Abstract
This paper present a novel Certificate-based authentication of public access points (APs). The presented approach is the first to consider authentication of public APs. It is also the first work to consider using digital Certificates for public AP authentication. Normally, when a user wants to access internet in public hot-spots like airports, coffee shops, library, etc., there is often lack of information for the user to make an informed decision on which AP to connect. Consequently, an adversary can easily place a rogue AP in a public hotspot luring users to connect to his AP. Unfortunately, most people focus their attention to the signal strength of the AP and the service fee, and very little attention to the security of the AP. This makes the job of the adversary significantly easier. The adversary can simply place a rogue AP with a look alike name (SSID) that is free to users. With the proposed Certificate-based authentication of APs, the user can readily see available certified APs in range and choose to connect to the one they prefer based on any parameter of choice – signal strength, service provider, fees, etc. Finally, we have shown that an adversary can neither generate fake Certificates nor steal the Certificate from a certified AP and cause significant damage. We have also addressed defense against most common threats to public APs such as – replay attacks, man-in-the-middle attacks, and fabrication attacks. The proposed solution is very robust in validating the authenticity of public APs and isolating rogue APs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ai-Salihy, W.A.-H., Samsudin, A.: A New Proposed Protocol of Router’s CA Certificate. In: International Conference on Computing & Informatics (ICOCI 2006), Kuala Lumpur, Malaysia (June 2006)
Chen, E.Y., Ito, M.: Using End-to-Middle Security to Protect against Evil Twin Access Points. In: World of Wireless, Mobile and Multimedia Networks & Workshops (WoWMoM 2009), Psalidi, Greece (June 2009)
Sawicki, K., Piotrowski, Z.: The proposal of IEEE 802.11 network access point authentication mechanism using a covert channel. In: International Conference on Microwaves, Radar and Wireless Communications, Warsaw, Poland (May 2012)
Jana, S., Kasera, S.K.: On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews. IEEE Transactions on Mobile Computing (March 2010)
Shetty, S., Ma, L.: Rogue Access Point Detection by Analyzing Network Traffic Characteristics. In: Military Communications Conference (MILCOM 2007), Florida, USA (October 2007)
Bahl, P., Chandra, R., Padhye, J., Ravindranath, L., Singh, M., Wolman, A., Zill, B.: Enhancing the security of corporate Wi-Fi networks using DAIR. In: Proceeding of ACM MobiSys 2006(2006)
Adya, A., Bahl, P., Chandra, R., Qiu, L.: Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In: Proceedings of ACM MobiCom 2004 (2004)
Han, H., Sheng, B., Tan, C.C., Li, Q., Lu, S.: A Measurement Based Rogue AP Detection Scheme. In: IEEE INFOCOM 2009, Rio de Janeiro, Brazil (April 2009)
Watkins, L., Beyah, R., Corbett, C.: A Passive Approach to Rogue Access Point Detection. In: Global Telecommunications Conference (GLOBECOM 2007), California, USA (November 2007)
Wei, W., Suh, K., Gu, Y., Wang, B., Kurose, J.: Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs. Technical Report, UM-CS-2006-060 (November 2006)
Beyah, R., Kangude, S., Yu, G., Strickland, B., Copeland, J.: Rogue Access Point Detection using Temporal Traffic Characteristics. In: Proc. of IEEE GLOBECOM (December 2004)
Ma, L., Teymorian, A.Y., Cheng, X., Song, M.: RAP: Protecting Commodity Wi-Fi Networks from Rogue Access Points. In: Proceedings of Qshine 2007 (2007)
Introduction to Digital Certificates, http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml
Skickley, J.: Wireless Networking: Fertile Ground for Social Engineering. In: Beautiful Security, ch. 2. O’Reilly Press (2009) ISBN:978-0-596-52748-8
Sheng, Y., Tan, K., Chen, G., Kotz, D., Campbell, A.: Detecting 802.11 MAC layer spoofing using received signal strength. In: Proceeding of IEEE INFOCOM 2008 (2008)
Brik, V., Banerjee, S., Gruteser, M., Oh, S.: Wireless device identification with radiometric signatures. In: Proceeding of ACM Mobicom 2008 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Srinivasan, A., Chennupati, L. (2012). Robust Authentication of Public Access Points Using Digital Certificates – A Novel Approach. In: Xiang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-35362-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35361-1
Online ISBN: 978-3-642-35362-8
eBook Packages: Computer ScienceComputer Science (R0)