Crowded

The Problem

Today's Wi-Fi technology broadcasts the unique MAC address of devices in plaintext. These addresses are globally unique and static. This allows for constant tracking of devices which have a Wi-Fi interface enabled. Given devices such as cell phones use Wi-Fi and are usually unique to a person, tracking a MAC address can be roughly equivalent to tracking an individual. Commercial tracking technologies already exist that take advantage of this fact. These technologies are commonly used in shopping centers and event centers for tracking of patrons. The data is often used to detect the occupancy of an area and to track foot traffic patterns. This data is also often sold to advertisers for personalized advertising, allowing companies to target you based on your offline behaviours. This tracking is not limited to expensive commercial systems either. Tracking can be easily done with inexpensive Wi-Fi devices, such as Raspberry-Pi Zero W's for ~$20 each. This poses many privacy concerns for Wi-Fi users, as anyone could setup a network of these devices with relative ease.

Approach

Every Wi-Fi device has a generally unique MAC address that it uses to communicate with other Wi-Fi devices. These MAC addresses are static and transmitted in plaintext. When a device transmits data, this MAC address is visible to anyone in range of the Wi-Fi device. Since the addresses are unique and static, they can be used to track people’s devices. It is even relatively easy to associate a MAC address with an individual. MAC addresses can be used to track movements of devices, and with devices such as cellphones, this can essentially mean tracking individuals.

Our approach is to investigate different dynamic MAC addressing methods. The idea is that with an appropriate dynamic MAC address protocol, long term tracking will not be possible. This will make it impossible to do tracking that would be sold to advertisers. We still wish to allow for localized short term tracking for occupancy levels and short path tracking. These functions are very useful for a number of reasons, and can be done in a privacy conscious manner.

Additionally, we want to demonstrate a proof of concept of a simple array of Raspberry Pi devices that can be used for tracking. We want to demonstrate the ease at which this tracking can be done with three devices. We also want to demonstrate a concept of how tracking can be done in a privacy conscious manner with the current static MAC addressing. These tasks will be done using Kali Linux on Raspberry Pi Zero W devices. In the privacy conscious model, we will have processing be done between the devices locally so only a minimal amount of data is sent to a server. No personally identifiable information, especially MAC addresses, would be logged in any way.

Raspberry Pi Zero W

We chose the Raspberry Pi Zero W, because of the following reasons:

The small form factor, as ideally we would want to install these in public areas so it is best if they are small as possible.
It is relatively cheap whilst still having all the needed functionality
It is considered to be a reputable product, and is very well tested
Has lots of documentation, making it easy to learn how to use
The makers provide support to customers

Project Report

Report

Additional Work

Investigate the Dynamic MAC address patent
Develop a semi-working prototype of a tracking system
Test prototype in a simulation environment

Demonstrate the ease in which tracking can be done with inexpensive devices

Schedule

~~January 31st~~ ~~- Hand in proposal~~

~~February 14th~~ ~~- Outline~~

~~February 28th~~ ~~- More research~~

~~March 13th~~ ~~- Develop prototype~~

~~March 20th~~ ~~- Final test o~~f ~~prototype (quality assurance check)~~

~~March 27th~~ ~~- Final Presentation~~

~~April 6th~~ ~~- Project Report~~

References and Related Work

Wottrich VM, Reijmersdal EA, Smit EG. App Users Unwittingly in the Spotlight: A Model of Privacy Protection in Mobile Apps. Journal of Consumer Affairs. 2019;53(3):1056-1083. doi:10.1111/joca.12218.
M. Cunche, "I know your MAC address: targeted tracking of individual using Wi-Fi," Journal of Computer Virology and Hacking Techniques, vol. 10, no. 4, pp. 219-227, 2014.
M. S. Jalali, J. P. Kaiser, M. Siegel and S. Madnick, "The Internet of Things Promises New Benefits and Risks: A Systematic Analysis of Adoption Dynamics of IoT Products," in IEEE Security & Privacy, vol. 17, no. 2, pp. 39-48, March-April 2019. doi: 10.1109/MSEC.2018.2888780
http://iot-inspector.princeton.edu (Similar Project)

Authors:

Braiden Cutforth
Chris Norton
Louis Kedziora