Gateway Independent User-Side Wi-Fi Evil Twin Attack Detection Using Virtual Wireless Clients

Keywords

Evil Twin Attack; LORCON; Open WiFiHop; Virtual wireless client; Wi-Fi security

Abstract

Complimentary open Wi-Fi networks offered by most coffee shops, fast food restaurants and airports are inherently insecure. An attacker can easily deceive a wireless client (WC) by setting up a rogue access point (RAP) impersonating the legitimate access point (LAP), which is usually referred as Evil Twin Attack (ETA). To pass a victim's wireless data through to the Internet, an attacker may use the same LAP's gateway, or use a different gateway, such as broadband cellular connection. Most of the existing ETA detection techniques assume that the attacker will use a specific wireless network gateway to pass victim's wireless data. In this paper, we present a real-time client-side detection scheme to detect ETA regardless of the attacker's gateway selection. The proposed ETA detection system considers both ETA scenarios in parallel by creating two Virtual Wireless Clients (VWCs). The first VWC monitors multiple Wi-Fi channels in a random order looking for specific data packets sent by a server on the Internet. Meanwhile, the second VWC warns the WC when the wireless network uses two different gateways by switching from one AP to another in the middle of a secure connection. The effectiveness of the proposed detection method has been mathematically modeled, prototyped and evaluated in real-life environment with a detection rate close to 100%.

Publication Date

5-1-2018

Publication Title

Computers and Security

Volume

74

Number of Pages

41-54

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1016/j.cose.2017.12.009

Socpus ID

85041422366 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85041422366

This document is currently not available here.

Share

COinS