Proceedings of the ACM MobiCom'10 S3 workshop
User association logs collected from real-world wireless LANs have facilitated wireless network research greatly. To protect user privacy, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information such as the MAC addresses of their devices and their exact association locations. In this work,we demonstrate that these sanitization measures are insufficient in protecting user privacy from a novel type of correlation attack that is based on CRF (Conditional Random Field). In such a correlation attack, the adversary observes the victim's AP (Access Point) association activities for a short period of time and then infers her corresponding identity in a released user association dataset. Using a user association log that contains more than three thousand users and millions of AP association records, we demonstrate that the CRF-based technique is able to pinpoint the victim's identity exactly with a probability as high as 70%.
Keren Tan, Guanhua Yan, Jihwang Yeo, and David Kotz. A Correlation Attack Against User Mobility Privacy in a Large-scale WLAN network. In Proceedings of the ACM MobiCom'10 S3 workshop, September 2010. 10.1145/1860039.1860050