Persistent Device Identity for Network Access Control in the Era of MAC Address Randomization: A RADIUS-Based Framework

Computer Science > Networking and Internet Architecture [Submitted on 17 Mar 2026] Persistent Device Identity for Network Access Control in the Era of MAC Address Randomization: A RADIUS-Based Framework Premanand Seralathan Modern operating systems increasingly randomize Media Access Control (MAC) addresses to protect user privacy, fundamentally disrupting Network Access Control (NAC) systems that have relied on MAC addresses as persistent device identifiers for over two decades. This disruption affects critical enterprise environments including federal government agencies operating under FISMA, healthcare organizations subject to HIPAA, financial institutions governed by PCI-DSS, and educational networks managing large-scale BYOD deployments. This paper presents a comprehensive framework for maintaining persistent device identity in NAC environments through a RADIUS protocol-based approach that assigns and distributes a Globally Unique Identifier (GUID) to endpoints via RADIUS Access-Accept messages. The proposed architecture addresses the complete device lifecycle including initial enrollment, re-authentication across randomized addresses, device management integration, certificate-based identity binding, and device attribute correlation. We describe the framework's design across six distinct use cases -- BYOD, managed devices, VPN-based posture assessment, non-VPN posture, guest access, and IoT device profiling -- and analyze its effectiveness in maintaining device visibility, accurate license counting, and regulatory compliance under continuous MAC address randomization. The approach is compatible with existing 802.1X and MAB infrastructure, requires no client-side operating system modifications, and aligns with the recently published RFC 9797 and IEEE 802.11bh-2024 standards. Our framework enables organizations to maintain regulatory compliance while preserving the privacy benefits that MAC address randomization was designed to provide. Comments: 26 pages, 4 figures, 3 tables. Preprint Subjects: Networking and Internet Architecture (cs.NI); Cryptography and Security (cs.CR) ACM classes: C.2.0; C.2.1; C.2.3; K.6.5 Cite as: arXiv:2603.16745 [cs.NI]   (or arXiv:2603.16745v1 [cs.NI] for this version)   https://doi.org/10.48550/arXiv.2603.16745 Focus to learn more Submission history From: Premanand Seralathan [view email] [v1] Tue, 17 Mar 2026 16:21:57 UTC (378 KB) Access Paper: view license Current browse context: cs.NI < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.CR References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)