Show simple item record

dc.contributor.authorMartin, Jeremy
dc.contributor.authorRye, Erik
dc.contributor.authorBeverly, Robert
dc.date.accessioned2016-11-08T23:33:00Z
dc.date.available2016-11-08T23:33:00Z
dc.date.issued2016-12
dc.identifier.urihttp://hdl.handle.net/10945/50648
dc.descriptionProceedings of the 32nd Annual Computer Security Applications (ACSAC) Conference, Los Angeles, CA, December 2016en_US
dc.description.abstractCommon among the wide variety of ubiquitous networked devices in modern use is wireless 802.11 connectivity. The MAC addresses of these devices are visible to a passive adversary, thereby presenting security and privacy threats -- even when link or application-layer encryption is employed. While it is well-known that the most significant three bytes of a MAC address, the OUI, coarsely identify a device's manufacturer, we seek to better understand the ways in which the remaining low-order bytes are allocated in practice. From a collection of more than two billion 802.11 frames observed in the wild, we extract device and model information details for over 285K devices, as leaked by various management frames and discovery protocols. From this rich dataset, we characterize overall device populations and densities, vendor address allocation policies and utilization, OUI sharing among manufacturers, discover unique models occurring in multiple OUIs, and map contiguous address blocks to specific devices. Our mapping thus permits fine-grained device type and model \emph{predictions} for unknown devices solely on the basis of their MAC address. We validate our inferences on both ground-truth data and a third-party dataset, where we obtain high accuracy. Our results empirically demonstrate the extant structure of the low-order MAC bytes due to manufacturer's sequential allocation policies, and the security and privacy concerns therein.
dc.description.abstractThe article of record may be found at http://dx.doi.org/10.1145/2991079.2991098
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleDecomposition of MAC Address Structure for Granular Device Inferenceen_US
dc.typeArticleen_US
dc.typePresentationen_US
dc.contributor.departmentComputer Science (CS)
dc.description.funderThis work supported in part by NSF grant CNS-1213155.


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record