abra9823 at mail.usyd.edu.au
Tue Sep 21 09:13:01 CEST 2004
i am going to try and answer a lot of questions posed in separate emails
first of all a more detailed scenario.
considers a ubiquitous/pervasive computing scenario. People walk around
with PDA's which contains information on their activities, preferences
etc. this information can be used to provide personalized services.
consider a shopping center. you have a videostore, a supermarket, perhaps a
cinema as well. there is wireless LAN present. when you walk into the
center carrying your PDA (together with lots and lots of people) you join
up the wireless LAN. the service providers (supermarket, videostore,
cinema) have systems running that periodically broadcast a message saying
what information they need from you along with the adress of the service
provider. you then release the information and this can be used to light
up a particular display bard etc. The information release which is the
information stored also does not contain anything that can uniquely
i am abstracting over quite a few issues here including format for
exchanging data, understanding data, communicating the personalized
service etc. all these are relevant but not of interest to me.
now to your questions
Quoting Andrew Dalke <adalke at mindspring.com>:
> Sure. But if someone's doing that much traffic analysis then
> other possibilities are:
> - do you have characteristic use patterns? (eg, check
> c.l.py every 5 minutes, pull email from your server)
maybe they might. but we are really looking at someone who uses the
service say a few times a day. and there will be hundreds of other users
also with varying frequencies of usage.
> - does your machine have characteristic patterns? My Mac
> and my NT boxes both like telling the network that they
> are present. Even with file services, iTunes and other
> services turned off, it would be pretty easy to identify
> my machine by looking at the headers in an HTML request.
> (Eg, look at the browser identification string, or
> see what cookies are sent and match them to previously
> seen cookies)
i have no clue, i'll need to check. again we are looking at many
users with similar devices.
> - after a new machine connects to the network, check if
> an old machine stop connecting. Even better, since
> you're talking wireless, see if the new machine has the
> same signal strength as the one one.
again, say hundreds of users doing the same thing, ie communicating
with different MAC addresses.
> - for that matter, someone trying to figure out who people
> are could use several receivers, or a directional
> antenna to figure out where you are and just watch you.
this is very much possible if the area is sparsely occupied. but if
you have lots and lots of people around, i doubt you can pinpoint to a
single person in the crowd.
> - does your machine tell the DHCP server a hostname? If so,
> don't forget to change it when you change your MAC address.
> If not, are you the only one who doesn't use a name?
next step after removing the MAC.
Quoting Jeremy Bowers <jerf at jerf.org>:
> Unless your WLAN is monstrous, they can link your ten uses together by
> looking for the wildly changing MAC address that is only used once. You
> need everybody to do that for it to be any sort of defense.
like i mentioned above, we assume that most if not all users are doing the
same thing, i.e., using wildly changing MAC addresses
> Have you done a decent threat analysis? What are you protecting? What is
> your likely attack vectors? Who cares, or rather, what kind of person
> care? I don't know any of these answers and you are free to share them
> not, as you are comfortable.
since its not a commercial application - merely a research project, no, i
haven't done a threat analysis w.r.t to the type of information exchanged.
i have however looked at all security threats in such a system and will be
applying mechanisms for authentication, confidentiality, integrity etc.
> I am curious about what information you feel you are going to leak with
> static MAC address that you are not going to leak equally with wildly
> changing ones with only slightly more effort from whatever attacker you
> are worried about. Again, it is completely your choice to answer this,
> course, but you have piqued my curiosity.
the ability of a commercial service provider to link your interactions
together and generate a profile of you - that is what i am trying to guard
against. i would like users to have the option of interacting with a
service under different pseudonyms. thus the information they exchange the
first time may be different from what they exchange a second time around.
Quoting Pierre Fortin <pfortin at pfortin.com>:
> The type of LAN is immaterial to what you are proposing. Whatever MAC
> address (excl. broad-/multi-cast) you pick, the server should only snarf
> it if you send some packets to the server (unless the server is also
> running some sniffer code). As long as you _do_ try to talk to the
> server, whichever MAC you use *will*be*known* to the server -- it's the
> only way you can get a response... if you could change just your Tx MAC
> and not your Rx MAC, the server would respond to your
> MAC address; but your machine wouldn't hear it cuz it'd be listening on
> different MAC (Rx)...
> You can't "anonymize" if you plan to have a _conversation_ with the
umm the exchange is one-way. i dont intend to have a conversation with the
thanks for all your comments and apologies to other folks on the list -
this was quite off topic.
This message was sent using IMP, the Internet Messaging Program.
More information about the Python-list