Privacy issues in emerging tracking systems Mathieu Cunche INSA-Lyon/CITI Lab., INRIA-Privatics
September 10, 2013
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
1 / 21
Figure: Picture taken at Marne La Vall´ee - France.
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
2 / 21
Tracking systems
Features of a tracking system Count individuals Record movements Identify personal characteristics (age, sex, ...)
Existing technologies Video ”protection” (a.k.a. CCTV) Costly infrastructure, computationally intensive processing, not 100% reliable
Dedicated tracking device (GPS tracker, stalking apps, ...) Require cooperating individuals, accuracy depend on geoloc technology
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
3 / 21
Wi-Fi tracking I
Track individuals via their smartphone Smartphones equipped with Wi-Fi can be detected [ME12, BBQL13] Even if not connected to a network or idle
Totally passive and seamless Do not require cooperation nor app Impossible to detect
Estimated coverage: between 30% and 70% of population1 1
Euclid Technology
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
4 / 21
Chatty WiFi devices
Periodical WiFi probing Probe Request Frame: Is there any WiFi AP around ? Probing period < 1 minute
A perfect unique identifier: MAC address Present in each frame emitted by a device Uniquely allocated to a device Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
5 / 21
Wi-Fi tracking systems I
2
Sensor nodes collect signals emitted by Wi-Fi enabled devices Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
6 / 21
Wi-Fi tracking systems II
Collected information sent to a central server 2
Navizon
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
7 / 21
Real world applications I Wi-Fi tracking system already deployed
... and collecting huge amounts of data Euclid claims to have collected data of over 50 millions individuals in only few months ...
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
8 / 21
Real world applications II Road monitoring
Wi-Fi sensor deployed along the road Measure traffic density Detect traffic jam Estimate point-to-point travel time
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
9 / 21
Real world applications III Retail store monitoring
3
Track visitors of a retail store or shopping center Physical analytic: Web-analytics for the physical world Table: Analogy between Physical and Web analytics Website
Shopping center
Nb visitors Nb Page View First Visit Page View Duration Click Path
Nb customers Nb Shop visit First visit Shop visit duration Visit path
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
10 / 21
Real world applications IV Physical Targeted Advertisement The example of London’s Wi-Fi recycle bins
Detect and identify passerby using Wi-Fi (4M devices over a week) Display ads targeted to passerby profile Profile also physically acquired Wi-Fi tracking system deployed in a pub Build consumer profile (frequency and length of visits and even sex !) 3
Libelium
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
11 / 21
Privacy concerns
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
12 / 21
Privacy Concerns : MAC address I ” The MAC address does not disclose the device owner’s real-world identity nor does it contain any personal information.” - Euclid Technology ”The anonymous nature of this technique is due to the use of MAC addresses as identifiers. MAC addresses are not associated with any specific user account or mobile phone number not even to any specific vehicle.” - Libelium
MAC address : not a personal information ? A unique identifier Commonly harvested Mobile apps & profiling companies (see Mobilitics pres.)
Easy to get the MAC@ of an individual [Cun13]
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
13 / 21
Privacy Concerns : MAC address II
OK. MAC@ IS a private information. Let’s take some measures. Anonymize the MAC using a Hash function Store H(MAC @) instead of MAC@ Hash function hard/impossible to reverse
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
14 / 21
Privacy Concerns : MAC address III
Deanonimizing Hashed MAC@4 248 possible values: small enough for bruteforce Full space can be searched in 25 hours of computation
Smart deanonimization
Only 0.1% of MAC@ ranges are allocated Smartphones Wi-Fi interfaces represent an even smaller subset Most Hashed MAC@ can be reversed in seconds [Lev13]
Hash based anonymization of MAC@ is a joke ! 4
Master Internship - Levent Demir
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
15 / 21
Escaping the tracking
5
How to avoid being Wi-Fi tracked Use the Opt-Out mechanism provided by tracking companies Privacy-preserving protocols [LAD+ 09] Used disposable MAC adresses [Gru03] Geolocation-assisted service discovery [CKB13] Turn off Wi-Fi interface 5
The “phonekerchief”, a Faraday cage for smartphones.
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
16 / 21
Future of Wi-Fi tracking
What will be the next steps ?
Link physical identity (MAC@) with online profile and real identity
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
17 / 21
Research challenges
Practical solutions to prevent tracking Geofence-like mobile application Protocol and operating system update
Include PETs in Wi-Fi tracking Efficient anonymization Differential privacy
Study potential privacy breaches Infer even more information Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
18 / 21
Other applications
Surveillance & Spying Hacker have build Wi-Fi tracking systems [DG12, O’C13] Other have probably joined the party Intelligence professional and governemental organizations
A large scale tracking system Free/SFR/Orange = 20 millions boxes Wi-Fi enabled and connected to the Internet Covering populated areas
Smartphones as Wi-Fi sensors ... Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
19 / 21
Bibliography I Bram Bonne, Arno Barzan, Peter Quax, and Wim Lamotte. Wifipi: Involuntary tracking of visitors at mass events. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2013 IEEE 14th International Symposium and Workshops on a, pages 1–6, 2013. Mathieu Cunche, Mohamed-Ali Kaafar, and Roksana Boreli. Linking wireless devices using information contained in Wi-Fi probe requests. Pervasive and Mobile Computing, (0):–, 2013. Mathieu Cunche. I know your mac address: Targeted tracking of individual using wi-fi. In GreHack, 2013. Cuthbert Daniel and Wilkinson Glenn. Snoopy: Distributed tracking and profiling framework. In 44Con 2012, 2012. Marco Gruteser. Enhancing location privacy in wireless lan through disposable interface identifiers: a quantitative analysis. pages 46–55. ACM Press, 2003. Janne Lindqvist, Tuomas Aura, George Danezis, Teemu Koponen, Annu Myllyniemi, Jussi M¨ aki, and Michael Roe. Privacy-preserving 802.11 access-point discovery. In Proceedings of the second ACM conference on Wireless network security, WiSec ’09, pages 123–130, New York, NY, USA, 2009. ACM. Demir Levent. Wi-fi tracking : what about privacy ? Internship report, Grenoble University, 2013.
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
20 / 21
Bibliography II
A. B. M. Musa and Jakob Eriksson. Tracking unmodified smartphones using wi-fi monitors. In Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems, SenSys ’12, pages 281–294, New York, NY, USA, 2012. ACM. Brendan O’Connor. CreepyDOL: Cheap, Distributed Stalking. In BlackHat, 2013.
Mathieu Cunche (INRIA-Privatics)
Privacy & tracking systems
September 10, 2013
21 / 21