A number of operating systems have been incorporating support for MAC address randomization to prevent privacy...
attacks, such as host tracking. This two-part article explains the motivation for this move, the schemes being employed by some popular operating systems for MAC address randomization and things that might possibly break as a result of the process.
MAC addresses are the Layer 2 identifiers employed to identify the source and destination of Layer 2 packets. For example, when it comes to Ethernet and Wi-Fi, the format of MAC addresses is as follows:
The organizationally unique identifier of globally unique addresses -- b1 bit set to "0" -- identifies the manufacturer of the underlying network interface card. OUIs are assigned by the Institute of Electrical and Electronics Engineers -- the standards organization for technologies that employ these addresses -- and have their corresponding registry available online. The low-order 24 bits of a MAC address are typically set by the vendor such that each MAC address is unique.
Traditionally, configure globally unique -- b1 bit set to "0" -- and permanent MAC addresses for their network interface cards. This means, at any given point in time, only one device may exist with a given MAC address. Furthermore, the MAC address of a device does not change over time, regardless of whether a node disconnects and reconnects to the same network, or whether the node moves across networks.
Thus, the MAC address can be thought of as a serial number for the underlying network interface card and, indirectly, as an identifier for the node employing it.
Privacy implications of MAC addresses
The uniqueness and stability properties of MAC addresses result in negative privacy implications: Any attacker node that sees the MAC address of another node could infer the identity of the victim node and perform network activity correlation. For example, an attacker node could infer that packets sent during a specific period of time were sent by the same node that sent other packets during a different period of time.
Similarly, an attacker node that is able to attach itself to all of the networks a victim node connects to would be able to track the victim node across such networks -- that is, detect the identity of a node in each network and be able to trace the node's location as it moves from one network to another.
In the case of wired networks, like Ethernet, the aforementioned information leakage might be somehow expected, since there are a plethora of protocols, including multicast domain name system and Link-Local Multicast Name Resolution, that may already advertise information that could be readily employed to infer the identity of connected nodes.
However, wireless technologies, such as Wi-Fi, exacerbate this problem, since nodes do not need to actually connect to any networks before the information leakage takes place. Specifically, Wi-Fi nodes typically send probe-request packets to discover Wi-Fi networks within their proximity. These probe packets can be received by any nearby nodes monitoring traffic, thus allowing passive scanning and tracking of Wi-Fi nodes -- passive in the sense that the probe packets are sent without any user intervention. Therefore, a node may be leaking out information about its nearby presence in the network even when not actually connected to any Wi-Fi network, but by just having Wi-Fi enabled.
MAC address randomization
The privacy implications arising from traditional MAC addresses represent yet another case of improperly generated numeric protocol identifiers. In the case of MAC addresses, the only required property for interoperability purposes is they must be unique within a broadcast domain.
Traditionally, this property has been achieved by generating globally unique -- and permanent -- MAC addresses at the time the network device is manufactured; as a result, nodes are freed from having to check whether a configured MAC address has the required uniqueness properties. However, as it should be evident from this article, these additional and unnecessary properties, such as global uniqueness and stability across networks, come at a price.
It should be noted, while the only requirement for MAC addresses is that each address be unique within a given broadcast domain, current operational practices assume and expect MAC addresses to be stable within each network. This means whenever a node connects to a given network, it should employ the same underlying MAC address. For example, this stability property is expected and leveraged by internet access portals that typically authenticate the user and subsequently authorize internet access based on the source or destination MAC address of the packets. In such scenarios, if the MAC address of a client were to vary over time -- for example, as a result of a transient disconnection from the access point -- the client would have to reauthenticate via the web portal before internet access is granted again.
Editor's Note: Stay tuned for part two of this series on MAC address randomization benefits.
Learn more about out-of-band management for network devices
Discover the best ways to handle network security alerts
Read about how to prepare for IPv6 attacks and threats