Abstract
Mobile computer users often have a false sense of anonymity when they connect to the Internet at cafes, hotels, airports or other public places. In this paper, we analyze information leaked by mobile computers to the local access link when they are outside their home domain. While most application data can be encrypted, there is no similar protection for signaling messages in the lower layers of the protocol stack. We found that all layers of the protocol stack leak various plaintext identifiers of the user, the computer and their affiliations to the local link, which a casual attacker can observe. This violates the user’s sense of privacy and may make the user or computer vulnerable to further attacks. It is, however, not possible to disable the offending protocols because many of them are critical to the mobile user experience. We argue that the most promising solutions to the information leaks are to filter outbound data, in particular name resolution requests, and to disable unnecessary service discovery depending on the network location. This is because most information leaks result from failed attempts by roaming computers to connect to services that are not available in the current access network.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Akritidis, P., Chin, W.Y., Lam, V.T., Sidiroglou, S., Anagnostakis, K.G.: Proximity breeds danger: Emerging threats in metro-area wireless networks. In: Proceedings of 16th USENIX Security Symposium, Boston, MA, USA, August 2007. USENIX Association (2007)
Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Communications of the ACM 18(6), 333–340 (1975)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Research Report RZ 3485, IBM (March 2003)
Aura, T., Kuhn, T.A., Roe, M.: Scanning electronic documents for personally identifiable information. In: Proceedings of 5th ACM Workshop on Privacy in the Electronic Society (WPES 2006), Alexandria, VA, USA, October 2006. ACM Press, New York (2006)
Aura, T., Roe, M., Murdoch, S.J.: Securing network location awareness with authenticated DHCP. In: Proceedings of 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 2007. IEEE Press, Los Alamitos (2007)
Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2(1), 46–55 (2003)
Broido, A., Shang, H., Fomenkov, M., Hyun, Y., Claffy, K.: The Windows of private DNS updates. Computer Communication Review (ACM SIGCOMM) 36(3), 93–98 (2006)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Cheshire, S., Krochmal, M.: Multicast DNS. Internet-Draft draft-cheshire-dnsext-multicastdns-06, IETF, Expired (August 2006)
Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of 13th Usenix Security Symposium, San Diego, CA, USA, August 2004, pp. 321–336. USENIX (2004)
Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)
Cranor, L.F.: Web Privacy with P3P. O’Reilly, Sebastopol (2002)
Cuellar, J.R., Morris Jr., J.B., Mulligan, D.K., Peterson, J., Polk, J.M.: Geopriv requirements. RFC 3693, IETF (February 2004)
Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA. USENIX Association ( August 2004)
Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J.V., Sicker, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: Vancouver, B.C. (ed.) 15th Proceedings of USENIX Security Symposium, Canada, July 2006, pp. 167–178. USENIX Association (2006)
Gerdes, R., Daniels, T., Mina, M., Russell, S.: Device identification via analog signal fingerprinting: A matched filter approach. In: Proceedings of 13th Annual Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, USA, February 2006. Internet Society (2006)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, USA, April 1982, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)
Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of MobiSys 2003: The First International Conference on Mobile Systems, Applications, and Services, San Francisco, CA, USA, May 2003, pp. 31–42. USENIX Association (2003)
Gruteser, M., Grunwald, D.: Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. In: Proceedings of 1st ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (WMASH), pp. 46–55 (2003)
Guha, S., Francis, P.: Identity trail: Covert surveillance using DNS. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776. Springer, Heidelberg (2007)
Greenstein, B., Gummadi, R., Pang, J., Chen, M.Y., Kohno, T., Seshan, S., Wetherall, D.: Can Ferris Bueller still have his day off? Protecting privacy in the wireless era. In: Proceedings of 11th Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, CA, USA, May 2007. USENIX Association (2007)
Jiang, T., Wang, H.J., Hu, Y.-C.: Preserving location privacy in wireless LANs. In: Proceedings of 5th International Conference on Mobile Systems, Applications, and Services (MobiSys 2007), San Juan, Puerto Rico, USA, June 2007, pp. 246–257. ACM Press, New York (2007)
Johnson, D.B., Perkins, C.: Mobility support in IPv6. RFC 3775, IETF (June 2004)
Kohno, T., Broido, A., Claffy, K.: Remote physical device fingerprinting. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2005. IEEE Computer Society Press, Los Alamitos (2005)
Kowitz, B., Cranor, L.: Peripheral privacy notifications for wireless networks. In: Proceedings of Workshop on Privacy in Electronic Society (WPES 2005), Alexandria, VA, USA, November 2005, pp. 90–96. ACM Press, New York (2005)
Lawton, G.: Instant messaging puts on a business suit. Computer 36(3), 14–16 (2003)
Lindqvist, J., Takkinen, L.: Privacy management for secure mobility. In: Proceedings of Workshop on Privacy in Electronic Society (WPES 2006), Alexandria, VA, USA, October 2006, pp. 63–66. ACM Press, New York (2006)
Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol — Version 2. Internet-Draft draft-moeller-v2-01, IETF, Expired (July 2003)
Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, November 2006, pp. 27–36. ACM Press, New York (2006)
Narten, T., Draves, R.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 3041, IETF (January 2001)
Pang, J., Greenstein, B., McCoy, D., Seshan, S., Wetherall, D.: Tryst: The case for confidential service discovery. In: Proceedings of the 6th Workshop on Hot Topics in Networks (HotNets-VI), Atlanta, CA, USA, November 2007. ACM Press, New York (2007)
Pang, J., Greenstein, B., Gummadi, R., Seshan, S., Wetherall, D.: 802.11 user fingerprinting. In: Proceedings of 13th Annual International Conference on Mobile Computing and Networking (MobiCom 2007), Montreal, QC, Canada, September 2007. ACM Press, New York (2007)
Peterson, J.: A privacy mechanism for the session initiation protocol (SIP). RFC 3323, IETF (November 2002)
Piper, D., Swander, B.: A GSS-API authentication method for IKE. Internet-Draft draft-ietf-ipsec-isakmp-gss-auth-07, IETF, Expired (July 2001)
Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Saponas, T.S., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: Proceedings of 16th USENIX Security Symposium, Boston, MA, USA, August 2007. USENIX Association (2007)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)
Simon, D., Aboba, B., Hurst, R.: The EAP-TLS authentication protocol. RFC 5216, IETF (March 2008)
Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: Proc. 1997 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1997, pp. 44–54. IEEE Computer Society Press, Los Alamitos (1997)
Sweeney, L.: k-Anonymity: a model for protecting privacy. International Journal on Uncertainty. Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)
Thomson, S., Narten, T.: IPv6 stateless address autoconfiguration. RFC 2462, IETF (December 1998)
Yumerefendi, A.R., Mickle, B., Cox, L.P.: TightLip: Keeping applications from spilling the beans. In: Proceedings of 4th USENIX Symposium on Networked Systems Design & Implementation, Cambridge, MA, USA, April 2007, pp. 159–172. USENIX Association (2007)
Zhao, Q., Cheng, W.W., Yu, B., Hiroshige, S.: DOG: Efficient information flow tracing and program monitoring with dynamic binary rewriting. Technical report, MIT (2005)
Zugenmaier, A.: Anonymity for Users of Mobile Devices through Location Addressing. PhD thesis, University of Freiburg, Freiburg, Germany (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T., Lindqvist, J., Roe, M., Mohammed, A. (2008). Chattering Laptops. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-70630-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70629-8
Online ISBN: 978-3-540-70630-4
eBook Packages: Computer ScienceComputer Science (R0)