UCL SECURITY SCIENCE
DOCTORAL RESEARCH TRAINING CENTRE
JS Atkinson (j.atkinson@ee.ucl.ac.uk),
JE Mitchell, M Rio & G Matich
YOUR WIFI IS LEAKING −
DETERMINING USER INFORMATION
DESPITE ENCRYPTION
WE ASSUME PERFECTLY IMPLEMENTED
SECURE, UNBROKEN ENCRYPTION
WIFI, WIFI EVERYWHERE
Incredibly Ubiquitous
» Allows for Accurate Geolocation
» From Computers to Toasters
WPA2
Hugely Diverse Usage[1]
» Homes (96%) & Phones (57%)
» Personal, Business & Government
Encryption prevents data being read directly.
LEAKING BEHAVIOUR
FUTURE WORKFLOWS...
WHERE TO NOW?
We are interested in:
» Forensic applications that can utilise
these techniques.
» Those looking to prioritise processing
of large volumes of encrypted data.
» Organisations concerned about
information leaks from mobile devices.
Side-channel Information
» Any measureable phenomena
relating to a secure(?) process.
» Designing resistance difficult.
ATTEMPTING SECURITY
IN PLAIN SIGHT
Encryption alone is insufficent to
prevent leaking information.
WiFi and mobile data is easily monitored
» Openly broadcast over wide area.
» But usually encrypted for security.
More generally, we have a sustained
interest in the privacy of mobile device
communications as a whole.
WHAT INFORMATION IS
STILL VISIBLE?
Frame
Quantity
Timing
WHAT DOES YOUR PHONE
GOSSIP ABOUT YOU?
HIGHLY ACCURATE
FINGERPRINTING & DETECTION
Income?
Sexuality?
Age?
Hometown?
Gender?
Hobbies?
Health?
Nationality?
Religion?
Network Activities Can Still Be Identified[2]
» Repeatedly observe specific activities.
» Construct measurement distributions over time
(Interarrival times & Frame sizes in/out-going).
» Analyse metrics (e.g. via Random Forest) to
fingerprint activity with max statistical confidence.
35
30
Distribution
25
Frequency per window
FSize
I−RR
I−RRCum
20
I−SR
I−SRCum
15
I−RSCum
I−SS
I−SSCum
5
0
FSize:128
FSize:146
FSize:734
FSize:820
I−RRCum:024
I−RRCum:031
I−SR:001
I−SRCum:001
I−SRCum:002
I−SRCum:004
I−SRCum:047
I−SRCum:049
I−SRCum:050
I−RSCum:002
I−RSCum:003
I−RSCum:004
I−RSCum:005
I−RSCum:006
I−RSCum:007
I−RSCum:008
I−RSCum:009
I−RSCum:010
I−RSCum:011
I−RSCum:012
I−RSCum:013
I−RSCum:014
I−RSCum:015
I−RSCum:016
I−RSCum:017
I−RSCum:018
I−RSCum:019
I−RSCum:020
I−RSCum:021
I−RSCum:022
I−RSCum:023
I−RSCum:024
I−RSCum:025
I−RSCum:026
I−RSCum:027
I−RSCum:028
I−RSCum:029
I−RSCum:031
I−RSCum:032
I−RSCum:033
I−RSCum:039
I−RSCum:040
I−RSCum:043
I−RSCum:044
I−RSCum:045
I−RSCum:046
I−RSCum:047
I−RSCum:048
I−SS:001
I−SS:007
I−SS:014
I−SSCum:001
I−SSCum:002
I−SSCum:003
I−SSCum:004
I−SSCum:005
I−SSCum:006
I−SSCum:007
I−SSCum:008
I−SSCum:009
I−SSCum:010
I−SSCum:011
I−SSCum:012
I−SSCum:013
I−SSCum:014
I−SSCum:015
I−SSCum:016
I−SSCum:017
I−SSCum:018
I−SSCum:019
I−SSCum:020
I−SSCum:021
I−SSCum:022
I−SSCum:023
I−SSCum:024
I−SSCum:025
I−SSCum:026
I−SSCum:027
I−SSCum:028
I−SSCum:029
I−SSCum:030
I−SSCum:031
I−SSCum:032
I−SSCum:033
I−SSCum:034
I−SSCum:035
I−SSCum:036
I−SSCum:038
I−SSCum:039
I−SSCum:041
I−SSCum:042
I−SSCum:045
I−SSCum:046
I−SSCum:047
I−SSCum:048
I−SSCum:049
Politics?
I−RS
10
Frame Size
(Length)
Side-channel data is still easily collected
despite the use of encryption.
Current Research Task
» Fingerprinting mobile device apps.
» Analysis of personal information all around us
that can be inferred from readily broadcast
communications.
What is leaked?
#
Direction
(In/Out)
Variable Name
FURTHER READING
[1] WH Dutton et al. “Oxford Internet Survey 2011 Report: The Internet in Britain”. Oxford Internet Institute. 2011.
[2] JS Atkinson et al. “Your WiFi Is Leaking: Inferring User Behaviour, Encryption Irrelevant”. IEEE Wireless Communications and Networking. 2013.
[+] Information on forthcoming papers available on request.
COPYRIGHT INFORMATION
Background image copyright Peter Kemmer, “iFail 7140” February 21, 2010 via Flickr, CC: BY-NC-SA.
Police tape image copyright Ian Britton, “Police Tape” April 11, 2005 via Flickr. CC: BY-NC.
Low-Cost Implementation
» Collection using Raspberry Pi.
» Final classifier relatively simple.