无线网络用户的Wi-Fi指纹匿名化研究

doi:10.11896/j.issn.1002-137X.2018.08.002

摘要/Abstract

摘要： 如今,上亿的Wi-Fi热点被广泛部署,用于给人们提供Wi-Fi连网服务。为了加快Wi-Fi连接的速度,移动设备会发送探测请求帧来发现附近的无线热点,并且保存曾经连接过的AP的SSID,即首选网络列表 (PNL)。已有研究表明,由探测请求帧发出的SSID构成的Wi-Fi指纹会泄露用户的隐私信息。基于对现实情况中Wi-Fi指纹所造成的隐私泄露程度的分析,提出了数据驱动的隐私保护方案。首先,针对4个城市中2700万用户连接400万Wi-Fi热点的行为进行了测量研究,并证明了在很多场景下Wi-Fi指纹都可以用来区分用户。基于对Wi-Fi指纹中SSID语义信息的研究,可以推断出这些用户的身份信息(如工作信息)。其次,提出了一种基于协同过滤的启发式方法,它通过给用户的PNL中添加伪SSID来模糊其信息,并使得附近的人彼此之间的PNL与Wi-Fi指纹都更加相似。最后,基于真实的Wi-Fi连接数据验证了上述策略的有效性,实验结果表明,修改PNL不仅能保护用户隐私,而且能保证快速的Wi-Fi连接。

关键词: 保护, 探测请求帧, 无线网络, 隐私泄露, 用户行为

Abstract: Billions of Wi-Fi assess points (APs) have been deployed to provide wireless connection to people with different kinds of mobile devices.Toaccelerate the speed of Wi-Fi connection,mobile devices will send probe requests to discover nearby Wi-Fi APs,and maintain previously connected network lists (PNLs) of APs.Previous studies show that the Wi-Fi fingerprints that consist of probed SSIDs individually will leak private information of users.This paper investigated the privacy caused by the Wi-Fi fingerprints in the wild,and provided a data-driven solution to protect privacy.First,measurement studies were carried out based on 27 million users associating with 4 million Wi-Fi APs in 4 cities,and it was revealed that Wi-Fi fingerprints can be used to identify users in a wide range of Wi-Fi scenarios.Based on semantic mining and analysis of SSIDs in Wi-Fi fingerprints,this paper further inferred demographic information of identified users (e.g.,people’s jobs),telling “who they are”.Second,this paper proposed a collaborative filtering (CF) based heuristic protection method,which can “blur” an user’s PNL by adding faked SSIDs,such that nearby users’ PNLs and Wi-Fi fingerprints are similar to each other.Finally,the effectiveness of the design was verified by using real-world Wi-Fi connection traces.The experiments show that the refined PNLs protect users’ privacy while still provide fast Wi-Fi reconnection.

Key words: Privacy leakage, Probe request frame, Protection, User behavior, Wireless network

中图分类号:

TP393

韩秀萍, 王智, 裴丹. 无线网络用户的Wi-Fi指纹匿名化研究[J]. 计算机科学, 2018, 45(8): 7-12. https://doi.org/10.11896/j.issn.1002-137X.2018.08.002

HAN Xiu-ping, WANG Zhi, PEI Dan. Study on Wi-Fi Fingerprint Anonymization for Users in Wireless Networks[J]. Computer Science, 2018, 45(8): 7-12. https://doi.org/10.11896/j.issn.1002-137X.2018.08.002

参考文献

[1]DAI Z,DINO A,MACAULAY S A.Attacking Automatic Wireless Network Selection[C]∥Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop.IEEE,2005:365-372.
[2]FREUDIGER J.How Talkative is Your Mobile Device?:An Experimental Study of Wi-Fi Probe Requests[C]∥Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks.ACM,2015.
[3]CHERNYSHEV M,VALLI C,HANNAY P.On 802.11 Access Point Locatability and Named Entity Recognition in Service Set Identifiers[J].IEEE Transactions on Information Forensics and Security,2016,11(3):584-593.
[4]FAN Y C,CHEN Y C,TUNG K C,et al.A Framework forEna-bling User Preference Profiling Through Wi-Fi Logs[J].IEEE Transactions on Knowledge and Data Engineering,2016,28(3):592-603.
[5]XU Q,ZHENG R,SAAD W,et al.Device Fingerprinting inWireless Networks:Challenges and Opportunities[J].IEEE Communications Surveys and Tutorials,2016,18 (1):94-104.
[6]CUNCHE M,KAAFAR M A,BORELI R.Linking Wireless Devices Using Information Contained in Wi-Fi Probe Requests[J].Pervasive and Mobile Computing,2014,11(4):56-69.
[7]BONNE B,QUAX P,LAMOTTE W.Raising Awareness onSmartphone Privacy Issues with SASQUATCH,and Solving Them with PrivacyPolice∥Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems:Computing,Networking and Services.2014:379-381.
[8]LINDQVIST J,AURA T,DANEZIS G,et al.Privacy-preser-ving 802.11 Access-point Discovery[C]∥Proceedings of the Second ACM Conference on Wireless Network Security.ACM,2009:123-130.
[9]KIM Y S,TIAN T,NGUYEN L T,et al.Lapwin:Location-aided Probing for Protecting User Privacy in Wi-Fi Networks[C]∥Proceedings of IEEE Conference on Communications and Network Security.2014:427-435.
[10]PANG J,GREENSTEIN B,GUMMADI R,et al.802.11 User Fingerprinting[C]∥Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking.ACM,2007:99-110.
[11]DESMOND L C C,YUAN C C,PHENG T C,et al.Identifying Unique Devices Through Wireless Fingerprinting[C]∥Procee-dings of the First ACM Conference on Wireless Network Security.ACM,2008:46-55.
[12]CHENG N,MOHAPATRA P,CUNCHE M,et al.InferringUser Relationship from Hidden Information in Wlans[C]∥Mi-litary Communications Conference.IEEE,2012:1-6.
[13]BARBERA M V,EPASTO A,MEI A,et al.Signals from The Crowd:Uncovering Social Relationships through Smartphone Probes[C]∥Proceedings of the 2013 Conference on Internet Measurement Conference.ACM,2013:265-276.
[14]LUZIO A D,MEI A,STEFA J.Mind Your Probes:De-anonymization of Large Crowds through Smartphone Wi-Fi Probe Requests[C]∥Proceedings of the 35th Annual IEEE International Conference on Computer Communications.IEEE,2016:1-9.
[15]SONG Y,YANG C,GU G.Who is Peeping at Your Passwords at Starbucks?-To Catch An Evil Twin Access Point[C]∥Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks.IEEE,2010:323-332.
[16]CALLEGATI F,CERRONI W,RAMILLI M.Man-in-the-Middle Attack to the Https Protocol[J].IEEE Security and Privacy,2009,7(1):78-81.
[17]SKINNER K,NOVAK J.Privacy and Your App[C]∥Apple Worldwide Dev.Conf.(WWDC).America,2015.
[18]Android 6.0 Changes[EB/OL].https://developer.android.com/about/versions/ marshmallow/android-6.0-changes.html.
[19]WANG W.Wireless Networking in Windows 10[C]∥Windows Hardware Engineering Community Conference (WinHEC).2015.
[20]VANHOEF M,MATTE C,CUNCHE M,et al.Why Mac Address Randomization is not Enough:An Analysis of Wi-Fi Network Discovery Mechanisms∥Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.ACM,2016:413-424.
[21]VANHOEF M,MATTE C,CUNCHE M,et al.Why Mac Address Randomization is not Enough:An Analysis of Wi-Fi Network Discovery Mechanisms[C]∥Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.ACM,2016:413-424.
[22]ZANG H,BOLOT J.Anonymization of Location Data does not Work:A Large-scale Measurement Study[C]∥Proceedings of the 17th Annual International Conference on Mobile Computing and Networking.ACM,2011:145-156.
[23]XU C,TENG J,JIA W.Enabling Faster and Smoother Handoffs in Ap-dense 802.11 Wireless Networks[J].Computer Communications,2010,33(15):1795-1803.
[24]TERVEEN L,HILL W.Beyond Recommender Systems:He-lping People Help Each Other[C]∥HCI in the New Millen-nium.2001:487-509.

相关文章 15

[1]	鲁晨阳, 邓苏, 马武彬, 吴亚辉, 周浩浩. 基于分层抽样优化的面向异构客户端的联邦学习 Federated Learning Based on Stratified Sampling Optimization for Heterogeneous Clients 计算机科学, 2022, 49(9): 183-193. https://doi.org/10.11896/jsjkx.220500263
[2]	汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3]	吕由, 吴文渊. 隐私保护线性回归方案与应用 Privacy-preserving Linear Regression Scheme and Its Application 计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[4]	陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[5]	王健. 基于隐私保护的反向传播神经网络学习算法 Back-propagation Neural Network Learning Algorithm Based on Privacy Preserving 计算机科学, 2022, 49(6A): 575-580. https://doi.org/10.11896/jsjkx.211100155
[6]	毛典辉, 黄晖煜, 赵爽. 符合监管合规性的自动合成新闻检测方法研究 Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance 计算机科学, 2022, 49(6A): 523-530. https://doi.org/10.11896/jsjkx.210300083
[7]	李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077
[8]	王美珊, 姚兰, 高福祥, 徐军灿. 面向医疗集值数据的差分隐私保护技术研究 Study on Differential Privacy Protection for Medical Set-Valued Data 计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032
[9]	赵罗成, 屈志昊, 谢在鹏. 面向多层无线边缘环境下的联邦学习通信优化的研究 Study on Communication Optimization of Federated Learning in Multi-layer Wireless Edge Environment 计算机科学, 2022, 49(3): 39-45. https://doi.org/10.11896/jsjkx.210800054
[10]	吕由, 吴文渊. 基于同态加密的线性系统求解方案 Linear System Solving Scheme Based on Homomorphic Encryption 计算机科学, 2022, 49(3): 338-345. https://doi.org/10.11896/jsjkx.201200124
[11]	孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008
[12]	耿海军, 王威, 尹霞. 基于混合软件定义网络的单节点故障保护方法 Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks 计算机科学, 2022, 49(2): 329-335. https://doi.org/10.11896/jsjkx.210100051
[13]	金华, 朱靖宇, 王昌达. 视频隐私保护技术综述 Review on Video Privacy Protection 计算机科学, 2022, 49(1): 306-313. https://doi.org/10.11896/jsjkx.201200047
[14]	雷羽潇, 段玉聪. 面向跨模态隐私保护的AI治理法律技术化框架 AI Governance Oriented Legal to Technology Bridging Framework for Cross-modal Privacy Protection 计算机科学, 2021, 48(9): 9-20. https://doi.org/10.11896/jsjkx.201000011
[15]	谭琪, 张凤荔, 王婷, 王瑞锦, 周世杰. 融入结构度中心性的社交网络用户影响力评估算法 Social Network User Influence Evaluation Algorithm Integrating Structure Centrality 计算机科学, 2021, 48(7): 124-129. https://doi.org/10.11896/jsjkx.200600096

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed