Dartmouth has a campus-wide wireless computer network for students, faculty and staff to connect to the Internet from anywhere on campus. The DIST project is studying the traffic on the wireless network to explore and evaluate techniques for identifying computer security problems. To ensure user privacy, this project will maintain user and computer confidentiality. This will be accomplished by anonymizing or removing personally-identifying information in captured network traffic.
Computer network communications are broken into packets and frames. A packet contains some headers and a payload; a frame contains another header and a packet. A single email message or web page is typically broken into many pieces, each piece carried as the payload in one packet. DIST does not retain any payloads.
Header information specifies the type of information that is being transferred over the network, and specifically excludes the contents of the data, such as usernames, passwords, filenames, files, e-mail messages, credit card numbers, or URLs. The headers include "MAC" addresses as well as the identity of the wireless network through which a user is communicating (e.g., Dartmouth Secure). The MAC address for a given computer is assigned at the factory and normally remains constant for the life of the computer. Although a MAC address is simply a number, it is globally unique and is thus considered an identifier of individual computers. Therefore, DIST hashes this address wherever it occurs in packet or frame headers. This hashing scrambles the bits so that the original address is unrecognizable. (The MAC addresses of Kiewit wireless access points are public knowledge, however, and are not subject to this scrambling.) In addition to header information, DIST captures the time at which a frame was transmitted, together with information about the physical characteristics of the transmission, such as its signal strength.
The anonymized header information captured for DIST is stored only on computers that reside in a limited-access locked room. Again, DIST does not record the content of any transmitted frames.
It is worth noting that all of the wireless data that we collect could be collected by anyone with a computer close to the Dartmouth wireless network. As the wireless medium is a broadcast medium, any data that you send or receive over the network can be observed by anyone else in the vicinity.
The use of participants in research is overseen by the Dartmouth College Committee for the Protection of Human Subjects (CPHS). This study has passed the committee's review under two protocols (CPHS #17613, MAP: security through measurement for wireless networks, and CPHS #17325, Measuring the Dartmouth campus-wide wireless network), and currently collects a narrower set of information than allowed by those protocols. All DIST research personnel complete CPHS training before they begin their research.
For more information, contact Prof. David Kotz, Principal investigator
Sun Microsystems is a contributor to the DIST project.