Full Program »
Decomposition of MAC Address Structure for Granular Device Inference
wireless 802.11 connectivity. The MAC addresses of these devices are visible
to a passive adversary, thereby presenting security and privacy threats --
even when link and application-layer encryption is employed. While it is
well-known that the most significant three bytes of a MAC address, the OUI,
coarsely identify a device's manufacturer, we seek to better understand the
ways in which the remaining low-order bytes are allocated in practice. From a
collection of over two billion 802.11 frames observed in the wild, we extract
device and model information details for over 285K devices, as leaked by
various management frames and discovery protocols. From this rich dataset, we
characterize overall device populations and densities, vendor address
allocation policies and utilization, OUI sharing among manufacturers, discover
unique models occurring in multiple OUIs, and map contiguous address blocks to
specific devices. Our mapping thus permits fine-grained device type and model
predictions for unknown devices solely on the basis of their MAC
address. We validate our inferences on both ground-truth data and a
third-party dataset, where we demonstrate high accuracy. Our results
empirically demonstrate the extant structure of the low-order MAC bytes due to
manufacturer's sequential allocation policies, and the security and privacy
concerns therein.
Author(s):
Jeremy Martin
US Naval Academy
United States
Erik Rye
US Naval Academy
United States
Robert Beverly
Naval Postgraduate School
United States