eviltwinattack

Topics: Wireless network, Wi-Fi, Wireless access point Pages: 4 (3867 words) Published: April 16, 2014
Mitigating Evil Twin Attacks in 802.11
Kevin Bauer, Harold Gonzales, and Damon McCoy
Department of Computer Science
University of Colorado
{bauerk, gonzaleh, mccoyd}@colorado.edu
Abstract— Due to the prevalence of insecure open 802.11 access points, it is currently easy for a malicious party to launch a variety of attacks such as eavesdropping and data injection. In this paper, we consider a particular threat called the evil twin attack, which occurs when an adversary clones an open access point and exploits common automatic access point selection

techniques to trick a wireless client into associating with the malicious access point. We propose two lines of defense against this attack. First, we present an evil twin detection strategy called context-leashing based upon recording the nearby access points when first associating with an access point. Using this contextual information, the client determines if an adversary has setup an evil twin access point at a different location. Next, we propose an SSH-style authentication method called EAP-SWAT to perform one-way access point authentication that fits into the extensible authentication protocol (EAP) framework.

I. I NTRODUCTION
According to a recent study, 42% of wireless 802.11 access
points (APs) provide no security mechanisms — not even
WEP or WPA [1]. Often times, wireless APs are left open
for convenience. For example, a coffee shop or bookstore may wish to offer a free wireless service, so there is no need to authenticate its wireless users. However, wireless clients that use these APs are vulnerable to a number of trivial threats

such as eavesdropping and injection attacks. An additional
and often over-looked vulnerability caused by using open APs is the access point impersonation attack. This is commonly
referred to as the evil twin attack and occurs when a client is tricked into associating to a malicious rogue AP with the same identity (or SSID) as a previously-used open AP [2].
An...
Continue Reading

Please join StudyMode to read the full document

Become a StudyMode Member

Sign Up - It's Free