MAC Address Randomization: How User Privacy Impacts Wi-Fi And Internet Service Providers
In the era of mobility, location tracking is a major privacy concern for portable device users. Although a growing number of applications make use of location data, operating systems (OSs) provide the ability to turn off location services provided by the GPS or cellular/Wi-Fi connectivity. Wi-Fi access points, however, can monitor device locations without user consent by means of MAC addresses. As a countermeasure to this privacy threat, OS developers are anonymizing MAC addresses, thereby raising technical concerns among network operators.
Unique MAC Addresses Enable User Privacy Infringement in Wireless Networks
Every Wi-Fi radio has a unique 48-bit identifier called a MAC address that is assigned by the manufacturer. The MAC address is a Layer 2 (L2) address used to identify the source (sender) and the destination (receiver) of frames by most 802 network technologies, including Ethernet, Bluetooth and Wi-Fi.
Back in 2013, the privacy implications of targeted probe requests started to become widely publicized. Several companies were reportedly logging and tracking the addresses of nearby devices in unassociated states. In addition, during the connection to the AP, customers were not notified upfront that their movements would be tracked, and historic location data could be used for marketing purposes or sold to third parties.
MAC Address Randomization Increases Device Anonymity …
In response to these privacy vulnerabilities, most OSs—including Android, iOS, and Windows—began to implement their own variant of MAC address randomization while probing the Wi-Fi network. This probe mode guarantees anonymity until the client gets associated with an AP. IEEE 802.11 also stepped up to specify a similar feature in the IEEE 802.11aq Pre-Association Service Discovery amendment to the 802.11-2016 standard.
More recently, OSs have started to implement the use of MAC address randomization for device association to the network. The address is kept consistent per network (i.e., Service Set Identifier [SSID]), so the user doesn’t have to authenticate each time it connects to the same SSID. This feature was added to Android P for experimental purposes, whereas Android Q randomizes the MAC address by default, with per-network customization. Windows 10 implements a similar scheme, while iOS 12 supports the probe mode only.
… But Raises Concerns Over Networking Equipment and Services
Although MAC address randomization is evidently a major step toward user privacy, it can have a wide range of repercussions impacting the Wi-Fi network and other related services. The concerns can be classified into two major categories depending on how/where the MAC address is used, the L2 network layer or the system layer.
At Layer 2, MAC address randomization can impact network components: One client may be reported multiple times, and networking equipment might be filled up with outdated MAC addresses. Changing MAC address can also negate the effectiveness of some wireless features. For example, band steering and client steering that optimize client connectivity in a multiple AP environment depend on a unique MAC address for probes and association. To address these concerns, IEEE 802.11 recently formed a Random and Changing MAC Addresses (RCMA) group that is assessing the impact of changing MAC addresses on 802.11 features, for both associated and unassociated device states.
Because the MAC address is a Layer 2 identifier, its usage was not intended for beyond L2 networking. In a recent Liaison Statement to the Wireless Broadband Alliance, the IEEE 802.11 working group “strongly recommends against using any specific MAC address as an identifier for a user or device, outside the scope of the layer 2 communication.” However, due to its ubiquity and, so far, expected uniqueness, the MAC address is widely used for various purposes, such as security, access control and billing. The following are examples of such uses:
- MAC-based access often admits or denies wireless association based on the connecting device’s MAC addresses. This includes authentication methods using the MAC address in lieu of a username and password, Pay Per Use (PPU) passes and short-term complimentary services.
- Some accounting and billing systems use the MAC address as a unique device identifier.
- MAC address filtering is often used to add an extra layer of protection on the network (white/blacklist) and enforce policies such as parental control.
- Monitoring, troubleshooting and analytics of Wi-Fi deployments, including help desks, often rely on MAC addresses as part of the client identity.
- Lawful interception makes use of MAC addresses.
Although no recent public data are available, the use of randomization is expected to increase in the near future as more OSs implement it. The definition of a universal randomization policy would support user privacy while ensuring that Wi-Fi and Internet service providers can take proactive measures to update applications and upgrade networking equipment. This requires the involvement of all stakeholders, including standards bodies, hardware/software manufacturers, service providers and OS developers.
CableLabs is currently addressing this topic in the wireless R&D group. Please contact me if you’re interested in getting involved. To learn more about our work in standards and industry consortia, see our members-only (login required) wireless space.
Wireless RF Spectrum Scarcity, What About Light Wave?
The scarcity of unlicensed RF spectrum is a never-ending subject in the wireless industry. The 2.4 and 5 GHz bands, once considered profuse, are now overcrowded and regulators such as the FCC are planning to release 1.2 GHz of bandwidth in the 6 GHz band. Over the last decade, this has fueled a growing interest in Light Communication (LC) technologies that offer the potential of THz of unlicensed spectrum including visible light, near-infrared and near-UV. Standard LEDs are now providing illumination while transmitting data at a high rate, and laser diodes (LDs) can reach ~100 Gbps in point to point communications. The recent introduction of products on the market for internet access and wireless backhauling show that the technology is becoming a reality.
What Is Light Communication?
In light communications, the signal is transmitted by an emitting diode (LED/LD) using Intensity Modulation, where the brightness of the light is modulated at a high frequency, imperceptible to the human eye. At the receiver, a photodiode or a camera image sensor converts the received optical power to an electrical signal using Direct Detection. Dimming is possible but often impacts the performance of the system. Rates of Multi-Gbps have been demonstrated with standard phosphor-coated LEDs (1 Gbps) or RGB LEDs (3 Gbps), using advanced modulation technics such as OFDM. Laser Diodes achieves higher data rate over much longer distances but are not always practical in consumer application due to potential health issue and the quality of laser light for illuminations.
LC offers the advantages of a large, unregulated, license-free spectrum, and is already capable in lab environment of reaching 100 Gbps (near field communication). The technology is particularly adapted to environments where RF communications are restricted or pose health concerns. LC is also considered as more “secure” against hackers since the communication is confined in the cone of light within a well-defined coverage zone. Line of Sight (LOS) is required for most use cases.
LC Applications: From Specialized to Mass Markets
With the technology being quite recent, different industries including lighting, transportation, industrial/manufacturing and telecommunication are evaluating its potential.
Specialized markets include location-based services where illuminations can provide a precise location. “Light beacons” are received by smartphone’s camera (supported by recent cell phone models) and an App provides services to enhanced user experience in retail stores or museum places. The aerospace industry is also considering LC to deliver in-flight entertainment.
Outdoor terrestrial link scenarios are attracting much interest fueled by the need of cost-effective wireless backhauls, especially in the context of 5G (small cells). The laser diode transmission usually operates on the near-infrared spectrum due to lower attenuation levels. The technology is part of the Free Space Optic (FSO) communication family that requires a strict line of sight. Available solutions reach 1 Gbps over up to 300 meters with a good reliability, and speeds up to 10 Gbps are on roadmaps. Over longer distances, however, bad weather conditions, especially fog and dust, can significantly affect the throughput. For this reason, the technology is often complemented with mmWave which is mostly affected by rain.
The mass market opportunity, however, resides in the Wireless Local Area Network (WLAN) applications where the technology, referred as Light Fidelity (Li-Fi), can complement or, in some cases, replace Wi-Fi. IEEE 802 has recently added a Light Communication task group (802.11bb) to complement the 802.11 family, recognizing the potential of Li-Fi. The standard specifies a PHY operating in the in 380 nm to 5,000 nm band (visible light, near-infrared, near-UV) targeting data rate from 10 Mbps up to at least 5 Gbps for a single link throughput. The uplink in Li-fi systems is usually based on IR transmission due to power limitation of the mobile devices and potential glare of visible light to the user.
Environments that restrict the use of EMI (Electromagnetic Interference) such as hospital, schools and factories are likely to fuel the industry in the next 5 years. The office/enterprise environment is also well suited for Li-Fi where lighting is ubiquitous and Power Over Ethernet is available and serves as a backhaul. In residential environments, Li-Fi can locally offload traffic in heavily populated apartments where RF interference is the primary concern. All these applications are addressed by the 802.11bb standard, while ITU G.vlc focuses on the residential environment.
Light communication is a promising technology that is still in its infancy. The growing interest in this technology is driven by the availability of a huge unlicensed spectrum not susceptible to RF interferences. As CableLabs continues to focus on developing new and innovative wireless technologies, light communications will definitively stay on the radar.
To stay current with what CableLabs is doing in the wireless space, make sure to subscribe to our blog.