IEEE P802E DRAFT:2020 pdf download.DRAFT Recommended P ractice for Privacy Considerations for IEEE 802 Technologies.
This recommended practice specifies a privacy threat model for IEEE 802 technologies and provides recommendations on how to protect against privacy threats.
1.2 Purpose
The pUrpOSe of this recommended practice is to promote a consistent approach by IEEE O2 protocol developers to mitigate privacy threats identified in the privacy threat model and provide a privacy guideline.
1.3 Introduction
A threat model facilitates methodical identification of’ threats to resources or activities, risks associated with those threats, and possible counter-measures. This recommended practice is concerned with privacy, and specifically with the unwanted disclosure of personal information (Clause 6) as a result of communication using procedures specified by IEEE 802 standards. Privacy definitions and the need for privacy are reviewed in 1.5, and possible goals of adversaries seeking access to, or making use of that personal information, are further described in 6.4.
The information conveyed in the user data frames that support the Media Access Control (MAC) Service (IEEE Sid 802.1AC [B3]) provided by all IEEE 802 MAC technologies is typically specified by application or higher-layer protocol standards and is outside the scope of this recommended practice. Unwanted disclosure of personal information in that user data is expected to be prevented by cryptographic confidentiality protection. All the user data may be protected, e.g., as specified in IEEE Std 802.11 [[B6] or IEEE Std 802.1AE [B4], or just the data conveyed by a higher-layer protocol.
IEEE 802 MAC technologies do not communicate explicit personal information other than in MAC Service user data frame fields. However an adversary can correlate the observable properties of communication (including, but not necessarily limited to, other frame fields, the sizes and transmission timing of both confidentiality protected and other frames, physical layer signaling and power use and negotiation) with the characteristics of devices used by an individual or a small group of people (6.2) or with specific applications. An adversary can use that correlated information to fingerprint (6.3) those devices and applications.
Common ways in which IEEE 802 technologies contribute to fingerprinting and the resulting privacy threats are described in Clause 7. Specific questions designed to identify the presence of these and similar opportunities in specific technologies, and thus prompt consideration of alternative designs to reduce privacy risks are posed in Clause 8. These questions are designed to prompt consideration by groups developing standards and by individual and organizations reviewing these standards.
1.4 Applicability
The practices described in this recommended practice cannot be expected to protect privacy against determined efforts by adversaries who have pervasive access to the communication media that a person or an identifiable small group might use, or who can control or operate devices that allocate resources for network communication based on authentication or authorization of a person or a personal device. Such adversaries can include organizations that a person could reasonably expect to be trustworthy. This technical recommendation is therefore not a substitute for privacy regulation, nor should its existence be taken as reducing any independently determined need for regulation. There are potential adversaries whose span of control and ability to carry out correlation and fingerprinting as described in this recommended practice is more restricted. Helping to protect personal information against such less powerful adversaries remains an important goal.IEEE P802E DRAFT pdf download.