Skip to main content
SpringerLink
Log in

Chattering Laptops

  • Conference paper
Privacy Enhancing Technologies (PETS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5134))

Included in the following conference series:

Abstract

Mobile computer users often have a false sense of anonymity when they connect to the Internet at cafes, hotels, airports or other public places. In this paper, we analyze information leaked by mobile computers to the local access link when they are outside their home domain. While most application data can be encrypted, there is no similar protection for signaling messages in the lower layers of the protocol stack. We found that all layers of the protocol stack leak various plaintext identifiers of the user, the computer and their affiliations to the local link, which a casual attacker can observe. This violates the user’s sense of privacy and may make the user or computer vulnerable to further attacks. It is, however, not possible to disable the offending protocols because many of them are critical to the mobile user experience. We argue that the most promising solutions to the information leaks are to filter outbound data, in particular name resolution requests, and to disable unnecessary service discovery depending on the network location. This is because most information leaks result from failed attempts by roaming computers to connect to services that are not available in the current access network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akritidis, P., Chin, W.Y., Lam, V.T., Sidiroglou, S., Anagnostakis, K.G.: Proximity breeds danger: Emerging threats in metro-area wireless networks. In: Proceedings of 16th USENIX Security Symposium, Boston, MA, USA, August 2007. USENIX Association (2007)

    Google Scholar 

  2. Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Communications of the ACM 18(6), 333–340 (1975)

    Article  MATH  MathSciNet  Google Scholar 

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Research Report RZ 3485, IBM (March 2003)

    Google Scholar 

  4. Aura, T., Kuhn, T.A., Roe, M.: Scanning electronic documents for personally identifiable information. In: Proceedings of 5th ACM Workshop on Privacy in the Electronic Society (WPES 2006), Alexandria, VA, USA, October 2006. ACM Press, New York (2006)

    Google Scholar 

  5. Aura, T., Roe, M., Murdoch, S.J.: Securing network location awareness with authenticated DHCP. In: Proceedings of 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 2007. IEEE Press, Los Alamitos (2007)

    Google Scholar 

  6. Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2(1), 46–55 (2003)

    Article  Google Scholar 

  7. Broido, A., Shang, H., Fomenkov, M., Hyun, Y., Claffy, K.: The Windows of private DNS updates. Computer Communication Review (ACM SIGCOMM) 36(3), 93–98 (2006)

    Article  Google Scholar 

  8. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  9. Cheshire, S., Krochmal, M.: Multicast DNS. Internet-Draft draft-cheshire-dnsext-multicastdns-06, IETF, Expired (August 2006)

    Google Scholar 

  10. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of 13th Usenix Security Symposium, San Diego, CA, USA, August 2004, pp. 321–336. USENIX (2004)

    Google Scholar 

  11. Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Cranor, L.F.: Web Privacy with P3P. O’Reilly, Sebastopol (2002)

    Google Scholar 

  13. Cuellar, J.R., Morris Jr., J.B., Mulligan, D.K., Peterson, J., Polk, J.M.: Geopriv requirements. RFC 3693, IETF (February 2004)

    Google Scholar 

  14. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA. USENIX Association ( August 2004)

    Google Scholar 

  16. Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J.V., Sicker, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: Vancouver, B.C. (ed.) 15th Proceedings of USENIX Security Symposium, Canada, July 2006, pp. 167–178. USENIX Association (2006)

    Google Scholar 

  17. Gerdes, R., Daniels, T., Mina, M., Russell, S.: Device identification via analog signal fingerprinting: A matched filter approach. In: Proceedings of 13th Annual Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, USA, February 2006. Internet Society (2006)

    Google Scholar 

  18. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, USA, April 1982, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)

    Google Scholar 

  19. Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of MobiSys 2003: The First International Conference on Mobile Systems, Applications, and Services, San Francisco, CA, USA, May 2003, pp. 31–42. USENIX Association (2003)

    Google Scholar 

  20. Gruteser, M., Grunwald, D.: Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. In: Proceedings of 1st ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (WMASH), pp. 46–55 (2003)

    Google Scholar 

  21. Guha, S., Francis, P.: Identity trail: Covert surveillance using DNS. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  22. Greenstein, B., Gummadi, R., Pang, J., Chen, M.Y., Kohno, T., Seshan, S., Wetherall, D.: Can Ferris Bueller still have his day off? Protecting privacy in the wireless era. In: Proceedings of 11th Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, CA, USA, May 2007. USENIX Association (2007)

    Google Scholar 

  23. Jiang, T., Wang, H.J., Hu, Y.-C.: Preserving location privacy in wireless LANs. In: Proceedings of 5th International Conference on Mobile Systems, Applications, and Services (MobiSys 2007), San Juan, Puerto Rico, USA, June 2007, pp. 246–257. ACM Press, New York (2007)

    Chapter  Google Scholar 

  24. Johnson, D.B., Perkins, C.: Mobility support in IPv6. RFC 3775, IETF (June 2004)

    Google Scholar 

  25. Kohno, T., Broido, A., Claffy, K.: Remote physical device fingerprinting. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2005. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  26. Kowitz, B., Cranor, L.: Peripheral privacy notifications for wireless networks. In: Proceedings of Workshop on Privacy in Electronic Society (WPES 2005), Alexandria, VA, USA, November 2005, pp. 90–96. ACM Press, New York (2005)

    Chapter  Google Scholar 

  27. Lawton, G.: Instant messaging puts on a business suit. Computer 36(3), 14–16 (2003)

    Article  Google Scholar 

  28. Lindqvist, J., Takkinen, L.: Privacy management for secure mobility. In: Proceedings of Workshop on Privacy in Electronic Society (WPES 2006), Alexandria, VA, USA, October 2006, pp. 63–66. ACM Press, New York (2006)

    Chapter  Google Scholar 

  29. Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol — Version 2. Internet-Draft draft-moeller-v2-01, IETF, Expired (July 2003)

    Google Scholar 

  30. Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, November 2006, pp. 27–36. ACM Press, New York (2006)

    Chapter  Google Scholar 

  31. Narten, T., Draves, R.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 3041, IETF (January 2001)

    Google Scholar 

  32. Pang, J., Greenstein, B., McCoy, D., Seshan, S., Wetherall, D.: Tryst: The case for confidential service discovery. In: Proceedings of the 6th Workshop on Hot Topics in Networks (HotNets-VI), Atlanta, CA, USA, November 2007. ACM Press, New York (2007)

    Google Scholar 

  33. Pang, J., Greenstein, B., Gummadi, R., Seshan, S., Wetherall, D.: 802.11 user fingerprinting. In: Proceedings of 13th Annual International Conference on Mobile Computing and Networking (MobiCom 2007), Montreal, QC, Canada, September 2007. ACM Press, New York (2007)

    Google Scholar 

  34. Peterson, J.: A privacy mechanism for the session initiation protocol (SIP). RFC 3323, IETF (November 2002)

    Google Scholar 

  35. Piper, D., Swander, B.: A GSS-API authentication method for IKE. Internet-Draft draft-ietf-ipsec-isakmp-gss-auth-07, IETF, Expired (July 2001)

    Google Scholar 

  36. Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)

    Article  Google Scholar 

  37. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  38. Saponas, T.S., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: Proceedings of 16th USENIX Security Symposium, Boston, MA, USA, August 2007. USENIX Association (2007)

    Google Scholar 

  39. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  40. Simon, D., Aboba, B., Hurst, R.: The EAP-TLS authentication protocol. RFC 5216, IETF (March 2008)

    Google Scholar 

  41. Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: Proc. 1997 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1997, pp. 44–54. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  42. Sweeney, L.: k-Anonymity: a model for protecting privacy. International Journal on Uncertainty. Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  43. Thomson, S., Narten, T.: IPv6 stateless address autoconfiguration. RFC 2462, IETF (December 1998)

    Google Scholar 

  44. Yumerefendi, A.R., Mickle, B., Cox, L.P.: TightLip: Keeping applications from spilling the beans. In: Proceedings of 4th USENIX Symposium on Networked Systems Design & Implementation, Cambridge, MA, USA, April 2007, pp. 159–172. USENIX Association (2007)

    Google Scholar 

  45. Zhao, Q., Cheng, W.W., Yu, B., Hiroshige, S.: DOG: Efficient information flow tracing and program monitoring with dynamic binary rewriting. Technical report, MIT (2005)

    Google Scholar 

  46. Zugenmaier, A.: Anonymity for Users of Mobile Devices through Location Addressing. PhD thesis, University of Freiburg, Freiburg, Germany (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, Cambridge, UK

    Tuomas Aura & Michael Roe

  2. Helsinki University of Technology, Finland

    Janne Lindqvist

  3. Royal Holloway, University of London, UK

    Anish Mohammed

Authors
  1. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Janne Lindqvist
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Roe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anish Mohammed
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Nikita Borisov Ian Goldberg

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aura, T., Lindqvist, J., Roe, M., Mohammed, A. (2008). Chattering Laptops. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-70630-4_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-70629-8

  • Online ISBN: 978-3-540-70630-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation