Bleach: From WiFi probe-request signatures to MAC association

Smartphones or similar WiFi-enabled devices regularly discover nearby access points by broadcasting management frames known as probe-requests. Probe-request frames relay, as information, the MAC addresses of sending devices, which act as the device identifiers. To protect the user’s privacy and location, probe-requests use a randomized MAC address generated according to the MAC address randomization protocol. Unfortunately, MAC randomization greatly limits any studies on trajectory inference, flow estimation, crowd counting, etc. To overcome this limitation while respecting users’ privacy, we propose Bleach, a novel, efficient, and comprehensive approach allowing randomized MAC addresses to device association from probe-requests. Bleach models the frame association as a resolution of MAC conflicts in small time intervals. We use time and frame content-based signatures to resolve and associate MACs inside a conflict. We propose a novel MAC association algorithm involving logistic regression using signatures and our introduced time metric. To the best of our knowledge, this is the first work that formulates the probe-request association problem as a generic resolution of conflicts and benchmarks the association concerning several datasets. Our results show that Bleach outperforms the state-of-the-art schemes in terms of accuracy (as high as 99%) and robustness to a wide range of input probe-request datasets.