D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication

Title: HOST-TO-NETWORK LAYER PROTOCOLS

Host-to-network layer protocols

The Host-to-network layer is the lowest layer of the TCP/IP reference model. It combines the link layer and the physical layer of the ISO/OSI model. At this layer, data is transferred between adjacent network nodes in a WAN or between nodes on the same LAN. The host-to-network layer provides the methods to transfer data between network entities. It also provides error detection and correction procedures, since the errors might come from the physical transfer. The host-to-network layer is responsible for physically transmitting the bit stream and reconstructing the “framed” data from a received bit stream for the higher layers. 

The data transfer at this layer is normally not end-to-end transfer. It is in fact a data transfer from one node to another, where “the other node” might be the destination node or a node on the path to the destination. 

In some networks, such as IEEE 802 local area networks, the host-to-network layer is split into the Medium Access Control sublayer (MAC) and the Logical Link Control sublayer (LLC). The LLC sublayer is the same for various physical media layers like Ethernet, Token Ring or WLAN. The main functions of the LLC’s sublayer are the multiplexing and demultiplexing of data streams and providing flow control, detection and retransmission of dropped packets. The MAC sublayer is primarily responsible for framing of packets. A LLC header tells the link layer what to do with a packet once a frame is received. For example, a host receives a frame at the link layer and will look at the LLC header in order to find out where the packet is destined, e.g., for the IP protocol at the Internet layer. 

The following section will introduce the protocols Ethernet, PPP, Token Ring and WLAN. 

Ethernet

Ethernet is a large family of computer networking technologies for wired Local Area Networks (LANs). Ethernet relies on so called frames which are sent to all devices connected in a LAN. The different Ethernet standards (e.g., IEEE 802.3) comprise definitions for cable types and plugs, for the signalling at the physical layer and for the framing at the link layer. So Ethernet spans two layers in fact, the link and the physical layer. The addressing scheme used for Ethernet is the MAC address. 

Ethernet has been in use since the 1990s. It is now the most popular LAN technology - other technologies like Token Ring are being displaced by Ethernet, while newer standards like WiFi, the wireless LAN standard, are becoming more and more popular 

. 

Ethernet has a number of disadvantages concerning LAN security: 

1. All stations in a LAN share a physical channel (except when the network is divided into sub-networks). This enables an attacker to eavesdrop on every frame, as everything a computer sends over the network can be received by all other stations connected to the LAN. 

2. The Ethernet protocol itself cannot authenticate the message’s originator identity or verify a message’s integrity. This enables an attacker to generate forged messages, to manipulate existing message streams or to replay previously intercepted frames. 

Thus, because every device in this segment can read every frame, unsecured communication within a LAN segment is unwise. 

Table : Ethernet frame (IEEE 803.2 / 802.2)

The Preamble of the frame (shown in Table 11) contains information used for synchronisation. The destination and source address contain the MAC address of the receiving and sending device respectively. The payload of an Ethernet frame can be up to 1500 bytes. A 4 byte error correction code (Cyclical Redundancy Check (CRC)) is added at the end of the frame.

The sending adapter adds the preamble and the CRC. The receiving adapter removes these fields after analysing them. The receiving Ethernet adapter receives all frames, but only passes data to its host when the destination address is valid for the given host. A valid address is a unicast address with the adequate host address, or a valid broad- respectively multicast address. Furthermore, a network adapter can be programmed to pass all frames. This is called “promiscuous mode”. 

Since all stations in a LAN share a physical channel, so called collisions can occur. Since at any time only one station is allowed to send on an Ethernet network, collisions occur if two or more stations send data at the same time. For Ethernet networks the “Carrier Sense Multiple Access with Collision Detection (CSMA/CD)” media access control mechanism is used to detect collisions. After a collision, the involved stations wait for a random time and then send again. 

Identifiers and their uniqueness

An Ethernet frame contains privacy critical information, i.e. the source and destination MAC addresses. These addresses are required since these addresses define the sending or receiving physical host. however, a MAC address is only valid within a LAN, if an Ethernet frame is sent to another LAN via a router, the MAC address changes. 

Figure : Illustration of an Ethernet frame with a change of MAC addresses

Figure 15 depicts the MAC address change of both destination and source addresses at a router. If c1 in LAN 1 sends a packet to c2 in LAN 2, c1 creates an Ethernet frame with the router’s MAC address as the destination and its own address as the source address. The router replaces the destination address with that of c2 and the source address with its own MAC address. The router either knows the MAC address of c2, or it uses the “Address Resolution Protocol” ARP to gain the MAC address of c2. Therefore the router has to analyse the payload of the Ethernet frame in order to get the IP address of c2. Because of this property of MAC address changing by routers, the MAC address can only be used within a separated LAN to identify a device.

The payload may contain privacy relevant information. If the payload contains an IP packet, this packet itself contains the IP address of the sending and receiving host. These addresses are unique to a certain degree. The payload of an IP packet may contain (unique) identifiers. 

Personal data

An Ethernet frame does not contain any personal information except for any data contained in the payload. 

Linkability: identifiability and profiling

Profiling may take place at the router. The router filters all traffic from one LAN to another. Therefore the router has to inspect all Ethernet frames and adjust them as needed for the routing. Therefore the router can extract fairly detailed picture of the data sent and the communication partners. 

Avoidance or circumvention of information disclosure

The usage of the MAC address cannot be avoided. 

The payload can be encrypted to a certain degree. Information like the destination IP address in the IP packet encapsulated in the Ethernet frame cannot be hidden. This data is needed to route the frame to its intended destination. However, using Mix networks can help by obscuring this information or the usage of IPSec can protect the content of an IP packet. More details on security and privacy on the Internet layer (where IP and IPSec are contained) are given in Section 3.3. 

PPP

PPP is the acronym for Point-to-Point Protocol. PPP is used to establish a direct connection between two nodes, e.g., between two routers or a modem and a server. PPP is the most popular technique for transporting IP packets over a serial link between the user and his Internet service provider (ISP). A session between the user and the ISP is established by using the Link Control Protocol (LCP). PPP supports several ways for authentication: 

1. with a password via PAP, 

2. with a password and a challenge/response system (CHAP) or 

3. with a complex protocol called Extensible Authentication Protocol EAP, supporting certificates and other identifying properties. 

PPP encapsulates high-level protocols like IP, thus making it usable for DSL modem dial-up via Ethernet, called PPP over Ethernet (PPPoE). Thus PPPoE enables a point-to-point connection between the user and the ISP in the normally multipoint architecture of Ethernet.  

A PPP frame has the structure shown in Table 12. The Flag field indicates a frame’s beginning or end, the Address is a broadcast address (11111111b) and the Control field contains information for the flow control. The protocol used (e.g., IP) is mapped to the Protocol field. The payload may have variable length. The last field for the error correction can be either 2 or 4 bytes long.

Table : PPP frame as defined in RFC 1662

Figure 16 shows an illustration of a client to ISP communication over ADSL. The client uses a DSL modem for dial-up. The modem sends the data to the Digital Subscriber Line Access Multiplexer (DSLAM), a device operated by the ISP. The DSLAM connects multiple customer DSLs to the Internet backbone or, as depicted, to an access server which checks the user credentials provided 

. 

Figure : ADSL communication between client and ISP

Identifiers and their uniqueness

PPP itself contains no identifiers, although PPP does use authentication protocols like PAP, CHAP or EAP with which a user authenticates himself to the ISP. The authentication value is normally a unique identifier, like a user name / password combination or a certificate. 

Personal data

PPP contains no personal data except the potential personal information contained in the payload. 

Linkability: identifiability and profiling

Since the user is normally uniquely identified by the required credentials for authentication, the ISP with which the point to point connection exists can profile any network action the user takes. Therefore the ISP has to inspect the content of the PPP packets sent. 

Avoidance or circumvention of information disclosure

In order to protect potentially privacy relevant data contained in the payload, encryption can be used. For example, the Microsoft Point-To-Point Encryption (MPPE) Protocol applies either 40, 56 or 128 bit keys for the protection of the data sent. 

WLAN

WLAN stands for wireless LAN, and, as the name indicates, links computers without using wires. WLAN utilises radio waves for device communication over a limited area. WLAN is becoming more and more popular, mainly because it provides the users with mobile network access and gets rid of some cables. Furthermore, providers use WLAN as a means to provide customers with easy Internet access, e.g., at a coffee house or at public places like airports. Additionally WLAN is sometimes used to provide (relatively) fast Internet access to areas where no broadband connection via cable is possible. 

Figure : A schematic of the most common components of a wireless LAN

Figure 17 depicts the typical components of a wireless network: a client, an access point, a router, an authentication server and the Internet infrastructure. The client needs a WLAN card which uses the same standard as the access point. For example, both must support the IEEE 802.11g standard in order to communicate. The access point is responsible for routing data from the wireless network to the wired one where the data is sent to a router. The router could either route the data directly to the Internet, or, if capable, can first check client permission with the authentication server. 

An access point is identified by a so called SSID, i.e., a Service Set Identifier. This SSID is added to each packet sent via the WLAN in order to relate the packets to the access point used. All devices which want to communicate with each other must use the same SSID. 

Although there are a lot of advantages to WLAN (e.g., mobility, convenience of deployment etc.), there are some serious disadvantages, too: 

1. Range
   WLAN has a limited range, which is essentially determined by physical facts like intercepting walls or buildings or electronic devices interfering with the radio waves thus weakening or destroying the original signal.

2. Reliability
   The reasons for range limitations also have an impact on the reliability of access. This means a WLAN signal in one room is not necessarily receivable in the next room, etc. This problem can be triggered by complex phenomena like multipath (a signal reaches its destination via more than one paths) or the Rician fading (cancellation of the radio signal by itself).

3. Speed
   WLAN is normally much slower than the usual 100 MBit wired LAN. Furthermore, latency is often higher, meaning that packets need longer to travel from the client device to the first device which is wired. This can pose a problem for real-time applications like VoIP.

4. Security
   Because of the usage of radio waves as a transport medium, physical access to the data sent is easy: an attacker has to be in reach of the radio waves only. On a normal, wired network, an attacker must overcome the physical limitation of tapping the actual wires, but this is not the case with WLAN and wireless transport of data. To prevent eavesdropping (and other security risks), security methods like WEP, WPA or WPA2 can be utilised.

The most popular WLAN protocols currently are from the IEEE 802.11 family. Wireless protocols from the 802.11 family all use the same basic protocol for their function. The difference between the single protocols is mainly in the frequency used, the throughput and data rate as well as the range. Furthermore, the modulation technique used varies from protocol to protocol. Modulation describes the way that the radio waves are modified in order to transport the intended message (i.e., the data). The choice of modulation has an important impact on parameters like interference or multipath problems. 

The 802.11 protocol covers the data link and the physical layer. 802.11 defines its own data link MAC layer, which is also responsible for some functions normally covered by upper layer protocols, e.g., fragmentation, packet resubmission and acknowledges. 802.11 defines three basic physical layers: 

1. Frequency Hopping Spread Spectrum (FHSS); 

2. Direct Sequence Spread Spectrum (DSSS); 

3. Infrared (IR). 

Figure 18 shows the three physical layers at the bottom of the image. Above the physical layers is the data link layer with its two sub layers, MAC and Logical Link Control. The MAC layer plus the three physical layers are defined in the 802.11x standards, whilst the Logical Link Control sub layer is defined in the 802.2 standard which is also used for wired LANs. 

Figure : Layers as they are covered by the 802.11 resp. 802.2 protocol suites

The 802.11 standard defines the frame structure which is modelled in the MAC sub layer. There are three different frame types, which are: 

1. Management Frames: 802.11 management frames enable stations to establish and maintain communications.

2. Control Frames: 802.11 control frames assist in the delivery of data frames between stations.

3. Data Frames: 802.11 data frames can carry packets from upper layers like IP packets which themselves contain TCP packets etc.

The basic frame structure of all three frame types is the same and depicted in Table 13. The Frame Control field contains information about the 802.11 protocol version, frame type, and other indicators, such as whether WEP is enabled, power management, etc. Additionally, a 802.11 frame consists of the source and destination MAC addresses (Addr 1 and Addr 2) as well as the address destination wireless station (access point) and transmitting wireless station (Addr 3 respectively Addr 4).

802.11 data frames contain protocols and data from higher layers within the Frame Payload. Management and Control Frames use the Frame Payload field to carry their data.

Table : IEEE 802.11 MAC frame format

The frame displayed in Table 13 is encapsulated into the frame outlined by Table 14 if Frequency Hopping Spread Spectrum (FHSS) modulation is used. If another modulation technique is used (either infrared or Direct Sequence Spread Spectrum (DSSS)) the physical frame will differ slightly.

Table : 802.11 physical frame for FHSS modulation

The PLCP-Preamble (PLCP stands for “Physical Layer Convergence Protocol”) contains synchronisation information and a delimiter which is used to define the frame timing. The PLCP-Header contains information about the length of the header, about the data rate to be used and finally a CRC code for the header. The MAC Data field is described in 2.5.3.1. The last field contains CRC data, this time for the whole frame.

Common threats to WLAN security are: 

1. Eavesdropping on the radio waves; 

2. Interception and modification of transmitted data; 

3. Spoofing, e.g., setting up a WLAN with a SSID already used by another WLAN hot spot in order to lure unaware users into using this spoofed access point; 

4. Denial of service (DOS), e.g., jamming some area in order to prevent clients from transmitting data; 

5. Free-loading (resource theft); 

6. Rogue WLANs, i.e., access points attached to a LAN without authorisation by the administrator. 

Privacy threats are: 

1. Location privacy, e.g., by MAC addresses, untrusted network operators, precise positioning technology like triangulating the position by using several access points at once. 

2. Data privacy since WLAN data is sent by radio waves which can be received in a potentially wide area. 

Identifiers and their uniqueness

Like wired Ethernet LAN, 802.11 WLAN also uses MAC addresses to uniquely identify network devices. A MAC address is made up of 48 bits, whereas the most significant 24 bits contain the unique identifier of the network device manufacturer. Each manufacturer assigns the other 24 bits of the MAC address with (more or less) unique values for each network card and stores the complete MAC address in the firmware of the device. 

A WLAN frame does not only contain the MAC addresses of the source and destination device, but also the MAC address of the communicating access point. 

WLAN is a good example for identifying information based on “manufacturing deviations” as described in Section 2.1.2. Research papers like (Toonstra, Kinsner 1996; Hall, Barbeau, Kranakis 2005) describe how the various characteristics of a radio signals and the specialties of the devices which emit them can be used to distinguish between devices from different manufactures but also distinguish between devices of the same model.  

Personal data

An 802.11 frame does not contain any personal information except for any data contained in the payload. Note that most of the threats to privacy and personal data are not directly linked with the protocol but with the inherent broadcast feature and the usage of wireless networks. The former makes eavesdropping very easy to do and hard to detect. The latter is related to mobility which is greatly supported by means of wireless communication. But as the MAC address of a device is static and unique operators of large scale wireless networks (e.g., telecommunication companies operating access points at air ports and hotels around the world) can easily track the locations of the wireless devices (and thus most likely their users). 

Linkability: identifiability and profiling

Profiling may take place at any access point which the user is communicating with, at any access point within the range of the sent radio signal and at any WLAN enabled device (like a laptop with a WLAN card) within the range of the radio signal sent. Profiling may include analysing of data sent, location and movement profiling.  

Users can be identified at the MAC sub layer as well as the physical layer. The MAC sublayer provides the sender’s MAC address, which is static and, to a certain degree, also unique. At the physical layer attributes like signal-to-noise ratio, modulation peculiarities and other information obtainable from the sent signal could possibly lead to identification. 

Avoidance or circumvention of information disclosure

In order to protect the data within the MAC data field encryption can be used. There are three standards which evolved within the history of WLAN.  

The first standard was Wired Equivalent Privacy (WEP). This standard was introduced with the first 802.11 specification. The most important features are listed in Table 15. WEP is now considered insecure since it has several weaknesses like short keys, weak authentication mechanisms (only with pre-shared keys), virtually no key management, etc.

After the weaknesses of WEP became evident, WPA was developed. WPA has been created by the WiFi Alliance, thus it is not an IEEE standard. WPA supports strong encryption with quite long keys (AES with 128 bit keys) and key rotation. The authentication has been widely extended, WPA utilises EAP with RADIUS, certificates (PKI) and still shared key. 

WPA was developed as an intermediate solution until 802.11i became available. WPA implements a subset of 802.11i, thus both protocols have many similarities. The main difference is that 802.11i introduces AES-CCMP for encryption and per session key management. 

In order to protect the content of WLAN frames 802.11i or at least WPA should be used. WEP is unsecured and should not be applied anymore. 

Table : The most important security protocols for 802.11 WLANs

In order to prevent traffic analysis IPSec in tunnel mode can be used. IPSec has the advantage that it can be applied to secure the connection without need for updates to the WLAN soft- and hardware. Furthermore, IPSec is an established and well tested security solution which can provide a high level of security. however, the usage of IPSec is problematic because of several reasons: 

1. The data sent by users is secured, but the WLAN infrastructure is not. 

2. The mobility of users will be limited because of difficulties with roaming. 

3. If IPSec is used to secure the connection between access point and WLAN device this could become a bottleneck since IPSec is quite resource intensive. 

One threat becoming more and more severe because of the growing number of mobile Internet applications is related to location privacy. The term “location privacy” refers to the right of users to define who gets information about the current whereabouts of the users. The problem is that mobile users normally get different IP addresses at each access point. These IP addresses can be mapped to geographical data, meaning that the location of a user can be resolved by the IP address alone. Location based services (LBS) use this fact to offer users location dependent services and information. The current location of a person is personal data, thus users should be able to protect this data. 

A lot of research has been done in the area of how location privacy can be provided or at least enhanced. There are solutions which try to “hide” a single user in a crowd such that the location data is unreliable. The technical term for this is k-anonymity, meaning that a privacy-relevant dataset is only released if there are at least k-1 other (distinct) datasets. All datasets must be indistinguishable from each other in terms of their identifying values (Gedik, Liu 2004). Another approach is to change the interface identifier (i.e., the MAC address) of the mobile device within certain intervals in order to provide IP addresses which cannot be linked by the MAC address (Gruteser, Grunwald 2005). 

ISDN

ISDN is the acronym for Integrated Services Digital Network. ISDN is a circuit-switched telephone system. In contrast to the analogue public switched telephone network (PSTN), sometimes also referred to as “plain old telephone service” (POTS), ISDN has been designed for digital transmission of voice and data via copper wires. Therefore ISDN normally results in a better voice quality and a higher bandwidth per line. 

ISDN consists of a set of protocols for establishing and ending calls as well as for advanced call features. Noteworthy features of ISDN are: 

1. Simultaneous usage of two (or more depending on the telecommunication provider) connections over one line. 

2. Fast call setup times (compared to analogue call setup). 

3. High voice quality and real-time service (not guaranteed over the Internet). 

4. Additional features are the delivery of caller ID to the receiver, the provision of Three-Way Calls and Call Forwarding. 

ISDN specifies two types of channels, one for data called B channel (bearer channel) and one for signalling and control, called D channel (delta channel). There are three distinct ISDN implementations, which all vary in the number of B channels and D channels. 

Mapped onto the 7-layer OSI model, ISDN can be seen at the network, data link and physical layer. At the data link layer the so called LAPD (Link Access Protocol – D channel) is defined. The format of a LAPD frame is given in Table 16. The LAPD protocol is used to establish a link (connection) between a user’s endpoint (network termination NT) and the network itself. 

Table : ISDN general LAPD frame format

The first Flag field is a frame delimiter and always set to a standard value. The Address field contains information about the terminal endpoint this frame is sent to. The Control field identifies the type of the frame, whereas the FCS field contains a frame checksum for error detection and correction. The last Flag is a delimiter.

At the physical layer one can distinguish between different interfaces. The S/T interface (S0) is mainly used to connect terminals (e.g., ISDN telephones) with the network terminator. The Uk0 interface is used on “the last mile” between the network terminator and the local telephone exchange. The format of the frames sent on the physical layer differ according to the transmission direction (i.e., from local exchange to the terminal or vice versa). Basically each frame contains the data from both lines (B1 and B2) as well as the data from the control channel (D). The Uk0 interface frame format also defines so called maintenance data which allows the telephone company to communicate with the network terminator, e.g., to test for proper connection between the local exchange and the network terminator.

A call setup is established by sending network layer (layer 3) frames with appropriate values over the D channel. The ISDN layer 3 frame structure is given in Table 17.

Table : ISDN layer 3 frame format

The first field is the Protocol Discriminator, i.e., it defines which protocol is used to encode the remainder of the layer. Since the reference value can either be 8 or 16 bits long, the length is stored in the length field. The Reference Value identifies the call. The Message Type field contains information about the primary purpose of this frame, i.e., call establishment or clearing.

The last field is for Information Elements. These elements contain detailed information which is needed to process the request initialised by this frame. For example, an Information Element may contain the number of the party called.

Identifiers and their uniqueness

An established call contains the caller and the receiver ID, i.e., the telephone numbers of both parties. Information Elements which contain information which is privacy critical are: 

1. calling party number, 

2. calling party subaddress, 

3. called party number and 

4. called party subaddress. 

All these fields contain information to uniquely identify the participating parties. 

Personal data

Normally the data sent over the B channels, i.e., voice or other data, is the data which contains personal information, e.g., the contents of a communication. But the signalling data from the D channel also contains personal data like the telephone numbers of the communicating parties. 

Linkability: identifiability and profiling

Profiling may take place at the telecommunication provider the end-user is connected to and all other digital local exchange parties involved in the delivery of a communication. Each frame sent can be associated to the communicating parties because of the established link carrying the data. 

Avoidance or circumvention of information disclosure

Jerichow et al. propose the use of ISDN Mix networks in order to provide caller and receiver anonymity (Jerichow et al. 1998). The authors claim that their concept works with a minimal impact on the performance of the network. The proposed Mix networks also provide confidentiality next to anonymity.

In order to get confidentiality for ISDN connections extra hard- or software has to be installed since ISDN sends the data unencrypted over the network. 

It is possible with ISDN to suppress the caller ID. Thus the receiver cannot recognise who is calling before answering the phone. It would be more privacy friendly if the caller ID was suppressed by default and only shown upon explicit caller request. Note that only the receiver cannot access a disabled caller ID, the service provider still has this information. 

Bluetooth

Bluetooth is an industry specification for wireless Personal Area Networks (PANs). The purpose of Bluetooth is to transfer data between devices which are within short range, thus operating on a high radio frequency with low power consumption. Popular applications are Bluetooth headsets for mobile phones or wireless computer periphery like mice and keyboards. 

The Bluetooth standard defines different profiles for different applications. For example, there is a profile for data transfer, one for voice data transfer, etc. 

Bluetooth works in principle with a server/client or master/slave relationship. The server or master is a Bluetooth device which can communicate with up to seven slave or client devices. A group of connected devices is called a Piconet. Within a Piconet a total bandwidth of 1 MB/s (Megabyte per second) is shared between all devices. Up to 255 other devices can be inactive and connected to the master device, but only seven can be active. 

Any Bluetooth device will transmit the following sets of information on demand (Wikipedia: Bluetooth 2007): 

1. Device name; 

2. Device class; 

3. List of services; 

4. Technical information, for example, device features, manufacturer, Bluetooth specification, clock offset. 

Any device may perform an inquiry to find other devices. An inquiry is responded to with the above listed information. Most Bluetooth devices can be configured to only respond to inquiries after a user interaction if the sending device is unknown. If the device is known, the information is sent at once. 

Every Bluetooth device has a unique 48-bit address. Normally these addresses are not shown, but the display name is sent. This can be problematic since identifying a device by its device name is error prone as the device name can be set by the user and need not be unique in any way. 

The Bluetooth standard specifies three different levels of security: 

1. Non-Secure Mode: No authentication of devices nor encryption of data sent.

2. Service-Level Enforced Security: The application layer is responsible for the selection of the security mechanisms

3. Link-Level Enforced Security: At the Link Layer, two security services are defined by the Bluetooth standard: secure authentication and encryption of data. The last is optional.

There are two possible ways for devices to create the keys needed for secure authentication and encryption. The first method involves the so called Unit Key. The Unit Key is a (normally unchangeable) unique symmetric key stored in the device. The second method utilises the so called Link Key. The Link Key can be seen as a temporary symmetric key which is used for one or more sessions. The Link Key is generated from several values, including a PIN (8 to 128 bit), the Unit Key, the MAC address of the devices and some random numbers.

The initialisation procedure of the keys reveals a major weakness of the Bluetooth security architecture. At least one the above mentioned parameters for the key generation must be shared between the devices. Since Bluetooth does not support certificates, the values have either to be submitted in clear-text between the involved devices, or the users have to manually input the values into their devices. Submitting such vital values in clear-text should not be an option since an attacker can easily obtain these values. Manual input by the users is problematic insofar that they will probably choose small values like a 4 digit PIN. The problem is that small values are weak and so ease brute-force attacks. 

Once the required keys have been created, the devices can store those values and use them again later. Thus the initialisation process can be shortened by relying on existing values, making it harder for attackers to eavesdrop on the communication (Jakobsson, Wetzel 2001). 

The format of the Bluetooth packets is shown in Table 18.

Table : Bluetooth packet format at the Link Layer

The Access Code is used to identify packets sent over a channel, i.e., all packets sent on the same channel have the same access code. By using the 3 bit Address field up to seven active devices can be addressed. The Type field specifies whether data or voice is transmitted. The last field before the Payload is an error correction code for the header. 

Identifiers and their uniqueness

Bluetooth devices have a unique, permanent 48-bit Bluetooth Device Address (BD_ADDR). 

Personal data

A Bluetooth packet does not contain any personal data except any contained in the payload, although the payload is encrypted by default. However the encryption relies mainly on the PIN. Some devices do not allow the user to enter the specified pin (e.g., headsets), thus the PIN is set to a default value (e.g., 0000) which enables a master device to start a communication with the slave device. This fact lowers the level of security severely (Hager, Midkiff 2003). 

Linkability: identifiability and profiling

The Bluetooth Device Address is a unique identifier. A Bluetooth device is often contained within a personal belonging, like a mobile phone or a headset. Once a relation between device and person has been made, the person could be identified by means of the device. Especially if the person has more than one device, the conjunction of multiple identifiable devices may lead to profiling of the person even in cluttered environments with many other devices. Furthermore, profiling of movement and location may easily occur (Wong, Stajano 2005).  

The identifier is revealed in several situations (Wong, Stajano 2005): 

1. On the physical layer when an attacker observes the frequency-hopping scheme which is utilised by the parties. This is possible since the frequency hopping scheme is based on the BD_ADDR and the internal clock of the slave device. 

2. When answering an inquiry the slave reveals its BD_ADDR. 

3. When sending a page address a master device is revealing the BD_ADDR of the slave it is paging. 

Avoidance or circumvention of information disclosure

In order to strengthen the confidentiality of sent data, upper layer encryption should be used which does not rely on the (often weak) PIN as the secret key and which probably supports strong authentication via certificates at the application layer. IPSec at layer 3 can be used to provide confidentiality, integrity, authenticity and to a certain degree prevent traffic analysis. 

Using dynamic identifiers, i.e., changing the BD_ADDR frequently can significantly reduce the linkability of independent interactions with the same Bluetooth device, thus providing stronger location privacy. But if the dynamic identifiers are changed often and in a totally random way, Bluetooth cannot use the information about prior interactions for Piconet configuration. Thus frequent re-initialisation must take place between devices which formerly knew each other. This re-initialisation takes time, resources and is to some degree a security weakness with the current Bluetooth standard since in the initialisation process security and privacy relevant information is sent in clear-text over the air. A couple of other weaknesses with BD_ADDR pseudonyms are given in (Wong, Stajano 2005). But the authors also present a scheme which protects the participating parties’ pseudonyms from linkability whilst still allowing re-initialisation based on previously negotiated values. 

Since the BD_ADDR can be extracted from the frequency hopping pattern at the physical layer, the frequency hopping scheme must be independent from the BD_ADDR or the scheme must be derived from BD_ADDR pseudonyms. 

Cable modem

A cable modem is a modem which provides access to the Internet over the cable television infrastructure. The working principle is that a cable modem utilises the unused bandwidth on a cable television network in order to provide broadband access. Internet access by cable is often tied to a cable television subscription. 

A cable modem is not a classical modem by its technical definition, but a network bridge. The available bandwidth of a cable channel is shared by several users. Thus the available bandwidth per user depends on the number of people using the connection. The cable operators have to ensure that not too many users use the same channel, else certain QoS parameters cannot be guaranteed. Data is send over coax cables in cable networks.  

In Figure 19 the most important components of a cable network are given. The clients use cable modems to access the network. The modems connect to a CMTS, i.e., a Cable Modem Termination System. This CMTS is responsible for the connection to the IP-based Internet. 

Figure : Components of a cable network with Internet access

Thus a CMTS can be imagined like a high-capacity router with an Ethernet interface on the one side (to the Internet) and a coax radio frequency (RF) interface on the cable network side.  

The most established data transfer method for cable networks is the “Data over Cable Service Interface Specification”, DOCSIS. The current version of this specification is version 3.0.

The DOCSIS protocol stack consists of four layers, i.e., the physical layer, the MPEG-2 transmission convergence layer, the MAC layer and finally the data link encryption layer. The physical layer describes the modulation on the cable network, which is different for up- and downstream. The MPEG-2 Transmission Convergence layer exists only for the downstream direction. Data (e.g., IP packets) from the Internet to the client are encapsulated in MPEG packets, thus they look like normal media packets but with an identifying header. Upstream data, i.e., data from the client to the Internet, is carried in Ethernet frames. The MAC layer primarily controls the upstream data by requesting slots from the CMTS in which data can be sent from the user to the provider. This is necessary to avoid collisions. The data link encryption layer employs Baseline Privacy or the newer Baseline Privacy Plus to provide some basic security. The security goals of Baseline Privacy are:

1. Encryption of data flow between the cable modem of the user and the CMTS of the cable provider. The encryption is done using DES with a 40 bit or 56 bit key or AES with a 128 bit key. The DES encryption can now be considered to be insecure but for compatibility reasons it is still allowed. 

2. Providing protection against service theft for cable modem providers by using authentication methods. 

The security measures are selected by the provider, the user cannot influence if and how data is protected. Also, there is no protection against tampering with the signals on the RF cable network (Fellows, Jones 2001). 

Identifiers and their uniqueness

At initialisation, the user has to identify his terminal using a certificate. This ensures a distinct identification of the access point (i.e., cable modem) used. 

After initialisation the user gets an IP address supplied by which this user is identified on the Internet. Often the cable modem provider acts as a kind of NAT-router, thus hiding the users behind its own IP address(es). But this is not strong protection. For more details see Section 2.4.1 on the Internet Protocol.

Personal data

No personal data except that present in the payload. 

Linkability: identifiability and profiling

The user has to authenticate himself to the cable modem provider before the service can be utilised. Then a permanent link is established between the user and the provider. Thus the user can be identified, or to be more precisely, the cable modem terminal used can be identified. The cable modem provider can profile all user actions. 

Avoidance or circumvention of information disclosure

The authentication via certificates against the provider cannot be circumvented because the provider needs this information in order to provide its services and for accounting. 

Since Baseline Privacy is not very secure, users should apply upper layer security protocols in order to protect their privacy. By using the new Baseline Privacy Plus more secure algorithms than DES can be used, but this has to be enabled by the provider. Again, Baseline Privacy protects only the data from the cable modem to the cable modem provider, no further. To protect data on the Internet, upper layer protocols have to be used by the user.