BiRe: A client-side Bi-directional SYN Reflection mechanism against multi-model evil twin attacks. Issue 88 (January 2020)
- Record Type:
- Journal Article
- Title:
- BiRe: A client-side Bi-directional SYN Reflection mechanism against multi-model evil twin attacks. Issue 88 (January 2020)
- Main Title:
- BiRe: A client-side Bi-directional SYN Reflection mechanism against multi-model evil twin attacks
- Authors:
- Lu, Qian
Jiang, Ruobing
Ouyang, Yuzhan
Qu, Haipeng
Zhang, Jiahui - Abstract:
- Abstract: The evil twin attack (ETA) has been a persistent security threat for decades in wireless local area networks (WLANs). An ETA refers to a rogue access point (RAP) impersonating a legal access point (LAP) to allure wireless users' connection. Such attacks give rise to serious privacy leakage and property damages, motivating intensive research on ETA detection in both academic and manufacturing communities. Among existing ETA detection methods, those deployed at client side are superior to the typical admin-side ones because of the particular requirements on dedicated equipments at admin side and the lack of real-time protection. Unfortunately, available client-side ETA detection mechanisms are simply targeted to specific evil twin model and fail to provide adequate detection rate. In this paper, we propose a multi-model ETA detection mechanism at client side, called BiRe . Inspired by the request-response reflection stated in TCP handshake process, BiRe employs a novel Bi -directional TCP SYN Re flection to determine the existence of an ETA and differentiate among various attack models. A pair of wireless adapters are employed to cooperatively initiate TCP handshakes and monitor the absence of the expected TCP SYN-ACK packets. The remarkable feature of BiRe is to make the number of such absences as a feasible indicator for the ETA model identification. The results from extensive real-world experiments demonstrate the distinguishing performance of BiRe, achieving asAbstract: The evil twin attack (ETA) has been a persistent security threat for decades in wireless local area networks (WLANs). An ETA refers to a rogue access point (RAP) impersonating a legal access point (LAP) to allure wireless users' connection. Such attacks give rise to serious privacy leakage and property damages, motivating intensive research on ETA detection in both academic and manufacturing communities. Among existing ETA detection methods, those deployed at client side are superior to the typical admin-side ones because of the particular requirements on dedicated equipments at admin side and the lack of real-time protection. Unfortunately, available client-side ETA detection mechanisms are simply targeted to specific evil twin model and fail to provide adequate detection rate. In this paper, we propose a multi-model ETA detection mechanism at client side, called BiRe . Inspired by the request-response reflection stated in TCP handshake process, BiRe employs a novel Bi -directional TCP SYN Re flection to determine the existence of an ETA and differentiate among various attack models. A pair of wireless adapters are employed to cooperatively initiate TCP handshakes and monitor the absence of the expected TCP SYN-ACK packets. The remarkable feature of BiRe is to make the number of such absences as a feasible indicator for the ETA model identification. The results from extensive real-world experiments demonstrate the distinguishing performance of BiRe, achieving as high as 100% detection rate in multi-model ETA scenarios. Moreover, a free lightweight Linux tool has been developed based on BiRe to automate client-side ETA detection. … (more)
- Is Part Of:
- Computers & security. Issue 88(2020)
- Journal:
- Computers & security
- Issue:
- Issue 88(2020)
- Issue Display:
- Volume 88, Issue 88 (2020)
- Year:
- 2020
- Volume:
- 88
- Issue:
- 88
- Issue Sort Value:
- 2020-0088-0088-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-01
- Subjects:
- Evil twin attack -- Rogue access point detection -- WLAN Security -- Wi-Fi security -- Man-in-the-middle attack
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.101618 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16306.xml