Cryptographic hash-based anonymisation of wireless unique identifiers

Abstract

Nowadays, it is common for individuals to go about their lives carrying devices equipped to broadcast Bluetooth and Wi-Fi signals. Smart cities, the internet of things (IoT) and epidemic contact tracing utilise unique identifiers broadcast from user devices to make their technology effective – from calculating journey times and time spent in train stations to alerting users who have potentially been in contact with an infected individual. User concerns and government regulations require that such data collection be done in a privacy-preserving way. Unfortunately, current techniques for anonymising wireless beacons have been compromised with relative ease. Prior work has demonstrated that existing hash-based approaches to anonymisation of MAC addresses can be easily inverted due to the small search space. Current app-based contact tracing protocols (including theApple and Google protocol) allow for an attacker to passively collect proximity identifiers and then target an infected person when their diagnosis key is later disclosed. Even when it comes to opting out of tracking (as increasingly mandated by data regulations), users have to share their complete MAC address with third parties. This thesis presents models and experimentation demonstrating that practical, real-time, privacy-preserving communication protocols can be formed to address this issue by using k-anonymous bucketisation of cryptographic hash function outputs. Using this technique, we present a novel and practical approach to MAC address anonymisation by truncating computationally expensive hash function outputs to allow for k-anonymity. We provide an expression for computing the percentage of expected collisions, and experimentally demonstrate that, for digests of 24 bits, it is possible to store up to 168, 617 MAC addresses with a collision rate of less than 1%. Whilst existing literature identified the pitfalls of existing approaches, this is the first work to address such vulnerabilities. Using k-anonymous buckets of hashes in contact tracing protocols, we are also able to mitigate the 24-hour data exposure of infected individuals and cryptographically guarantee minimum exposure durations. We empirically demonstrate that this modified protocol can offer like-for-like efficacy compared to the existing protocol. Existing literature considered these vulnerabilitiesto be 'endemic' privacy risks without an apparent solution, however, our work addresses these issues using purely software protocol changes. In addition to using this approach to anonymise beacons themselves, we demonstrate that this technique can also be used for registering tracking opt-out preferences. We present a novel hybrid approach that allows opt-out preferences to be determined by the credentials a user uses to sign in toWi-Fi captive portals but also allows a limited cache of anonymised MAC addresses to be used for determining opt-out preferences when a device automatically connects to a Wi-Fi network but its user does not complete a captive portal sign-on workflow. This work represents the first time a privacy-preserving opt-out solution for MAC address tracking has been proposed or empirically evaluated. Through a literature review, we identify that this general technique can be applied to multiple other network identifiers. We find that there are multiple other use cases that can benefit from the application of this technology.

Date of Award	Nov 2022
Original language	English
Awarding Institution	University of Bedfordshire
Supervisor	Vladimir Dyo (Supervisor) & Sijing Zhang (Second supervisor)