Undesired Relatives: Protection Mechanisms Against The Evil Twin Attack in IEEE 802.11

Lanze, Fabian; Panchenko, Andriy; Ponce-Alcaide, Ignacio; Engel, Thomas

Reference : Undesired Relatives: Protection Mechanisms Against The Evil Twin Attack in IEEE 802.11


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/17479

Title :	Undesired Relatives: Protection Mechanisms Against The Evil Twin Attack in IEEE 802.11
Language :	English
Author, co-author :	Lanze, Fabian [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Panchenko, Andriy [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Ponce-Alcaide, Ignacio [University of Malaga > Escuela Técnica Superior de Ingeniería Informática]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	Sep-2014
Main document title :	Proceedings of the 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks
Peer reviewed :	Yes
Event name :	The 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet'14)
Event date :	21.09.2014
Keywords :	[en] Evil Twin Attack ; Survey ; Fake AP ; Software AP ; Detection
Abstract :	[en] Commonly used identifiers for IEEE 802.11 access points (APs), such as network name (SSID), MAC (BSSID), or IP address can be trivially spoofed. Impersonating existing APs with faked ones to attract their traffic is referred to in the literature as the evil twin attack. It allows an attacker with little effort and expenditure to fake a genuine AP and intercept, collect, or alter (potentially even encrypted) data. Due to its severity, the topic has gained remarkable research interest in the past decade. In this paper, we introduce a differentiated attacker model to express the attack in all its facets. We propose a taxonomy for classifying and struc- turing countermeasures and apply it to existing approaches. We are the first to conduct a comprehensive survey in this domain to reveal the potential and the limits of state-of- the-art solutions. Our study discloses an important attack scenario which has not been addressed so far, i.e., the usage of specialized software to mount the attack. We propose and experimentally validate a novel method to detect evil twin APs operated by software within a few seconds.
Permalink :	http://hdl.handle.net/10993/17479
Framework Programme / European Project :	FP7 ; 288535 - CONFINE - Community Networks Testbed for the Future Internet

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	Q2SWinet_CAMERA_READY.pdf		Author preprint	545.23 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices