Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
> While a STA is Probing, does it really matter if a duplicate address is used?
I would have a slight concern that the probee might update some record
of the prober's capabilities (from the probe), which might in turn cause
problems if there is another device with the same address (but different
capabilities) associated with the probee.
Mark
--
Mark RISON, Standards Architect, WLAN English/Esperanto/Français
Samsung Cambridge Solution Centre Tel: +44 1223 434600
Innovation Park, Cambridge CB4 0DS Fax: +44 1223 434601
ROYAUME UNI WWW: http://www.samsung.com/uk
> -----Original Message-----
> From: Andrew Myles (amyles) [mailto:amyles@xxxxxxxxx]
> Sent: 6 November 2014 23:13
> To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
> Subject: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
>
> G'day all
>
> Just another thought ...
>
> While a STA is Probing, does it really matter if a duplicate address is used? I suspect
> that either the duplicate address will not cause any problems, or any issues can be
> mitigated.
>
> I suspect the same is true for a STA using GAS, but I have not considered this case in
> detail.
>
> Andrew
>
>
>
>
>
> -----Original Message-----
> From: Christian Huitema [mailto:huitema@xxxxxxxxxxxxx]
> Sent: Friday, 7 November 2014 6:04 AM
> To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
> Subject: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
>
> > Every participating device has a MAC entity Identity consisting of the public key of a
> ECDH keypair. A hash of this key into a 128 bit value is the MAC entity Identifier, much
> like the HIT in HIP. A hash with a nonce will be used to create the actual MACaddr used
> by the device. For privacy purposes, the ECDH keypair are ephemeral, a device can
> precompute a number of these and have them ready to use at will. For collision avoidance
> a device must be ready to use a different Identity or nonce to present a different MACaddr.
>
> Curious how that meshes with 802.1x/EAP, or with WPA2. Did you research that?
>
> > At linkup time, a device will listen for these broadcasts, use the public key therein
> along with its Identity key and a nonce to construct a shared secret. This secret will be
> used to MIC a packet to the mediator that will contain the devices: MACaddr, Nonce,
> Identifier, and Identity. If this is a new MACaddr for the mediator it would reply with
> an ACCEPT MICed message. If there is a collision, it will REJECT, causing the device to
> select a new MACaddr and try again.
>
> What if there is no link-up time, as in for example Wi-Fi probes? When scanning for
> available networks, Wi-Fi devices send probe packets to elicit responses from any access
> point that would be present. These packets are sent infrequently, maybe every few minutes,
> while the device is not connected to any network and is in fact moving between networks.
> Uniqueness in one of these networks is not a guarantee of uniqueness in the next one.
>
> This scanning traffic is a well known target of tracking systems. Protecting it is a high
> priority. That's the first application of randomized MAC addresses. And for that
> application, the simplest solution is statistical uniqueness through large enough random
> numbers.
>
> -- Christian Huitema