M.Sc. Otto Waltari defends his doctoral thesis Privacy-Aware Opportunistic Wi-Fi on Thursday the 8th of October 2020 at 10 o'clock in the University of Helsinki Exactum building, Auditorium CK112 (Pietari Kalmin katu 5, basement). His opponent is Researcher Andrea Passarella (Institute for Informatics and Telematics, National Research Council, Italy) and custos Professor Jussi Kangasharju (University of Helsinki). The defence will be held in English. It is possible to follow the defence as a live stream at https://helsinki.zoom.us/j/64917762310?pwd=bjZOOEVMQjc0K1NrbUEwYWdBMWFlUT09.
The thesis of Otto Waltari is a part of research done in the Department of Computer Science and in the Collaborative Networking research group at the University of Helsinki. His supervisor has been Professor Jussi Kangasharju (University of Helsinki).
Privacy-Aware Opportunistic Wi-Fi
Over the past decade Internet connectivity has become an increasingly essential feature on modern mobile devices. Many use-cases representing the state of the art depend on connectivity. Smartphones, tablets, and other devices alike can even be seen as access devices to Internet services and applications. Getting a device connected requires either a data plan from a mobile network operator (MNO), or alternatively connecting over Wi-Fi wherever feasible. Data plans offered by MNO's vary in terms of price, quota size, and service quality based on regional causes. Expensive data, poor cell coverage, or a limited quota has driven many users to look for free Wi-Fis in hopes of finding a decent connection to satisfy the ever-growing transmission need of modern Internet applications.
The standard for wireless local area networks (WLAN, IEEE 802.11) specifies a network discovery protocol for wireless devices to find surrounding networks. The principle behind this discovery protocol dates back to the early days of wireless networking. However, the scale at which Wi-Fi is deployed and being utilized today is magnitudes larger than what it used to be. In more recent years it was realized that the primitive network discovery protocol combined with the large scale can be used for privacy violations. Device manufacturers have acknowledged this issue and developed mechanisms, such as MAC address randomization, for preventing e.g. user tracking based on Wi-Fi background traffic. These mechanisms have been proven to be inefficient.
The contributions of this thesis are two-fold. First, this thesis exposes problems related to the 802.11 network discovery protocol. It presents a highly efficient Wi-Fi traffic capturing system, through which we can show distinct characteristics in the way how different mobile devices from various brands and models scan for available networks. This thesis also looks at the potentially privacy-compromising elements in these queries, and provides a mechanism to quantify the information leak. Such collected information combined with public crowdsourced data can pinpoint locations of interest, such as home, workplace, or affiliation without user consent. Secondly, this thesis proposes a novel mechanism, WiPush, to deliver messages over Wi-Fi without association in order to avoid network discovery entirely. This mechanism leverages the existing, yet mostly inaccessible Wi-Fi infrastructure to serve a wider scope of users. Lastly, this thesis provides a communication system for privacy-preserving, opportunistic, and lightweight Wi-Fi communication without association. This system is built around an inexpensive companion device, which makes the concept adaptable for various opportunistic short-range communication systems, such as smart traffic and delay-tolerant networks.
Availability of the dissertation
An electronic version of the doctoral dissertation is available on the e-thesis site of the University of Helsinki at http://urn.fi/URN:ISBN:978-951-51-6622-7.
Printed copies will be available on request from Otto Waltari: otto.waltari@helsinki.fi.