correlating gsm and 802 11 hardware identifiers
play

Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, - PowerPoint PPT Presentation

Nov 28, 2022 •480 likes •741 views

Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, LT Danny Rhame, Dr. Robert Beverly, and Dr. John McEachen Naval Postgraduate School 2 Correlating GSM and 802.11 Hardware Identifiers Determine the feasibility of

  1. Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, LT Danny Rhame, Dr. Robert Beverly, and Dr. John McEachen Naval Postgraduate School 2

  2. Correlating GSM and 802.11 Hardware Identifiers • Determine the feasibility of cross-protocol association of GSM and WiFi identifiers from the same device • Examine the breadth of protocol layers of each communication medium • Use temporal and spatial analysis 3

  3. Correlating GSM and 802.11 Hardware Identifiers • Motivation • Previous Work • Background • Methodology and Data Collection • Correlation • Results • Future / Continued Work 4

  4. Motivation • Hardware identifiers are globally unique and do not change over the lifetime of a device – allows for both tracking and association of a physical device • Targeted advertising and statistics gathering 1 • Threat of increased attack vectors 2, 3, 4 • Use as search and rescue capability • Law enforcement and forensic analysis 5

  5. Previous Work • Privacy leak analysis of smartphones 1, 3, 6, 7, 8, 9 • Utilize identified security leaks for cross-correlation • Constellation analysis of RF devices 5 • Our analysis demonstrates the feasibility of using constellations for cross-correlation 6

  6. Background • The format, structure, and governing allocation authorities of GSM and 802.11 addresses are different and do not facilitate trivial association • GSM – IMEI • WiFi – MAC Address 7

  7. Methodology and Data Collection 8

  8. Methodology and Data Collection • Simulated collection of GSM and WiFi hardware identifiers • 18 mobile devices with GSM and WiFi capability • To model temporal movement, dataset includes six different snapshots in time • Three different locations were simulated to model spatial movement • A randomly selected subset of our devices was used for each of the six iterations 9

  9. Methodology and Data Collection • Test Devices Count Make Model ID 2 Acer Iconia A501 aIa 7 Apple iPhone 3GS iPh 1 Apple iPad iPa 1 HTC Hero hH 1 HTC Nexus One hNo 1 HTC Surround T8788 hSt 2 HTC Eng Handset hEh 1 Samsung I7500 sGa 2 Samsung 19250 Galaxy sGn 10

  10. Methodology and Data Collection • Two different perspectives • Limited Adversary – able to observe identifiers only in time and space • Advanced Adversary – visibility into the data stream of each protocol 11

  11. Methodology and Data Collection • Limited Adversary • Hardware identifier (IMEI / MAC address) • Temporal (# of times IMEI / MAC pair seen together) • Spatial (# of locations IMEI / MAC pair seen together) • Advanced Adversary • Use of all limited adversary techniques • User-Agent string in HTTP traffic • User Agent Profiles in HTTP traffic • Bonjour • DHCP / BOOTP 12

  12. Methodology and Data Collection Device TAC-Derived Info* OUI-Derived Info* UAProf Bonjour BOOTP Acer Iconia A501 Ericsson F5521gw Azurewave Tech http:// n/a n/a PCIE support.acer.com/ UAprofile/Acer A501 Profile.xml Apple iPhone 3GS Apple iPhone 3GS Apple, Inc n/a iPhone3GS-1.local iPhone3GS-1 16GB HTC Hero HTC Hero HTC Corporation http:// n/a n/a www.htcmms.com.t w/Android/Common/ Hero/ua-profile.xml Samsung Galaxy Samsung I9250 Samsung Electro n/a n/a android- Nexus Galaxy Nexus cd5db081844aeb9c *Used IEEE and Nobbi databases 13

  13. Correlation • Correlation problem is bipartite matching – associate observed MAC addresses with observed IMEIs GSM IMEIs 802.11 MACs • Generalize this correlation as an Integer Linear Program (ILP) that accommodates the different evidence in our datasets as constraints on the solution 14

  14. Correlation • Let A be the sparse association matric such that Ai,j =1 indicates that TAC i is associated with MAC j. We wish to maximize the sum of “strong” correlations, subject to the feasibility constraints that only one TAC may be associated with one MAC and vice versa. • The A that maximizes the sum of the evidence provides the inferred hardware correlations. • Necessary? Summarize? 15

  15. Correlation • As an ILP, which we express in the MathProg modeling language and solve using GLPK • Limited • Advanced 16

  16. Results • Limited Adversary • Temporal • Spatial • TAC – OUI 17

  17. Results – Limited Adversary 18

  18. Results • Advanced Adversary • Temporal • Spatial • TAC – OUI • TAC – User-Agent • TAC – UAProf • TAC – Bonjour • TAC - DHCP 19

  19. Results – Advanced Adversary 20

  20. Results – Advanced Adversary 21

  21. Results – Advanced Adversary 22

  22. Results – Leaked Identifiers 23

  23. Future Work • Blah 25

  24. References 1 W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX OSDI conference , 2010, pp. 1–6. 2 R.-P. Weinmann, “Baseband attacks: Remote exploitation of memory corruptions in cellular protocol stacks,” in USENIX Workshop on Offensive Technologies (WOOT12) , 2012. 3 C. Mulliner, N. Golde, and J.-P. Seifert, “SMS of Death: from analyzing to attacking mobile phones on a large scale,” in Proceedings of the 20th USENIX conference on Security , 2011, pp. 24–24. 4 K. Nohl, “Rooting SIM Cards,” in Blackhat Conference , 2013. 5 S. L. Garfinkel, A. Juels, and R. Pappu, “RFID Privacy: An Overview of Problems and Proposed Solutions,” Published by the IEEE Computer Society , p. 14, May 2005, http://www.cs.colorado.edu/ ∼ rhan/CSCI 7143 Fall 2007/Papers/rfid security 01439500.pdf. 6 M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “PiOS: Detecting privacy leaks in iOS applications,” in Proceedings of the Network and Distributed System Security Symposium , 2011. 7 P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications,” in Proceedings of the 18th ACM CCS conference , 2011, pp. 639–652. 8 G. Eisenhaur, M. N. Gagnon, T. Demir, and N. Daswani, “Mobile Malware Madness and How to Cap the Mad Hatters,” in Blackhat Conference , 2011. 9 M. N. Gagnon, “Hashing IMEI numbers does not protect privacy,” Dasient Blog, 2011, http://blog.dasient.com/2011/07/ hashing- imei- numbers- does- not- protect.html. 26

  25. Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin – jbmartin@nps.edu LT Danny Rhame – dsrhame@nps.edu Dr. Robert Beverly – rbeverly@nps.edu Dr. John McEachen – mceachen@nps.edu Naval Postgraduate School 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Storage Efficient Hardware Prefetching using Delta Correlating Prediction Tables Marius Granns

Storage Efficient Hardware Prefetching using Delta Correlating Prediction Tables Marius Granns

Storage Efficient Hardware Prefetching using Delta Correlating Prediction Tables Marius Granns Magnus Jahre Lasse Natvig Feb 14th 2008 www.ntnu.no M. Granns et.al., Storage Efficient Hardware Prefetching using Delta Correlating Prediction

658 views • 52 slides
Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to

Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to

Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to Locators Oleg Ponomarev 24 March 2009 IETF74, San Francisco OUTLINE OUTLINE Current situation Storage conventions Usage HOST IDENTITY

225 views • 18 slides
Everything I Disagree With is #FakeNews: Correlating Political Polarization and Spread of

Everything I Disagree With is #FakeNews: Correlating Political Polarization and Spread of

Everything I Disagree With is #FakeNews: Correlating Political Polarization and Spread of Misinformation Manoel Horta Ribeiro Pedro H. Calais Virglio A. F. Almeida Wagner Meira Jr. Motivation |||||||| News consumption after Online

768 views • 44 slides
The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays

The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays

The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays Digital Identifiers? Conventions associating one piece of data to another www.nominum.com to see web page Anna Kournikova into

718 views • 49 slides
Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking

Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking

Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking Earth Science Identifiers, Concepts, and Communities Brian Duggan 13 , Curt Tilmes 2 , Steven Aulenbach 13 , Robert E. Wolfe 12 , Justin C. Goldstein

480 views • 28 slides
ENHANCEMENT OF ETCHING FACTOR OF COPPER CIRCUIT BY CORRELATING BETWEEN MICROSTRUCTURE AND PATTERN

ENHANCEMENT OF ETCHING FACTOR OF COPPER CIRCUIT BY CORRELATING BETWEEN MICROSTRUCTURE AND PATTERN

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS ENHANCEMENT OF ETCHING FACTOR OF COPPER CIRCUIT BY CORRELATING BETWEEN MICROSTRUCTURE AND PATTERN SHAPE A. Hyo-Soo Lee 1 , B. Hai-Joong Lee 1 , C. Hyuk-Chon Kwon 1 1 Korea Institute of

216 views • 5 slides
Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique Identifiers Who cares? What are we talking about? Where are they? Laptops & Desktops Peripherals Smartphones Why

358 views • 19 slides
HS-SPME GC/Q-TOF: Correlating Geographical Origin with Volatile Aroma Profiles Philip L. Wylie 1

HS-SPME GC/Q-TOF: Correlating Geographical Origin with Volatile Aroma Profiles Philip L. Wylie 1

Analysis of Pinot Noir Wines by HS-SPME GC/Q-TOF: Correlating Geographical Origin with Volatile Aroma Profiles Philip L. Wylie 1 , Anna K. Hjelmeland 2 , Ron Runnebaum 3 & Susan E. Ebeler 3 1) Agilent Technologies, Wilmington, DE 19808

399 views • 27 slides
Correlating TTL data to network characteristics Final Talk BSc Informatics Till Wickenheiser

Correlating TTL data to network characteristics Final Talk BSc Informatics Till Wickenheiser

Chair for Network Architectures and Services Technical University of Munich (TUM) Correlating TTL data to network characteristics Final Talk BSc Informatics Till Wickenheiser Advisors: Quirin Scheitle, Oliver Gasser, Paul Emmerich, Felix von

556 views • 52 slides
Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba

Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba

Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba and Katsuhiko Gondow Tokyo Institute of Technology What are concept keywords? Most programmers try to name identifiers meaningfully.

160 views • 4 slides
Holometer Holometer results and status in correlating twin 40m interferometers results and

Holometer Holometer results and status in correlating twin 40m interferometers results and

Holometer Holometer results and status in correlating twin 40m interferometers results and status in correlating twin 40m interferometers Lee McCuller University of Chicago June 2015 McCuller June 2015 1 Holometer Collaboration Holometer

521 views • 31 slides
FIBER REINFORCEMENTS: CORRELATING PERMEABILITY AND LOCAL SPATIAL FIBROUS FEATURES S. Comas-Cardona

FIBER REINFORCEMENTS: CORRELATING PERMEABILITY AND LOCAL SPATIAL FIBROUS FEATURES S. Comas-Cardona

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS FIBER REINFORCEMENTS: CORRELATING PERMEABILITY AND LOCAL SPATIAL FIBROUS FEATURES S. Comas-Cardona 1 , F. Zhang 1 , S. Bickerton 2 , L. Tournier 2 , J.M. Gan 2 , C. Binetruy 1 1 Technology of

245 views • 6 slides
Stucco Situation & Threat Understanding by Correlating Contextual Observations John Gerth,

Stucco Situation & Threat Understanding by Correlating Contextual Observations John Gerth,

CYBER SECURITY DIVISION Stucco Situation & Threat Understanding by Correlating Contextual Observations John Gerth, Stanford University John R. Goodall, Oak Ridge National Laboratory January 2014 Team Profile 2 Jan '14 FloCon 2014 Need

407 views • 17 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides
Correlating Performance, Code Location and Memory Access Harald Servat, Jesus Labarta, Judit

Correlating Performance, Code Location and Memory Access Harald Servat, Jesus Labarta, Judit

Correlating Performance, Code Location and Memory Access Harald Servat, Jesus Labarta, Judit Gimenez Scalable Tools Workshop - Lake Tahoe, Aug 2 nd 2016 1 Folding: instantaneous metric with minimum overhead Combine instrumentation and sampling

477 views • 15 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Maximize the Value of CDMA Networks and Maximize the Value of CDMA Networks and Smoothly Evolve to

Maximize the Value of CDMA Networks and Maximize the Value of CDMA Networks and Smoothly Evolve to

Maximize the Value of CDMA Networks and Maximize the Value of CDMA Networks and Smoothly Evolve to the Next Generation Smoothly Evolve to the Next Generation Sean Cai Sean Cai VP Wireless, ZTE Corporation VP Wireless, ZTE Corporation CDG Technology

285 views • 27 slides
ORBIT 10 Years Later Ivan Seskar, Associate Director WINLAB Rutgers, The State University of New

ORBIT 10 Years Later Ivan Seskar, Associate Director WINLAB Rutgers, The State University of New

ORBIT 10 Years Later Ivan Seskar, Associate Director WINLAB Rutgers, The State University of New Jersey Contact: seskar (at) winlab (dot) rutgers (dot) edu WINLAB Orbit Project Rationale Wireless testbeds motivated by: cost & time

461 views • 44 slides
Powering Real-time Radio Astronomy Signal Processing with latest GPU architectures Vinay

Powering Real-time Radio Astronomy Signal Processing with latest GPU architectures Vinay

Powering Real-time Radio Astronomy Signal Processing with latest GPU architectures Vinay Deshpande Bharat Kumar Harshavardhan Reddy Suda NVIDIA, India NVIDIA, India NCRA, India What signals we are processing? Digitized baseband signals

512 views • 29 slides
Q3 2017 Conference Call Veeco Instruments Inc. > November 2, 2017 > 1 | Q3 2017

Q3 2017 Conference Call Veeco Instruments Inc. > November 2, 2017 > 1 | Q3 2017

Q3 2017 Conference Call Veeco Instruments Inc. > November 2, 2017 > 1 | Q3 2017 Conference Call Presentation Safe Harbor To the extent that this presentation discusses expectations or otherwise makes statements about the future,

547 views • 21 slides
Team X B Bhooma Reddy (200601224) Koundinya (200601201) Bluetooth wireless technology is a

Team X B Bhooma Reddy (200601224) Koundinya (200601201) Bluetooth wireless technology is a

Team X B Bhooma Reddy (200601224) Koundinya (200601201) Bluetooth wireless technology is a short-range communications technology intended to replace the cables connecting portable and/or fixed devices while maintaining high levels of

467 views • 18 slides
Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio

Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio

Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio Leader in high performance clocks and oscillators Frequency flexibility + ultra-low jitter Best-in-class integration single IC clock trees

430 views • 17 slides
EXPANSION & UPGRADATION OF SATELLITE BASED COMMUNICATION NETWORK 1 2 3 SATCOM GROUP IN

EXPANSION & UPGRADATION OF SATELLITE BASED COMMUNICATION NETWORK 1 2 3 SATCOM GROUP IN

ALPHA DESIGN TECHNOLOGIES PVT. LTD ( DCPW, Govt. of INDIA, Ministry of Home Affairs) EXPANSION & UPGRADATION OF SATELLITE BASED COMMUNICATION NETWORK 1 2 3 SATCOM GROUP IN ADTL ADTL is supporting ISRO for Assembly, Integration,

256 views • 25 slides
Software Defined Radio Ramsey Doany Texas State University Raise your hand if you have

Software Defined Radio Ramsey Doany Texas State University Raise your hand if you have

Software Defined Radio Ramsey Doany Texas State University Raise your hand if you have little/no background in communication Stop me and ask questions, please! Outline What is a Software Defined Radio? How is a Software Defined

1.53k views • 18 slides

More recommend