
X-Gm-Message-State: AOAM530S5Di2DfgvbMJAbZDPr7mBYO4CssLcIZL5OHrt08tMau3ZgpMZ LZVESQkvmQqfXLOBhe4XHsgOWgJCD72EyG6lDrHRaw==
X-Google-Smtp-Source: ABdhPJyfrD3+O/bBtnjcbqN/pFp3IRDGBIFptMBkF0kufv8Z18MdG/nodATorDpB85zr1+AYsBo8ybtPf48Ht7z+VPg=
X-Received: by 2002:a5e:8c0c:: with SMTP id n12mr3782440ioj.147.1601410240274; Tue, 29 Sep 2020 13:10:40 -0700 (PDT)
MIME-Version: 1.0
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost> <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com>
In-Reply-To: <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com>
From: Juan Carlos Zuniga <j.c.zuniga@ieee.org>
Date: Tue, 29 Sep 2020 16:10:28 -0400
Message-ID: <CAHLBt83U67qntQN8gx5Kez8oLBBfZN281qBBTMTDae+E+gETfw@mail.gmail.com>
To: Peter Yee <peter@akayla.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org
Content-Type: multipart/alternative; boundary="00000000000083256905b0796086"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/i_W13MyZ9q0nO7nShtBctxPSUjM>
Subject: Re: [homenet] [Int-area] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 20:10:43 -0000

Indeed, this is a continuation of the work started at IEEE 802 back in 2014
after the STRINT Workshop pre-IETF 89 [1] [2].



So far IEEE 802 has developed the (soon to be published) 802E Privacy
Recommendations [3], the recommended use of MAC address randomization in
802c [4], and now the work in 802.11 that Peter points out.



We carried out the experiment on the IETF (x2) and IEEE 802 Wi-Fi meeting
networks and we published some results at the time [5]. Even though we
found some very minor impact on DHCP, the experiment showed that MAC
address randomization worked fine. However, as we pointed out the Privacy
issues should not stop at L3.



If there is a good take away from that work, it is that Privacy cannot be
solved at a single layer, and effective solutions should be system-wide.



Juan Carlos





[1]
https://mentor.ieee.org/802-ec/dcn/14/ec-14-0043-01-00EC-internet-privacy-tutorial.pdf


[2] http://www.ieee802.org/PrivRecsg/

[3] https://1.ieee802.org/security/802e/

[4] https://ieeexplore.ieee.org/document/8016709

[5] https://ieeexplore.ieee.org/abstract/document/7390443/  pre-print:
https://www.it.uc3m.es/cjbc/papers/pdf/2015_bernardos_cscn_privacy.pdf

On Tue, Sep 29, 2020 at 3:40 PM Peter Yee <peter@akayla.com> wrote:

> On 29/09/2020 12:03, Stephen Farrell wrote:
>
> > More on-topic, I do think MAC address randomisation has a role to play
> for WiFi as it does for BLE, but yes there is a lack of guidance as to how
> to implement and deploy such techniques well. It's a bit tricky though as
> it's fairly OS dependent so maybe not really in scope for the IETF?
> > (For the last 3 years I've set a possible student project in this space,
> but each time a student has considered it, it turned out "too hard";-)
>
> As I mentioned previously, IEEE 802.11 is looking into this area, both
> from an operational perspective and from a privacy perspective. New IEEE
> 802.11 amendments (IEEE 802.11bh and IEEE 802.11bi, if approved) are being
> discussed. The (very) high-level documents describing each can be found at
> [1] and [2]. I would be happy to convey input to IEEE 802.11 regarding
> either document, particularly in regards to layers 3 and above. Without
> wishing to open up a can of worms about meeting fees, I will note that IEEE
> 802.11 is currently not charging for its online meetings, so if anyone
> wishes to take part in the random MAC address discussions directly, the
> next meeting will be held in early November. The RCM Study Group met
> yesterday morning (Americas) and will meet again in two weeks. See [3].
>
>                 -Peter
>
> [1]
> https://mentor.ieee.org/802.11/dcn/20/11-20-0742-04-0rcm-proposed-par-draft.docx
> [2]
> https://mentor.ieee.org/802.11/dcn/20/11-20-0854-06-0rcm-par-proposal-for-privacy.pdf
> [3]
> https://mentor.ieee.org/802.11/dcn/20/11-20-0995-10-0rcm-rcm-sg-agenda.pptx
>
>
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email