MAC Address De-Randomization Using Multi-Channel Sniffers and Two-Stage Clustering

TL;DR

This paper introduces a novel MAC de-randomization method that leverages unique time-frequency emission patterns and multi-channel sniffers, overcoming limitations of existing techniques to distinguish devices of the same type and OS.

Contribution

It proposes a new two-stage clustering approach using emission patterns and provides a publicly available dataset for reproducibility.

Findings

Effective differentiation of identical device types and OS.

Improved clustering accuracy over state-of-the-art methods.

Public dataset enables further research.

Abstract

MAC randomization is a widely used technique implemented on most modern smartphones to protect user's privacy against tracking based on Probe Request frames capture. However, there exist weaknesses in such a methodology which may still expose distinctive information, allowing to track the device generating the Probe Requests. Such techniques, known as MAC de-randomization algorithms, generally exploit Information Elements (IEs) contained in the Probe Requests and use clustering methodologies to group together frames belonging to the same device. While effective on heterogeneous device types, such techniques are not able to differentiate among devices of identical type and running the same Operating System (OS). In this paper, we propose a MAC de-randomization technique able to overcome such a weakness. First, we propose a new dataset of Probe Requests captured from devices sharing the same characteristics. Secondly, we observe that the time-frequency pattern of Probe Request emission is unique among devices and can therefore be used as a discriminative feature. We embed such a feature in a two-stage clustering methodology and show through experiments its effectiveness compared to state-of-the-art techniques based solely on IEs fingerprinting. The original dataset used in this work is made publicly available for reproducible research.