A client-side detection mechanism for evil twins. (April 2017)
- Record Type:
- Journal Article
- Title:
- A client-side detection mechanism for evil twins. (April 2017)
- Main Title:
- A client-side detection mechanism for evil twins
- Authors:
- Hsu, Fu-Hau
Wang, Chuan-Sheng
Hsu, Yu-Liang
Cheng, Yung-Pin
Hsneh, Yu-Hsiang - Abstract:
- Highlights: A client-side detection mechanism for evil twins. The mechanism relies on packet forwarding behavior of an evil twin attack. Proposes the first idea of detecting evil twin by operating the wireless network interface controller in monitor mode. Graphical abstract: Abstract: In this paper, we propose a client-based solution to detect "evil twin" attacks in wireless local area networks (WLANs). An evil twin is a kind of rogue Wi-Fi access point (AP) which has the same SSID name as a legitimate one and is set up by an attacker. After a victim associates his device with an evil twin, an attacker can eavesdrop sensitive data forwarded through the evil twin. Most existing detection solutions are administrator-based, which are used by wireless network administrators to verify whether a given AP is in an authorized list or not. Such administrator-based solutions are limited, hardly maintained, and difficult to protect users 24–7. Hence, we propose a client-based detection mechanism, called evil twin detector, to detect this type of attacks. An evil twin detector changes its wireless network interface card (WNIC) to monitor mode to capture wireless TCP/IP packets. Through analyzing captured packets, our detector allows client users to easily and precisely detect an evil twin, thus avoids threats created by evil twins. Our method does not need to know any authorized AP list, and does not rely on data training or machine learning technique. Finally, we implement a detectingHighlights: A client-side detection mechanism for evil twins. The mechanism relies on packet forwarding behavior of an evil twin attack. Proposes the first idea of detecting evil twin by operating the wireless network interface controller in monitor mode. Graphical abstract: Abstract: In this paper, we propose a client-based solution to detect "evil twin" attacks in wireless local area networks (WLANs). An evil twin is a kind of rogue Wi-Fi access point (AP) which has the same SSID name as a legitimate one and is set up by an attacker. After a victim associates his device with an evil twin, an attacker can eavesdrop sensitive data forwarded through the evil twin. Most existing detection solutions are administrator-based, which are used by wireless network administrators to verify whether a given AP is in an authorized list or not. Such administrator-based solutions are limited, hardly maintained, and difficult to protect users 24–7. Hence, we propose a client-based detection mechanism, called evil twin detector, to detect this type of attacks. An evil twin detector changes its wireless network interface card (WNIC) to monitor mode to capture wireless TCP/IP packets. Through analyzing captured packets, our detector allows client users to easily and precisely detect an evil twin, thus avoids threats created by evil twins. Our method does not need to know any authorized AP list, and does not rely on data training or machine learning technique. Finally, we implement a detecting system on Windows 7. … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 59(2017)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 59(2017)
- Issue Display:
- Volume 59, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 59
- Issue:
- 2017
- Issue Sort Value:
- 2017-0059-2017-0000
- Page Start:
- 76
- Page End:
- 85
- Publication Date:
- 2017-04
- Subjects:
- Wireless -- Evil twin -- Rogue AP -- Wi-Fi
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2015.10.010 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 232.xml