Decomposition of MAC Address Structure for Granular Device Inference
Loading...
Authors
Martin, Jeremy
Rye, Erik
Beverly, Robert
Subjects
Advisors
Date of Issue
2016-12
Date
Publisher
Language
Abstract
Common among the wide variety of ubiquitous networked devices in modern use is wireless 802.11 connectivity. The MAC addresses of these devices are visible to a passive adversary, thereby presenting security and privacy threats -- even when link or application-layer encryption is employed. While it is well-known that the most significant three bytes of a MAC address, the OUI, coarsely identify a device's manufacturer, we seek to better understand the ways in which the remaining low-order bytes are allocated in practice. From a collection of more than two billion 802.11 frames observed in the wild, we extract device and model information details for over 285K devices, as leaked by various management frames and discovery protocols. From this rich dataset, we characterize overall device populations and densities, vendor address allocation policies and utilization, OUI sharing among manufacturers, discover unique models occurring in multiple OUIs, and map contiguous address blocks to specific devices. Our mapping thus permits fine-grained device type and model \emph{predictions} for unknown devices solely on the basis of their MAC address. We validate our inferences on both ground-truth data and a third-party dataset, where we obtain high accuracy. Our results empirically demonstrate the extant structure of the low-order MAC bytes due to manufacturer's sequential allocation policies, and the security and privacy concerns therein.
The article of record may be found at http://dx.doi.org/10.1145/2991079.2991098
The article of record may be found at http://dx.doi.org/10.1145/2991079.2991098
Type
Article
Presentation
Presentation
Description
Proceedings of the 32nd Annual Computer Security Applications (ACSAC) Conference, Los Angeles, CA, December 2016
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
This work supported in part by NSF grant CNS-1213155.
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.