A passive user‐side solution for evil twin access point detection at public hotspots

Summary This paper proposes a passive user‐side solution, called Wi‐Fi legal access point (AP) finder (LAF), to the notorious evil twin access point problem, which in turn can result in diverse security problems, such as fraud, identity theft, and man‐in‐the‐middle attacks. Due to the severe securit...

Full description

Saved in:
Bibliographic Details
Published in:International journal of communication systems 2020-09, Vol.33 (14), p.n/a
Main Authors: Hsu, Fu‐Hau, Wang, Chuan‐Sheng, Ou, Chih‐Wen, Hsu, Yu‐Liang
Format: Article
Language:English
Subjects:
evil twin
Fraud
rogue access point
Theft
Twins
Wireless networks
wireless security
Wi‐Fi
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary This paper proposes a passive user‐side solution, called Wi‐Fi legal access point (AP) finder (LAF), to the notorious evil twin access point problem, which in turn can result in diverse security problems, such as fraud, identity theft, and man‐in‐the‐middle attacks. Due to the severe security threats created by evil twins, many promising solutions have been proposed. However, the majority of these solutions are designed for the administrators of wireless networks, not for Wi‐Fi users. Hence, they are either too expensive or need some data that are usually not accessible to normal users. LAF utilizes the TCP three‐way handshake‐related packets and packet forwarding property created by evil twins to find legal APs, called good twins, at public hotspots or unencrypted WLANs; thus, it does not need any data or assistance from wireless network administrators. LAF does not send exploring packets actively; hence, evil twins cannot sense its existence. No matter when and where a user needs to utilize an AP to connect to the Internet at a hotspot, he can just use LAF to find out a legal AP to connect to. Experimental results show that LAF can quickly and accurately find legal APs after observing only a few packets. This paper proposes a passive user‐side legal AP finder, LAF. We utilize the packet forwarding property created by evil twins to detect evil twin attacks and find legal APs. LAF monitors nearby wireless traffic and detects evil twin attacks based on the transmission orders and paths of the three‐way handshake packets of a TCP connection.
ISSN:1074-5351
1099-1131
DOI:10.1002/dac.4460