Defeating MAC address randomization in WiFi

  • Palaiseau, France
  • Other
  • Information Technology & Digital
  • English Only
  • N/A
  • 15+ days ago
  • Palaiseau, France
  • Permanent-Full time
  • Other
  • Information Technology & Digital
  • English Only
  • N/A
  • 15+ days ago

Permanent-Full time

Job Description

The description of the offer below is in English
Type of contract: Internship agreement

Required degree level: Bac + 4 or equivalent

Function: Research intern

About the center or functional direction

Located at the heart of the main national research and higher education cluster, member of the Université Paris Saclay, a major actor in the French Investments for the Future Programme (Idex, LabEx, IRT, Equipex) and partner of the main establishments present on the plateau, the centre is particularly active in three major areas: data and knowledge; safety, security and reliability; modelling, simulation and optimisation (with priority given to energy).

The 450 researchers and engineers from Inria and its partners who work in the research centre's 28 teams, the 60 research support staff members, the high-level equipment at their disposal (image walls, high-performance computing clusters, sensor networks), and the privileged relationships with prestigious industrial partners, all make Inria Saclay Île-de-France a key research centre in the local landscape and one that is oriented towards Europe and the world.

Context and strengths of the position

Research on mobile systems involves the analysis of spatiotemporal data. Unfortunately, gathering data is hard: recruiting volunteers demands considerable technical, logistic, and administrative efforts, and the subjects are generally an inhomogeneous sample of the population. All these drawbacks are inherent to active, intrusive data collection methods.[1]

Against these issues, passive measurement strategies are a good contender, limiting the selection bias and expanding the potential target pool by orders of magnitude. They all draw upon the same principle: rebuilding information from the signals connected devices naturally emit. In this context, we could infer the devices' mobility by leveraging their WiFi, cellular, or Bluetooth signals.

WiFi, being the short-range and most prevalent mode of communication, is thus an optimal choice. To protect the user and avoid displaying a unique identifier, the WiFi standard forces devices to regularly change their public MAC address: the MAC address randomization process. Therefore, all the works on trajectory reconstruction and other related domains that rely on device identification must be revisited with an adequate MAC association scheme. WiFi MAC randomization has been studied [2], and it has been shown by numerous works [3][4][5] that the current randomization recommendations do not preserve privacy. But none of the existing generic solutions [3][5] on MAC address association can get high accuracy and is validated for real-world scenarios.

Mission entrusted

This internship aims to verify the correctness of current MAC association algorithms in literature and build upon that to come up with a new generic-and-accurate MAC association solution. In particular, this internship will involve WiFi protocol analysis to find privacy-intrusions, efficient algorithm design, trace-collection, and network simulation. This internship will be the first to evaluate-and-design a generic, accurate solution to defeat WiFi MAC address randomization.

Main activities
Scope of the internship:

During the internship, the student will get acquainted with the research and implementation of various privacy-provisions and device-fingerprinting in WiFi. Three significant steps involved in this internship are:

The study and the implementation of most generic WiFi MAC address associations currently available in the literature.
Evaluate the solution with real-world traces consisting of public WiFi packets and ground truth.
Design a new solution that is more accurate in large-scale outdoor WiFi usage scenarios.
If time permits, the intern is more than welcome to benchmark and open-source the new solution.

References :

[1] Loïc Jouans, Aline Carneiro Viana, Nadjib Achir, Anne Fladenmuller. Associating the Randomized Bluetooth MACAddresses of a Device. Accepted in IEEE Annual Consumer Communications & Networking Conference, CCNC 2021, Las Vegas, NV, USA.

[2] Martin, Jeremy, et al. "A study of MAC address randomization in mobile devices and when it fails." Proceedings on Privacy Enhancing Technologies 2017.4 (2017): 365-383.

[3] Vanhoef, Mathy, et al. "Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms." Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016.

[4] Martin, Jeremy, et al. "Handoff all your privacy–a review of apple’s bluetooth low energy continuity protocol." Proceedings on Privacy Enhancing Technologies 2019.4 (2019): 34-53.

Required Technical skills:

Good knowledge of wireless networks and protocols
Knowledge and interest in network privacy
Strong programming skills (C++, Bash, Python)
Experience in the network simulators(like NS-3) is a plus.
Good communication and documentation skills in English


Subsidized meals
Partial reimbursement of public transport costs
Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
Professional equipment available (videoconferencing, loan of computer equipment, etc.)
Social, cultural and sports events and activities
Access to vocational training
Social security coverage
Internship gratification

Similar Jobs