PhD Defense: Privacy Implications of Large-Scale Address Enumeration

Persistent, globally-unique network addresses present a privacy threat to the owners of the devices to which they are assigned, particularly when the device is physically or logically mobile. Best practices recommend the use of addresses that are ephemeral, random, or both, to protect user privacy. To date, there have been no large-scale, empirical studies of the degree to which these recommendations are being implemented in practice. This is due, in part, to the difficulty of obtaining the quantities of addresses needed to draw any conclusions. Obtaining client IPv6 addresses is challenging without running a network service or partnering with an Internet Service Provider; obtaining in-use link-layer addresses is difficult without being in physical proximity to the device to which they are assigned.In this thesis, I demonstrate that a low-power attacker can collect network addresses at scale and that recommendations to prevent persistent identifiers are not being followed in practice, resulting in a substantial degradation of user privacy. To demonstrate this, I obtain large-scale corpora of network addresses from a variety of novel sources. Using this data, I then prove the feasibility of a variety of attacks. For e.g., I show that an adversary can passively track individual devices across network changes in IPv6. I demonstrate IPv6-specific home network vulnerabilities, such as a lack of stateful firewalling, that permit attackers to discover in-home IoT devices. I demonstrate that, when combined with Wi-Fi geolocation data, some IPv6 devices can be precisely geolocated due to leaked link-layer identifiers in IPv6 addresses. I then generalize this attack to show that a low-power attacker can obtain the geolocations of billions of Wi-Fi access points, and track their movements over time. Finally, I distill the key components of privacy-preserving network addressing systems, and offer recommendations for how to adapt today's addressing schemes to these principles.