IETF Logo Mail Archive

Re: [Int-area] [homenet] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 30 September 2020 17:16 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59C0B3A0CBB; Wed, 30 Sep 2020 10:16:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMOCUJ2hlKIv; Wed, 30 Sep 2020 10:16:40 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 603003A0C1D; Wed, 30 Sep 2020 10:16:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id F27A9389EA; Wed, 30 Sep 2020 13:21:35 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id n4Bn8OgiqppP; Wed, 30 Sep 2020 13:21:31 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4E166389E9; Wed, 30 Sep 2020 13:21:31 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 133161D5; Wed, 30 Sep 2020 13:16:34 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "int-area@ietf.org" <int-area@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>
In-Reply-To: <a7dcba9b-f74f-0672-76bf-43281e1bc6d5@cs.tcd.ie>
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost> <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> <a7dcba9b-f74f-0672-76bf-43281e1bc6d5@cs.tcd.ie>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 30 Sep 2020 13:16:34 -0400
Message-ID: <7974.1601486194@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/pE_qvgk6CU38E_Kjy4CF576kWxg>
Subject: Re: [Int-area] [homenet] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 17:16:49 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
    >> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
    >>
    >> > On 29/09/2020 19:41, Michael Richardson wrote: >> It will be good if
    >> we can get a document from the MAC randomization >> proponents (if
    >> there is such a group), to explain the thread profile.  >> I don't
    >> think it includes active compromised hosts.
    >>
    >> > That is a problem yes. I no longer think "compromised host" is the >
    >> correct term there though. In the case of android, we found google
    >> play > services regularly calls home linking all these identifiers and
    >> more > (phone#, sim serial, imei...) [1] for Google's own uses. I'd be
    >> very
    >>
    >> I feel that you have confounded two things, and I don't think it's
    >> helpful.  I won't dispute your observatrions about surveillance
    >> capitalism, but I feel that you've sensationalized what I thought was
    >> a pretty specific technical point. Namely: You can't see into the L3
    >> layer of WIFI, even when there are ARP broadcasts, unless your are
    >> also part of that L2 network.

    > I disagree about sensationalising, obviously;-)

    > The point is that we tended to think of a compromised host as one that
    > had been subject to a successful attack often run by an unknown
    > party. For mobile phones, the privacy adversary seems more often to be
    > an entity that the phone user has accepted one way or another, whether
    > that be the OS or handset vendor or whoever wrote that cute spirit-
    > level app.

My take home from your work is that MAC address randomization is a useless
waste of time.  It causes significant costs to the network operator(s) without
actually providing any benefit to the mobile phone owner, because the
adversary is inside the device, invited in by the owner.
In such a situation, MAC randomization feels like security theatre to me.

[I'm reminded of various systems of magic in fiction, where you are safe as long
as you don't unwittingly invite the bad guys in]

You have defined the security perimeter as being from "top" of the phone.
(Between the screen and the human)

I have defined the security perimeter as being the "bottom" of the phone
(between the phone and the Internet).

I think that we can do more here, and I think that the cost to the operator
(moving from unencrypted, MAC-address excepted networks, to encrypted 802.1X
authenticated networks with provisioned identities) with some correspondant
benefits to the operator as well as the end user.

    > PS: to be clear - the above's not really anti-google - we've seen
    > similar looking traffic from handset vendors' pre-installed s/w too.

Agreed.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email