The defense will be streamed live here: link
Title
Privacy issues in wireless networks, Every frame you send, they’ll be watching you.
Abstract
A growing number of devices carried by users are equipped with wireless technologies such as Bluetooth and Wi-Fi which allow the seamless exchange of information between devices and the network infrastructure. Because they routinely emit wireless messages carrying identifiers and other technical artifacts in cleartext, these technologies expose users to privacy issues. Focusing on the data included in advertising messages, we identify and analyze the leakage of personal data, and study potential and existing countermeasures. More specifically, we try to answer the following questions: what are the privacy threats associated with wireless networks? Which solutions can be deployed to protect users against these threats? How efficient are current privacy protection implementations? We start by an analysis of privacy features of the two major wireless network standards: Wi-Fi and Bluetooth-Low-Energy. We focus our study on address randomization mechanisms, a recently adopted anti-tracking measure, and identify several issues related to implementation as well as standard specifications. To illustrate the diversity and complexity of the issues affecting these technologies, we present two representative cases of personal data leakage in wireless networks. First, leveraging the reverse-engineering of Continuity, a BLE-based protocol developed by Apple, we uncover a collection of personal data leakages affecting billions of devices worldwide. Finally, we present an abuse of Android Wi-Fi permission that can be used to bypass permissions and to infer personal data such as the location of the device. When confronted with those privacy issues, it becomes necessary to increase user protection by developing privacy-preserving mechanisms but most importantly by correctly implementing existing ones. Furthermore, it appears that standard specifications are key elements of a better protection, and it is thus of utmost importance to promote the integration of privacy protection in these standards.
Jury
-
- Monsieur Noubir Guevara, Professeur, Northeastern University (Rapporteur)
- Madame Fischer-Hübner Simone, Professeure, Karlstad University (Rapporteur)
- Madame Guérin-Lassous Isabelle, Professeure, Université Claude Bernard Lyon 1
- Monsieur Gorce Jean-Marie, Professeur, INSA-Lyon
- Monsieur Zuniga Juan-Carlos, SigFox
- Monsieur Anciaux Nicolas, Directeur de recherche, Inria, Université de Versailles/St-Quentin (Rapporteur)