ⓘ MAC address anonymization

                                     

ⓘ MAC address anonymization

MAC address anonymization performs a one-way function on a MAC address so that the result may be used in tracking systems for reporting and the general public, while making it nearly impossible to obtain the original MAC address from the result. The idea is that this process allows companies like Google, Apple and iInside - which track users movements via computer hardware to simultaneously preserve the identities of the people they are tracking, as well as the hardware itself.

                                     

1. Examples

An example of MAC address anonymization would be to use a simple hash algorithm. Given an address of 11:22:33:44:55:66, the MD5 hash algorithm produces eb341820cd3a3485461a61b1e97d31b1 32 hexadecimal digits.

An address only one character different 11:22:33:44:55:67 produces 391907146439938c9821856fa181052e, an entirely different hash due to the smart bracelet hero band.

                                     

2. Why this does not work in practice

Tracking companies rely on the assumption that address anonymization is akin to encryption. Given a message, and an encryption method that is well known to both the encoder and potential decryptor, modern encryption methods such as Advanced Encryption Standard AES or RSA) will yield a result that is unbreakable in practice.

The problem lies in the fact that there are only 2 48 281.474.976.710.656 possible MAC addresses. Given the encoding algorithm, an index can easily be created for each possible address. By using rainbow table compression, the index can be made small enough to be portable. Building the index is an embarrassingly parallel problem, and so the work can be accelerated greatly e.g. by renting a large amount of cloud computing resources temporarily.

For example, if a single CPU can compute 1.000.000 encrypted MACs per second, then generating the full table takes 8.9 CPU-years. With a fleet of 1.000 CPUs, this would only take around 78 hours. Using a rainbow table with a "depth" of 1.000.000 hashes per entry, the resulting table would only contain a few hundred million entries a few GB and require 0.5 seconds on average, ignoring I/O time to reverse any encrypted MAC into its original form.

One approach to mitigate this attack would be to use a deliberately slow one-way function for MAC addresses, such as a slow Key derivation function KDF. For instance, if the KDF were tuned to require 0.1 seconds per MAC address anonymization operation on a typical consumer CPU, generating a rainbow table would require 892.000 CPU-years.

                                     

3. Truncating

Where data protection law requires anonymization, the method used should exclude any possibility of the original MAC address to be identified. Some companies truncate IPv4 addresses by removing the final octet, thus in effect retaining information about the users ISP or subnet, but not directly identifying the individual. The activity could then originate from any of 254 IP addresses. This may not always be enough to guarantee anonymization.

                                     
  • access control address MAC address is a unique identifier assigned to a network interface controller NIC for use as a network address in communications
  • Other methods include examination of a MAC address image metadata, or credit card information. An IP address is assigned to each device e.g., computer
  • Layer 3 or MAC rewrites OSI Layer 2 Once traffic reaches the proxy machine itself interception is commonly performed with NAT Network Address Translation
  • localization and mapping Track and trace Vehicle tracking system MAC address anonymization Peter, Emmanuel. COMPUTERIZED CRIME TRACKING INFORMATION SYSTEM
  • data is an involved process of data anonymization that is to say that synthetic data is a subset of anonymized data. Synthetic data is used in a variety
  • pairs of sensors. This can be done using the Media Access Control MAC addresses from Bluetooth devices, or using the radio - frequency identification
  • web service operator, caching proxies do not anonymize the user and should not be confused with anonymizing proxies. A client program e.g. browser either
  • Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization UCLA Law Review. 57: 1701. SSRN 1450006. Lee, L. M. Gostin, L. O
  • using technologies such as proxying, Virtual Private Networks, or anonymization networks. An arms race has developed between censors and developers
  • Attack presented at the Usenix security conference. A study showed anonymization solutions protect only partially against target selection that may lead
  • Electronics Engineers IEEE maintains and administers MAC address uniqueness. The size of an Ethernet MAC address is six octets. The three most significant octets