TY - JOUR
T1 - A novel traceroute-based detection scheme for Wi-Fi Evil twin attacks
AU - Burns, Alex
AU - Wu, Longfei
AU - Du, Xiaojiang
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017
Y1 - 2017
N2 - Wi-Fi has been widely used in our work, home, and many other places, such as hotels and airports. However, the data may be leaked if the access through Wi-Fi is not well-guarded. Wi-Fi hotspots are deployed in an unprecedented speed to facilitate people's lives. The open access nature makes them vulnerable to an evil twin access point (AP), which has the same service set id (SSID) as the legitimate AP and larger signal strength. Current Wi-Fi capable devices are not able to detect the evil twin attack, and will automatically switch to the bogus AP. In this paper, we devise a novel detection scheme based on the commonly used network diagnostic tool traceroute. A remote detection server is set up so that the client-to-server and server-to-client traceroute results are compared. If the evil twin AP is present, it will attempt to conceal the legitimate AP. The inconsistency among the two traceroute results will reveal the evil twin attack. We first present the attack model, then describe the detection scheme in detail. In our implementation, a Nexus 4 smartphone serves as the client, a desktop PC with a USB wireless adapter is set up as the evil twin AP, and the detection service is running on an Amazon EC2 Server. The experimental result demonstrates that our scheme can effectively detect an evil twin attack.
AB - Wi-Fi has been widely used in our work, home, and many other places, such as hotels and airports. However, the data may be leaked if the access through Wi-Fi is not well-guarded. Wi-Fi hotspots are deployed in an unprecedented speed to facilitate people's lives. The open access nature makes them vulnerable to an evil twin access point (AP), which has the same service set id (SSID) as the legitimate AP and larger signal strength. Current Wi-Fi capable devices are not able to detect the evil twin attack, and will automatically switch to the bogus AP. In this paper, we devise a novel detection scheme based on the commonly used network diagnostic tool traceroute. A remote detection server is set up so that the client-to-server and server-to-client traceroute results are compared. If the evil twin AP is present, it will attempt to conceal the legitimate AP. The inconsistency among the two traceroute results will reveal the evil twin attack. We first present the attack model, then describe the detection scheme in detail. In our implementation, a Nexus 4 smartphone serves as the client, a desktop PC with a USB wireless adapter is set up as the evil twin AP, and the detection service is running on an Amazon EC2 Server. The experimental result demonstrates that our scheme can effectively detect an evil twin attack.
KW - Evil twin attack
KW - Traceroute
KW - Wi-Fi security
UR - http://www.scopus.com/inward/record.url?scp=85046414267&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2017.8253957
DO - 10.1109/GLOCOM.2017.8253957
M3 - Conference article
AN - SCOPUS:85046414267
SN - 2334-0983
VL - 2018-January
SP - 1
EP - 6
JO - Proceedings - IEEE Global Communications Conference, GLOBECOM
JF - Proceedings - IEEE Global Communications Conference, GLOBECOM
T2 - 2017 IEEE Global Communications Conference, GLOBECOM 2017
Y2 - 4 December 2017 through 8 December 2017
ER -