Markdown Version | Session Recording

Session Date/Time: 23 Jul 2024 16:30

dult

Summary

The DULT working group meeting focused on reviewing the individual drafts for detecting unwanted location trackers. Drafts 4, 3, and aspects of 1 & 2 were discussed. The goal was to assess their readiness for working group adoption. Key topics included threat modeling, crowdsourced network architecture, and protocol specifications. The group also discussed finding a volunteer to write document 2.

Key Discussion Points

• Threat Model (Draft 4):
  • Discussion of in-scope and out-of-scope technologies, attacker profiles, and victim profiles.
  • Considered the scenario where the tracker owner is also the victim.
  • Agreement that the document is a good starting point for adoption.
• Crowdsourced Network Architecture (Draft 1):
  • Explored the current state of unwanted tracking and existing crowdsourced finding networks.
  • Identified issues with existing frameworks, such as anonymous uploading/downloading of reports, counterfeit devices, and potential for tracking legitimate tag owners.
  • Discussed ideal properties and features for crowdsourced networks, including authentication, privacy preservation, and prevention of spoofing.
  • Outlined five stages for architectural proposal: initial pairing, accessory setup, nearby owner mode, separated/lost mode, and owner device query.
  • Considered the use of partial blind signatures for authentication.
• Accessory Protocol (Draft 3):
  • Covered the protocol between accessories and non-owner nearby devices, including data formats.
  • Discussed Bluetooth Low Energy, NFC, location tracking, payload of advertisements, and Bluetooth MAC addresses.
  • Addressed service data at TLV, network ID, near/owner bit, advertising interval, Bluetooth connections, and proprietary company payload.
  • Explored accessory information (opcodes), disablement identification, owner registry, and accessory category information.
  • Identified the need to potentially reorganise the document to be transport agnostic.
• Unwanted Tracking Detection Algorithm (Draft 2):
  • Needed a volunteer to author this document, which would define the algorithm for detecting unwanted tracking by legitimate trackers.
  • Discussion of example scenario involving malicious tracking.
• Active Scanning
  • Discussion around active scanning definition and how platform could expose active scanning tools.
  • Active Scanning in the context of domestic violence situations.

Decisions and Action Items

• Draft 4 (Threat Model): A working group adoption call will be initiated. Issues and pull requests for adding details on compromised states for tracker manufacturers should be added to the GitHub repo or mailing list.
• Draft 3 (Accessory Protocol): A working group adoption call will be initiated. Editorial reorganisation should take place after adoption.
• Draft 1 (Crowdsourced Network Architecture): The document will be published and a working group adoption call will be initiated.
• Draft 2 (Unwanted Tracking Detection Algorithm): Alex Heinrich to be approached to author the document.
• Charter Updates: The mailing list will be used to discuss the alert requirements for different OS's and potential charter updates.

Next Steps

• Start working group adoption calls for drafts 4, 3 and 1.
• Recruit Alex Heinrich to author document 2.
• Open mailing list discussion on OS alerts and charter updates.