draft-ietf-madinas-mac-address-randomization-13.txt | draft-ietf-madinas-mac-address-randomization-14.txt | |||
---|---|---|---|---|
MADINAS JC. Zúñiga | MADINAS JC. Zúñiga | |||
Internet-Draft CISCO | Internet-Draft CISCO | |||
Intended status: Informational CJ. Bernardos, Ed. | Intended status: Informational CJ. Bernardos, Ed. | |||
Expires: 19 December 2024 UC3M | Expires: 4 January 2025 UC3M | |||
A. Andersdotter | A. Andersdotter | |||
Safespring AB | Safespring AB | |||
17 June 2024 | 3 July 2024 | |||
Randomized and Changing MAC Address State of Affairs | Randomized and Changing MAC Address State of Affairs | |||
draft-ietf-madinas-mac-address-randomization-13 | draft-ietf-madinas-mac-address-randomization-14 | |||
Abstract | Abstract | |||
Internet users are becoming more aware that their activity over the | Internet users are becoming more aware that their activity over the | |||
Internet leaves a vast digital footprint, that communications might | Internet leaves a vast digital footprint, that communications might | |||
not always be properly secured, and that their location and actions | not always be properly secured, and that their location and actions | |||
can be tracked. One of the main factors that eases tracking Internet | can be tracked. One of the main factors that eases tracking Internet | |||
users is the wide use of long-lasting, and sometimes persistent, | users is the wide use of long-lasting, and sometimes persistent, | |||
identifiers at various protocol layers. This document focuses on MAC | identifiers at various protocol layers. This document focuses on MAC | |||
addresses. | addresses. | |||
skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on 19 December 2024. | This Internet-Draft will expire on 4 January 2025. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
skipping to change at page 11, line 41 ¶ | skipping to change at page 11, line 41 ¶ | |||
Most modern OSes (especially mobile ones) do implement by default | Most modern OSes (especially mobile ones) do implement by default | |||
some MAC address randomization policy. Since the mechanism and | some MAC address randomization policy. Since the mechanism and | |||
policies OSes implement can evolve with time, the content is now | policies OSes implement can evolve with time, the content is now | |||
hosted at https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac- | hosted at https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac- | |||
address-randomization/blob/main/OS-current-practices.md. For | address-randomization/blob/main/OS-current-practices.md. For | |||
completeness, a snapshot of the content at the time of publication of | completeness, a snapshot of the content at the time of publication of | |||
this document is included below. | this document is included below. | |||
Table 1 summarizes current practices for Android and iOS, as the time | Table 1 summarizes current practices for Android and iOS, as the time | |||
of writing this document (original source: https://www.fing.com/news/ | of writing this document (original source posted at: | |||
https://www.fing.com/news/private-mac-address-on-ios-14, latest | ||||
wayback machine's snapshot available here: | ||||
https://web.archive.org/web/20230905111429/https://www.fing.com/news/ | ||||
private-mac-address-on-ios-14, updated based on findings from the | private-mac-address-on-ios-14, updated based on findings from the | |||
authors). | authors). | |||
+=============================================+===================+ | +=============================================+===================+ | |||
| Android 10+ | iOS 14+ | | | Android 10+ | iOS 14+ | | |||
+=============================================+===================+ | +=============================================+===================+ | |||
| The randomized MAC address is bound to the | The randomized | | | The randomized MAC address is bound to the | The randomized | | |||
| SSID | MAC address is | | | SSID | MAC address is | | |||
| | bound to the | | | | bound to the | | |||
| | Basic SSID | | | | Basic SSID | | |||
skipping to change at page 12, line 42 ¶ | skipping to change at page 12, line 42 ¶ | |||
| real MAC address, no randomized MAC address | the new Wi-Fi | | | real MAC address, no randomized MAC address | the new Wi-Fi | | |||
| will be used (unless manually enabled) | networks | | | will be used (unless manually enabled) | networks | | |||
+---------------------------------------------+-------------------+ | +---------------------------------------------+-------------------+ | |||
Table 1: Android and iOS MAC address randomization practices | Table 1: Android and iOS MAC address randomization practices | |||
In September 2021, we have performed some additional tests to | In September 2021, we have performed some additional tests to | |||
evaluate how most widely used OSes behave regarding MAC address | evaluate how most widely used OSes behave regarding MAC address | |||
randomization. Table 2 summarizes our findings, where show on | randomization. Table 2 summarizes our findings, where show on | |||
different rows whether the OS performs address randomization per | different rows whether the OS performs address randomization per | |||
network, per new connection, daily, supports configuration per SSID, | network (PNGM according to the taxonomy introduced in Section 6), per | |||
supports address randomization for scanning, and whether it does that | new connection (PSGM), daily (PPGM with a period of 24h), supports | |||
by default. | configuration per SSID, supports address randomization for scanning, | |||
and whether it does that by default. | ||||
+====================+=======+============+============+=========+ | +=================+=======+============+============+=========+ | |||
| OS | Linux | Android 10 | Windows 10 | iOS 14+ | | | OS | Linux | Android 10 | Windows 10 | iOS 14+ | | |||
+====================+=======+============+============+=========+ | +=================+=======+============+============+=========+ | |||
| Random per net. | Y | Y | Y | Y | | | Random per net. | Y | Y | Y | Y | | |||
+--------------------+-------+------------+------------+---------+ | | (PNGM) | | | | | | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| Random per connec. | Y | N | N | N | | +-----------------+-------+------------+------------+---------+ | |||
+--------------------+-------+------------+------------+---------+ | | Random per | Y | N | N | N | | |||
+--------------------+-------+------------+------------+---------+ | | connec. (PSGM) | | | | | | |||
| Random daily | N | N | Y | N | | +-----------------+-------+------------+------------+---------+ | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
+--------------------+-------+------------+------------+---------+ | | Random daily | N | N | Y | N | | |||
| SSID config. | Y | N | N | N | | | (PPGM) | | | | | | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| Random. for scan | Y | Y | Y | Y | | | SSID config. | Y | N | N | N | | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| Random. for scan | N | Y | N | Y | | | Random. for | Y | Y | Y | Y | | |||
| by default | | | | | | | scan | | | | | | |||
+--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
+-----------------+-------+------------+------------+---------+ | ||||
| Random. for | N | Y | N | Y | | ||||
| scan by default | | | | | | ||||
+-----------------+-------+------------+------------+---------+ | ||||
Table 2: Observed behavior from different OS (as of September | Table 2: Observed behavior from different OS (as of | |||
2021) | September 2021) | |||
According to [privacy_android], starting in Android 12, Android uses | According to [privacy_android], starting in Android 12, Android uses | |||
non-persistent randomization in the following situations: (i) a | non-persistent randomization in the following situations: (i) a | |||
network suggestion app specifies that non-persistant randomization be | network suggestion app specifies that non-persistant randomization be | |||
used for the network (through an API); or (ii) the network is an open | used for the network (through an API); or (ii) the network is an open | |||
network that hasn't encountered a captive portal and an internal | network that hasn't encountered a captive portal and an internal | |||
config option is set to do so (by default it is not). | config option is set to do so (by default it is not). | |||
8. IANA Considerations | 8. IANA Considerations | |||
skipping to change at page 14, line 23 ¶ | skipping to change at page 14, line 28 ¶ | |||
Addresses or other permanent identifiers. | Addresses or other permanent identifiers. | |||
10. Acknowledgments | 10. Acknowledgments | |||
Authors would like to thank Guillermo Sanchez Illan for the extensive | Authors would like to thank Guillermo Sanchez Illan for the extensive | |||
tests performed on different OSes to analyze their behavior regarding | tests performed on different OSes to analyze their behavior regarding | |||
address randomization. | address randomization. | |||
Authors would like to thank Jerome Henry, Hai Shalom, Stephen Farrel, | Authors would like to thank Jerome Henry, Hai Shalom, Stephen Farrel, | |||
Alan DeKok, Mathieu Cunche, Johanna Ansohn McDougall, Peter Yee, Bob | Alan DeKok, Mathieu Cunche, Johanna Ansohn McDougall, Peter Yee, Bob | |||
Hinden, Behcet Sarikaya, David Farmer, Mohamed Boucadair and Éric | Hinden, Behcet Sarikaya, David Farmer, Mohamed Boucadair, Éric Vyncke | |||
Vyncke for their review and comments on previous versions of this | and Christian Amsüss for their reviews and comments on previous | |||
document. Authors would also like to thank Michael Richardson for | versions of this document. Authors would also like to thank Michael | |||
his contributions on the taxonomy section. Finally, authors would | Richardson for his contributions on the taxonomy section. Finally, | |||
also like to thank the IEEE 802.1 Working Group for its review and | authors would also like to thank the IEEE 802.1 Working Group for its | |||
comments, performed as part of the Liaison statement on Randomized | review and comments, performed as part of the Liaison statement on | |||
and Changing MAC Address (https://datatracker.ietf.org/ | Randomized and Changing MAC Address (https://datatracker.ietf.org/ | |||
liaison/1884/). | liaison/1884/). | |||
11. Informative References | 11. Informative References | |||
[contact_tracing_paper] | [contact_tracing_paper] | |||
Leith, D. J. and S. Farrell, "Contact Tracing App Privacy: | Leith, D. J. and S. Farrell, "Contact Tracing App Privacy: | |||
What Data Is Shared By Europe's GAEN Contact Tracing | What Data Is Shared By Europe's GAEN Contact Tracing | |||
Apps", IEEE INFOCOM 2021 , July 2020. | Apps", IEEE INFOCOM 2021 , July 2020. | |||
[CSCN2015] Bernardos, CJ., Zúñiga, JC., and P. O'Hanlon, "Wi-Fi | [CSCN2015] Bernardos, CJ., Zúñiga, JC., and P. O'Hanlon, "Wi-Fi | |||
End of changes. 9 change blocks. | ||||
38 lines changed or deleted | 46 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |