M.Sc. Topic: Exploiting Wi-Fi control packets for context determination


IEEE 802.11 WLAN is a commodity technology found nearly everywhere in the inhabited industrialized world. WLAN ships with very many home gateways and all smartphones and tablets; on top entertainment and peripheral devices and other appliances increasingly are equipped with WLAN chips. Thus, we find a dense population of WLAN-enabled devices in urban areas: stationary nodes as well as mobile gear.

WLAN access points use L2 beacons to announce their SSIDs, WLAN station adapters may send L2 probe packets to solicit beacons, i.e., check if their known WLAN networks are around. Finally, connected devices exchange L2 data packets. All these packets carry their source and destination L2 addresses as well as an SSID (of the announced, sought, or used network).


In this thesis, we we want to leverage this information to draw conclusions on the context of a mobile user (or a given environment). The goals are mainly threefold:

  1. The first goal is to design, implement, and test a system that can scan the wireless spectrum efficiently and effectively and capture SSIDs in use across the different channels over time. The system shall anonymize and store the data for later analysis. The basis for the system would be, initially, as Raspberry Pi with up to four jointly controlled USB WLAN adapters; thus the target implementation environment will be Linux. The basic task will include optimizing system parameters, e.g., how long should one scan each channel.
  2. The second goal is collect data using the designed system for a case study to show the usefulness of the system. To this end, the an application to count the number of nearby devices over time and how many and how long indidividual static and mobile devices are around shall be developed. This application shall also have a small (web-based) GUI to allow a user to control (start, stop, configure) the system. The application shall allow inferring the context of (mobile) users: How densely populated is the environment? How static/dynamic is it?
  3. The third goal is running the application and creating tools for gathering and evaluating its logs. To this end, the logs shall be stored in a suitable database for further processing. Offline processing shall then infer busy patterns of, e.g., public transport, to be compared to ground truth, and determine general parameters, e.g., how many devices the average user carries, how long individuals stay, etc., and how busy the wireless spectrum is.

Note that it is explicitly NOT a goal to learn anything about individual users nor track them, and preventing such use also during offline analysis shall be considered in the system design.


Linux system level understanding and solid coding skills (for scripting, for implementing WLAN and packet capturing, configuration, etc. in C, and for evaluation); some understanding of managing and querying growing data sets; skills in data evaluation including statistics, modeling, and possibly machine learning.


Jörg Ott, ott@in.tum.de