A Correlation Attack Against User Mobility Privacy in a Large-scale WLAN network


Keren Tan, Guanhua Yan, Jihwang Yeo, and David Kotz. A Correlation Attack Against User Mobility Privacy in a Large-scale WLAN network. Proceedings of the ACM MobiCom S3 workshop, pages 33–35. ACM, September 2010. doi:10.1145/1860039.1860050. ©Copyright ACM. Later revised as tan:crf.


User association logs collected from real-world wireless LANs have facilitated wireless network research greatly. To protect user privacy, the common practice in sanitizing these data before releasing them to the public is to anonymize users’ sensitive information such as the MAC addresses of their devices and their exact association locations. In this work,we demonstrate that these sanitization measures are insufficient in protecting user privacy from a novel type of correlation attack that is based on CRF (Conditional Random Field). In such a correlation attack, the adversary observes the victim’s AP (Access Point) association activities for a short period of time and then infers her corresponding identity in a released user association dataset. Using a user association log that contains more than three thousand users and millions of AP association records, we demonstrate that the CRF-based technique is able to pinpoint the victim’s identity exactly with a probability as high as 70%.

Citable with [BibTeX]

Projects: [netsani]

Keywords: [privacy] [wifi]

Available from the publisher: [DOI]

Available from the author: [bib] [pdf]
This pdf was produced by the publisher and its posting here is permitted by the publisher.

[Kotz research]