Proposal for IEEE 802.11-23/1984r1 TGbi Coordinated MAC Rotation

Slide Note
Embed
Share

The document discusses a proposal for IEEE 802.11-23/1984r1 TGbi focusing on coordinated MAC rotation, EDP epochs, anonymity sets, and group epochs. It introduces concepts like individual and mass rotations, anonymity set size, and hiding in the crowd examples. The coordination for group epochs and a one-time group proposal are also detailed. Authors from Cisco present slides showcasing these topics in the context of privacy and network security.


Uploaded on Sep 08, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. January 2024 doc.: IEEE 802.11-23/1984r1 TGbi Proposal for coordinated MAC rotation Date: 2024-03-05 Authors: Name Affiliations Address Phone email D. Ficara Cisco dficara@cisco.com J. Henry Cisco jhenry@cisco.com U. Campiglio Cisco ucampigl@cisco.com J. Contreras Cisco Jacontre@cisco.com Submission Slide 1 D. Ficara et al, Cisco

  2. January 2024 doc.: IEEE 802.11-23/1984r1 Background EDP Epochs and Coordination (EDP) Epochs were discussed in 11-23/0873, 11-23/1246 and 11-23/1675. 11-23/1675 discusses about individual and mass rotations Mass rotation Large Anonymity Set Individual rotation Anonymity via confusion with STA disconnecting/reconnecting 11-24/222r2: support for group and individual epochs, one-time and periodic Submission Slide 2 D. Ficara et al, Cisco

  3. January 2024 doc.: IEEE 802.11-23/1984r1 A simple definition for anonymity Simple metric for privacy [1]: Anonymity Set Size. The anonymity set for an individual u, denoted ASu is the set of users that the adversary cannot distinguish from u. It can be seen as the size of the crowd into which the target u can blend. In other words, if you hide in the crowd, the bigger the crowd, the better you hide. Submission Slide 3 D. Ficara et al, Cisco

  4. January 2024 doc.: IEEE 802.11-23/1984r1 Hiding in the Crowd Example (Group Epochs) Mmm MAC 3 stopped and a new MAC started sending right after, without any new association, it is OBVIOUSLY MAC 3 MAC 1 MAC 2 MAC 3 ? ???? + 1 MAC n ???3 = MAC n+1 time Anonimity Set Size = 1 MAC 1 MAC n Mmm 20 MACs stopped and 20 new MACs started sending right after, without any new association, it is obviously a rotation, but which one is which? MAC n+1 ? ??? ???3 = MAC n+n time Anonimity Set Size = 20 Submission Slide 4 D. Ficara et al, Cisco

  5. January 2024 doc.: IEEE 802.11-23/1984r1 Coordination for Group Epochs 11-24/222r2: A Group EDP Epoch sequence is initiated by an AP MLD by advertising the EDP Epoch parameters to a set of non-AP MLDs as defined in subclause 10.y.2.2 Group EDP Epoch advertisement. Each non-AP MLD of the set of non-AP MLDs applies the advertised EDP Epoch parameters of the Group EDP Epoch to determine the same EDP Epoch sequence of one or more EDP Epoch start times. Submission Slide 5 D. Ficara et al, Cisco

  6. January 2024 doc.: IEEE 802.11-23/1984r1 One-Time Group Proposal 1. AP declares group EDP epoch parameters, stating: A. "all STAs must join" or B. min threshold of #STAs according to AP (NAP ). If (B): Each STA i declares to AP on its own time if it intends to hop onto this group EDP epoch. If (B): Before EDP epoch start, if NAPis not reached, AP declares (unicast protected action frames to each STA i) next group EDP epoch invalid and won't be executed AP can "goto (1)" : declare a new group EDP epoch If (B): Otherwise, all STAs that declared positive intention at (2) will participate to the group EDP Epoch (i.e.: perform group frame anonymization operations, etc...) 2. 3. 4. Submission Slide 6 D. Ficara et al, Cisco

  7. January 2024 doc.: IEEE 802.11-23/1984r1 Periodic Group Proposal 1. AP declares EDP epoch sequence and group EDP epoch parameters, stating: A. "All STAs must join" or B. min threshold of #STAs according to AP (NAP ). If (B): Each STA i declares to AP on its own time if it intends to hop onto this group EDP epoch sequence. If (B): Before first EDP epoch start, if NAP not reached, AP declares (unicast protected action frames to each STA i) group EDP epoch invalid and won't be executed AP can "goto (1)" : declare a new group EDP epoch + new epoch sequence If (B): Otherwise, all STAs that declared positive intention at (2) will participate to the group EDP Epoch (i.e.: perform group frame anonymization operations, etc...) for this epoch sequence 2. 3. 4. This means no additional messaging for all the EDP epoch sequence 5. (at any point in the sequence) STA j decides to withdraw from group EDP epoch sequence by sending protected action frame to AP. AP re-evaluates group EDP Epoch. Submission Slide 7 D. Ficara et al, Cisco

  8. January 2024 doc.: IEEE 802.11-23/1984r1 Summary Discussion on Anonymity Set Size related to Epoch structure Coordinated group proposal in light of new 11-24/222r2 One-time Periodic Submission Slide 8 D. Ficara et al, Cisco

  9. January 2024 doc.: IEEE 802.11-23/1984r1 Straw Poll Do you support a mechanism to coordinate group EDP epochs with thresholds on Anonymity Set Size (# of non-AP MLD STAs)? Yes No Abstain Submission Slide 9 D. Ficara et al, Cisco

  10. January 2024 doc.: IEEE 802.11-23/1984r1 References 1. Technical Privacy Metrics: a Systematic Survey - https://arxiv.org/abs/1512.00327 2. 11-23/0873 Client Frame Tracking Countermeasures 3. 11-23/1246 Proposal for sliding window MAC address rotation 4. 11-23/1675 Epoch structure proposal 5. 11-23/2098r3 Frame Anonymization Normative Text 6. 11-24/222r2 Frame Anonymization and EDP Epoch Operation Submission Slide 10 D. Ficara et al, Cisco

Related


More Related Content