By Claus Hetting, Wi-Fi NOW CEO & Chairman
Israel- and California-based startup LEVL says it has invented a fix to MAC address randomisation issues including disruptions resulting from Apple’s iOS14 ‘Private Wi-Fi Address’ feature. The feature has been threatening to upend a host of ISP and enterprise Wi-Fi services. The good news is that the new ‘LEVL-ID’ is practically a no-brainer: It’s privacy friendly and requires no change to any Wi-Fi service, LEVL says.
Back in July rumours of a MAC address randomisation feature on iOS14 called ‘Private Wi-Fi Address’ – which initially promised to change your iPhone’s MAC address every 24 hours – sent the Wi-Fi industry reeling. Fortunately, Apple backpedaled and instead introduced MAC randomisation in a milder form similar to how the feature is implemented today on Android.
A Wi-Fi services industry in dire straits
The Wi-Fi industry (including many large ISPs) may have dodged a bullet – at least for now. But reputable sources indicate there’s no turning back the clock on the need for personal privacy: Device manufacturers have every intention of protecting users from device tracking. And the weapon of choice is obfuscation of the device’s MAC address – including eventually going to full 24 hour periods for randomisation as originally envisioned by Apple in iOS14.
That leaves the Wi-Fi industry in somewhat dire straits: Replacing widely used MAC-based Wi-Fi authentication (for example for public access Wi-Fi or within the home for parental controls) is not a simple operation. At the same time ISPs and enterprises are facing the very real threat (if they do nothing) of a deteriorating Wi-Fi user experience and – in the worst case – no service at all as a result of randomised MAC addresses no longer being recognised.
A new ID to replace the MAC address
Enter LEVL: The Israel and California-based startup that says it has developed a solution rescuing Wi-Fi services from disruption while at the same time making sure user privacy is protected. The new technology is – at least conceptually – remarkably simple: LEVL uses data from all seven OSI-stack layers to derive a unique ID – called the ‘LEVL-ID’ – for each device on a per network basis.
The new ID directly replaces the device’s MAC address, which means service providers don’t need to make any change to existing Wi-Fi services, says LEVL’s CEO, Daniel Zahavi. The solution is a fix to any form of MAC randomisation including the 24-hour randomisation scheme that many believe could be in the pipeline from Apple and others.
“The LEVL-ID is derived from the network, device radio waves, and device behaviour. The ID is not stored on the device, doesn’t rely on any user data, and is never transmitted over the air directly. For the foreseeable future, the LEVL-ID is site and network specific, so that it only applies for example for a particular hotel or within a single home. We agree with device manufacturers that privacy is important – and this solution never compromises on privacy,” says Daniel Zahavi.
The best deployment scenario is for the solution to run on Wi-Fi APs or home gateways although it is also possible for the ID creation engine to run on a switch. This is perhaps the most significant challenge facing the company right now: Mass market deployment. For a MAC-based authentication schemes (still commonly used for airport public Wi-Fi and the like), only a few lines of code are needed to replace the MAC ID with a the new LEVL-ID, Zahavi says.
“Using physical layer data in deriving the ID – a passive data retrieval and analysis technique we call radio fingerprinting – is our main differentiator. It is something few other companies know how to do, and it helps make the LEVL-ID private, secure, and future proof,” Zahavi says.
An end to Wi-Fi service disruption?
Since the ID is derived there remains a small risk that resulting IDs could turn out to be identical – although this risk is mostly theoretical, LEVL says. For a large home network with one hundred devices LEVL says they are confident that the risk of duplicates is practically zero.
“For a hotel with hundreds of devices, the risk of duplicate IDs is not zero but in practice very low. In an ongoing trial some 18,000 connections have been completed without a single duplicate ID,” Zahavi says. He also says that even if a LEVL-ID were stolen from one network, it wouldn’t work at another.
Daniel Zahavi says the scheme is right now under trial by a major North American service provider and that results look promising. “We believe our solution is the simplest and most direct one-to-one replacement of the MAC address ID. This means it has the potential to get Wi-Fi service providers out of a tricky situation that could otherwise be detrimental to the Wi-Fi user experience and possibly even commercially disastrous,” he says.
For more details also see LEVL’s press release here. For more information contact LEVL’s Tim Colleran at [email protected]