Advertisement

WiFiHop - Mitigating the Evil Twin Attack through Multi-hop Detection

  • Diogo Mónica
  • Carlos Ribeiro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)

Abstract

Public hotspots have undeniable benefits for both users and providers. Users get ubiquitous internet access and providers attract new potential clients. However, the security mechanisms currently available (e.g. WEP, WPA) fail to prevent a myriad of attacks. A particularly damaging attack to public WiFi networks is the evil twin attack, where an attacker masquerades as a legitimate provider to mount wireless interposition attacks. This paper proposes WiFiHop, a client-sided tool that leverages the intrinsic multi-hop characteristics of the evil twin attack, to detect it. The proposed tool is technology independent (e.g. network bandwidth or latency), and detects the attacks in real time (i.e. before any user traffic is transmitted). It works with both open and encrypted networks. This tool was tested in a real-life scenario, and its effectiveness demonstrated.

Keywords

False Alarm Packet Loss Access Point Wireless Channel Control Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Airdefense - tire of rogues? solutions for detecting and eliminating rogue wireless networks, http://www.airdefense.net/whitepapers/roguewatch_request2.php
  2. 2.
  3. 3.
    Nist guide to securing legacy ieee 802.11 wireless networks, http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    Wisentry - wireless access point detection system, http://www.wimetrics.com/Products/WAPD.htm
  9. 9.
    Abdollah, T.: Ensnared on the wireless web, http://articles.latimes.com/2007/mar/16/local/me-wifihack16
  10. 10.
    Adya, A., Bahl, P., Chandra, R., Qiu, L.: Architecture and techniques for diagnosing faults in ieee 802.11 infrastructure networks. In: Proceedings of the 10th Annual International Conference on Mobile Computing and Networking, MobiCom 2004, pp. 30–44. ACM, New York (2004), http://doi.acm.org/10.1145/1023720.1023724 Google Scholar
  11. 11.
    Bahl, P., Chandra, R., Padhye, J., Ravindranath, L., Singh, M., Wolman, A., Zill, B.: Enhancing the security of corporate wi-fi networks using dair. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services, MobiSys 2006, pp. 1–14. ACM, New York (2006), http://doi.acm.org/10.1145/1134680.1134682 Google Scholar
  12. 12.
    Baiamonte, V., Papagiannaki, K., Iannaccone, G.: Detecting 802.11 wireless hosts from remote passive observations. In: Akyildiz, I.F., Sivakumar, R., Ekici, E., Oliveira, J.C.d., McNair, J. (eds.) NETWORKING 2007. LNCS, vol. 4479, pp. 356–367. Springer, Heidelberg (2007), http://portal.acm.org/citation.cfm?id=1772322.1772361 CrossRefGoogle Scholar
  13. 13.
    Bellardo, J., Savage, S.: 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, p. 2. USENIX Association, Berkeley (2003), http://portal.acm.org/citation.cfm?id=1251353.1251355 Google Scholar
  14. 14.
    Beyah, R., Kangude, S., Yu, G., Strickland, B., Copeland, J.: Rogue access point detection using temporal traffic characteristics. In: Global Telecommunications Conference, GLOBECOM 2004, November-December 3, vol. 4, pp. 2271–2275. IEEE, Los Alamitos (2004)CrossRefGoogle Scholar
  15. 15.
    Hippenstiel, R.D.: Detection Theory: Applications and Digital Signal Processing, 2nd edn. CRC Press, Boca Raton (2002)Google Scholar
  16. 16.
    Kao, K.F., Liao, I.E., Li, Y.C.: Detecting rogue access points using client-side bottleneck bandwidth analysis. Computers and Security 28(3-4), 144–152 (2009), http://www.sciencedirect.com/science/article/B6V8G-4V353XY-1/2/0e2cd909933fa11ae60a0417d16d0faa CrossRefGoogle Scholar
  17. 17.
    Ma, L., Teymorian, A.Y., Cheng, X.: A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks. In: 2008 IEEE INFOCOM - The 27th Conference on Computer Communications, pp. 1220–1228. IEEE, Los Alamitos (2008), http://dx.doi.org/10.1109/INFOCOM.2008.178 Google Scholar
  18. 18.
    Mano, C.D., Blaich, A., Liao, Q., Jiang, Y., Cieslak, D.A., Salyers, D.C., Striegel, A.: Ripps: Rogue identifying packet payload slicer detecting unauthorized wireless hosts through network traffic conditioning. ACM Trans. Inf. Syst. Secur. 11, 2:1–2:23 (2008), http://doi.acm.org/10.1145/1330332.1330334
  19. 19.
    Schulman, A., Levin, D., Spring, N.: CRAWDAD data set umd/sigcomm2008 (March 2, 2009), crawdad.cs.dartmouth.edu/umd/sigcomm2008 (March 2009)
  20. 20.
    Shetty, S., Song, M., Ma, L.: Rogue access point detection by analyzing network traffic characteristics. In: Military Communications Conference, MILCOM 2007, pp. 1–7. IEEE, Los Alamitos (2007)Google Scholar
  21. 21.
    Song, Y., Yang, C., Gu, G.: Who is peeping at your passwords at starbucks?; to catch an evil twin access point. In: 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 28- July 1, pp. 323–332 (2010)Google Scholar
  22. 22.
    Wald, A.: Sequential Analysis. Wiley, Chichester (1959)zbMATHGoogle Scholar
  23. 23.
    Watkins, L., Beyah, R., Corbett, C.: A passive approach to rogue access point detection. In: Global Telecommunications Conference, GLOBECOM 2007, pp. 355–360. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  24. 24.
    Wei, W., Wang, B., Zhang, C., Kurose, J., Towsley, D.: Classification of access network types: Ethernet wireless lan, adsl, cable modem or dialup? In: Proceedings IEEE of INFOCOM 2005 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2, pp. 1060–1071 (March 2005)Google Scholar
  25. 25.
    Wei, W., Jaiswal, S., Kurose, J., Towsley, D.: Identifying 802.11 traffic from passive measurements using iterative bayesian inference. In: Proc. IEEE INFOCOM (2006)Google Scholar
  26. 26.
    Wei, W., Suh, K., Wang, B., Gu, Y., Kurose, J., Towsley, D.: Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, IMC 2007, pp. 365–378. ACM, New York (2007), http://doi.acm.org/10.1145/1298306.1298357 Google Scholar
  27. 27.
    Xie, G., He, T., Zhang, G.: Rogue access point detection using segmental tcp jitter. In: Proceeding of the 17th International Conference on World Wide Web, WWW 2008, pp. 1249–1250. ACM, New York (2008), http://doi.acm.org/10.1145/1367497.1367750 Google Scholar
  28. 28.
    Yin, H., Chen, G., Wang, J.: Detecting protected layer-3 rogue aps. In: Fourth International Conference on Broadband Communications, Networks and Systems, BROADNETS 2007, pp. 449–458 (September 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Diogo Mónica
    • 1
  • Carlos Ribeiro
    • 1
  1. 1.Instituto Superior Técnico / INESC-ID LisboaLisboaPortugal

Personalised recommendations