| draft-ietf-madinas-mac-address-randomization-13.txt | draft-ietf-madinas-mac-address-randomization-14.txt | |||
|---|---|---|---|---|
| MADINAS JC. Zúñiga | MADINAS JC. Zúñiga | |||
| Internet-Draft CISCO | Internet-Draft CISCO | |||
| Intended status: Informational CJ. Bernardos, Ed. | Intended status: Informational CJ. Bernardos, Ed. | |||
| Expires: 19 December 2024 UC3M | Expires: 4 January 2025 UC3M | |||
| A. Andersdotter | A. Andersdotter | |||
| Safespring AB | Safespring AB | |||
| 17 June 2024 | 3 July 2024 | |||
| Randomized and Changing MAC Address State of Affairs | Randomized and Changing MAC Address State of Affairs | |||
| draft-ietf-madinas-mac-address-randomization-13 | draft-ietf-madinas-mac-address-randomization-14 | |||
| Abstract | Abstract | |||
| Internet users are becoming more aware that their activity over the | Internet users are becoming more aware that their activity over the | |||
| Internet leaves a vast digital footprint, that communications might | Internet leaves a vast digital footprint, that communications might | |||
| not always be properly secured, and that their location and actions | not always be properly secured, and that their location and actions | |||
| can be tracked. One of the main factors that eases tracking Internet | can be tracked. One of the main factors that eases tracking Internet | |||
| users is the wide use of long-lasting, and sometimes persistent, | users is the wide use of long-lasting, and sometimes persistent, | |||
| identifiers at various protocol layers. This document focuses on MAC | identifiers at various protocol layers. This document focuses on MAC | |||
| addresses. | addresses. | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 19 December 2024. | This Internet-Draft will expire on 4 January 2025. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 11, line 41 ¶ | skipping to change at page 11, line 41 ¶ | |||
| Most modern OSes (especially mobile ones) do implement by default | Most modern OSes (especially mobile ones) do implement by default | |||
| some MAC address randomization policy. Since the mechanism and | some MAC address randomization policy. Since the mechanism and | |||
| policies OSes implement can evolve with time, the content is now | policies OSes implement can evolve with time, the content is now | |||
| hosted at https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac- | hosted at https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac- | |||
| address-randomization/blob/main/OS-current-practices.md. For | address-randomization/blob/main/OS-current-practices.md. For | |||
| completeness, a snapshot of the content at the time of publication of | completeness, a snapshot of the content at the time of publication of | |||
| this document is included below. | this document is included below. | |||
| Table 1 summarizes current practices for Android and iOS, as the time | Table 1 summarizes current practices for Android and iOS, as the time | |||
| of writing this document (original source: https://www.fing.com/news/ | of writing this document (original source posted at: | |||
| https://www.fing.com/news/private-mac-address-on-ios-14, latest | ||||
| wayback machine's snapshot available here: | ||||
| https://web.archive.org/web/20230905111429/https://www.fing.com/news/ | ||||
| private-mac-address-on-ios-14, updated based on findings from the | private-mac-address-on-ios-14, updated based on findings from the | |||
| authors). | authors). | |||
| +=============================================+===================+ | +=============================================+===================+ | |||
| | Android 10+ | iOS 14+ | | | Android 10+ | iOS 14+ | | |||
| +=============================================+===================+ | +=============================================+===================+ | |||
| | The randomized MAC address is bound to the | The randomized | | | The randomized MAC address is bound to the | The randomized | | |||
| | SSID | MAC address is | | | SSID | MAC address is | | |||
| | | bound to the | | | | bound to the | | |||
| | | Basic SSID | | | | Basic SSID | | |||
| skipping to change at page 12, line 42 ¶ | skipping to change at page 12, line 42 ¶ | |||
| | real MAC address, no randomized MAC address | the new Wi-Fi | | | real MAC address, no randomized MAC address | the new Wi-Fi | | |||
| | will be used (unless manually enabled) | networks | | | will be used (unless manually enabled) | networks | | |||
| +---------------------------------------------+-------------------+ | +---------------------------------------------+-------------------+ | |||
| Table 1: Android and iOS MAC address randomization practices | Table 1: Android and iOS MAC address randomization practices | |||
| In September 2021, we have performed some additional tests to | In September 2021, we have performed some additional tests to | |||
| evaluate how most widely used OSes behave regarding MAC address | evaluate how most widely used OSes behave regarding MAC address | |||
| randomization. Table 2 summarizes our findings, where show on | randomization. Table 2 summarizes our findings, where show on | |||
| different rows whether the OS performs address randomization per | different rows whether the OS performs address randomization per | |||
| network, per new connection, daily, supports configuration per SSID, | network (PNGM according to the taxonomy introduced in Section 6), per | |||
| supports address randomization for scanning, and whether it does that | new connection (PSGM), daily (PPGM with a period of 24h), supports | |||
| by default. | configuration per SSID, supports address randomization for scanning, | |||
| and whether it does that by default. | ||||
| +====================+=======+============+============+=========+ | +=================+=======+============+============+=========+ | |||
| | OS | Linux | Android 10 | Windows 10 | iOS 14+ | | | OS | Linux | Android 10 | Windows 10 | iOS 14+ | | |||
| +====================+=======+============+============+=========+ | +=================+=======+============+============+=========+ | |||
| | Random per net. | Y | Y | Y | Y | | | Random per net. | Y | Y | Y | Y | | |||
| +--------------------+-------+------------+------------+---------+ | | (PNGM) | | | | | | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| | Random per connec. | Y | N | N | N | | +-----------------+-------+------------+------------+---------+ | |||
| +--------------------+-------+------------+------------+---------+ | | Random per | Y | N | N | N | | |||
| +--------------------+-------+------------+------------+---------+ | | connec. (PSGM) | | | | | | |||
| | Random daily | N | N | Y | N | | +-----------------+-------+------------+------------+---------+ | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| +--------------------+-------+------------+------------+---------+ | | Random daily | N | N | Y | N | | |||
| | SSID config. | Y | N | N | N | | | (PPGM) | | | | | | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| | Random. for scan | Y | Y | Y | Y | | | SSID config. | Y | N | N | N | | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| | Random. for scan | N | Y | N | Y | | | Random. for | Y | Y | Y | Y | | |||
| | by default | | | | | | | scan | | | | | | |||
| +--------------------+-------+------------+------------+---------+ | +-----------------+-------+------------+------------+---------+ | |||
| +-----------------+-------+------------+------------+---------+ | ||||
| | Random. for | N | Y | N | Y | | ||||
| | scan by default | | | | | | ||||
| +-----------------+-------+------------+------------+---------+ | ||||
| Table 2: Observed behavior from different OS (as of September | Table 2: Observed behavior from different OS (as of | |||
| 2021) | September 2021) | |||
| According to [privacy_android], starting in Android 12, Android uses | According to [privacy_android], starting in Android 12, Android uses | |||
| non-persistent randomization in the following situations: (i) a | non-persistent randomization in the following situations: (i) a | |||
| network suggestion app specifies that non-persistant randomization be | network suggestion app specifies that non-persistant randomization be | |||
| used for the network (through an API); or (ii) the network is an open | used for the network (through an API); or (ii) the network is an open | |||
| network that hasn't encountered a captive portal and an internal | network that hasn't encountered a captive portal and an internal | |||
| config option is set to do so (by default it is not). | config option is set to do so (by default it is not). | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| skipping to change at page 14, line 23 ¶ | skipping to change at page 14, line 28 ¶ | |||
| Addresses or other permanent identifiers. | Addresses or other permanent identifiers. | |||
| 10. Acknowledgments | 10. Acknowledgments | |||
| Authors would like to thank Guillermo Sanchez Illan for the extensive | Authors would like to thank Guillermo Sanchez Illan for the extensive | |||
| tests performed on different OSes to analyze their behavior regarding | tests performed on different OSes to analyze their behavior regarding | |||
| address randomization. | address randomization. | |||
| Authors would like to thank Jerome Henry, Hai Shalom, Stephen Farrel, | Authors would like to thank Jerome Henry, Hai Shalom, Stephen Farrel, | |||
| Alan DeKok, Mathieu Cunche, Johanna Ansohn McDougall, Peter Yee, Bob | Alan DeKok, Mathieu Cunche, Johanna Ansohn McDougall, Peter Yee, Bob | |||
| Hinden, Behcet Sarikaya, David Farmer, Mohamed Boucadair and Éric | Hinden, Behcet Sarikaya, David Farmer, Mohamed Boucadair, Éric Vyncke | |||
| Vyncke for their review and comments on previous versions of this | and Christian Amsüss for their reviews and comments on previous | |||
| document. Authors would also like to thank Michael Richardson for | versions of this document. Authors would also like to thank Michael | |||
| his contributions on the taxonomy section. Finally, authors would | Richardson for his contributions on the taxonomy section. Finally, | |||
| also like to thank the IEEE 802.1 Working Group for its review and | authors would also like to thank the IEEE 802.1 Working Group for its | |||
| comments, performed as part of the Liaison statement on Randomized | review and comments, performed as part of the Liaison statement on | |||
| and Changing MAC Address (https://datatracker.ietf.org/ | Randomized and Changing MAC Address (https://datatracker.ietf.org/ | |||
| liaison/1884/). | liaison/1884/). | |||
| 11. Informative References | 11. Informative References | |||
| [contact_tracing_paper] | [contact_tracing_paper] | |||
| Leith, D. J. and S. Farrell, "Contact Tracing App Privacy: | Leith, D. J. and S. Farrell, "Contact Tracing App Privacy: | |||
| What Data Is Shared By Europe's GAEN Contact Tracing | What Data Is Shared By Europe's GAEN Contact Tracing | |||
| Apps", IEEE INFOCOM 2021 , July 2020. | Apps", IEEE INFOCOM 2021 , July 2020. | |||
| [CSCN2015] Bernardos, CJ., Zúñiga, JC., and P. O'Hanlon, "Wi-Fi | [CSCN2015] Bernardos, CJ., Zúñiga, JC., and P. O'Hanlon, "Wi-Fi | |||
| End of changes. 9 change blocks. | ||||
| 38 lines changed or deleted | 46 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||