Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11

Abstract

Commonly used identifiers for IEEE 802.11 access points (APs), such as network name (SSID), MAC (BSSID), or IP address can be trivially spoofed. Impersonating existing APs with faked ones to attract their traffic is referred to in the literature as the \emph{evil twin attack}. It allows an attacker with little effort and expenditure to fake a genuine AP and intercept, collect, or alter (potentially even encrypted) data. Due to its severity, the topic has gained remarkable research interest in the past decade. In this paper, we introduce a differentiated attacker model to express the attack in all its facets. We propose a taxonomy for classifying and structuring countermeasures and apply it to existing approaches. We are the first to conduct a comprehensive survey in this domain to reveal the potential and the limits of state-of-the-art solutions. Our study discloses an important attack scenario which has not been addressed so far, i.e., the usage of specialized software to mount the attack. We propose and experimentally validate a novel method to detect evil twin APs operated by software within a few seconds.

DOI: 10.1145/2642687.2642691

Extracted Key Phrases

4 Figures and Tables

Cite this paper

@inproceedings{Lanze2014UndesiredRP, title={Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11}, author={Fabian Lanze and Andriy Panchenko and Ignacio Ponce-Alcaide and Thomas Engel}, booktitle={Q2SWinet}, year={2014} }