The rogue access point identification: a model and classification review

Most people around the world make use of public Wi-Fi hotspots, as their daily routine companion in communication. The access points (APs) of public Wi-Fi are easily deployed by anyone and everywhere, to provide hassle-free Internet connectivity. The availability of Wi-Fi increases the danger of adversaries, taking advantages of sniffing the sensitive data. One of the most serious security issues encountered by Wi-Fi users, is the presence of rogue access points (RAP). Several studies have been published regarding how to identify the RAP. Using systematic literature review, this research aims to explore the various methods on how to distinguish the AP, as a rogue or legitimate, based on the hardware and software approach model. In conclusion, all the classifications were summarized, and produced an alternative solution using beacon frame manipulation technique. Therefore, further research is needed to identify the RAP.

Received-Signal-Strength-Based Approach for Detection and 2D Indoor Localization of Evil Twin Rogue Access Point in 802.11

The “Evil twin” rogue access point is one of the most serious security threats to wireless LANs. To solve this problem, a practical approach has been proposed for detecting rogue access points using the received signal strength indicator (RSSI). First, a distributed architecture is presented, which consists of three network analyzers. Then, a cluster analysis of the RSSI vectors is performed to determine the attack. The coordinates of the centroids of clusters obtained were converted into the distance by using an empirical model of signal propagation under indoor conditions. The obtained distances are used to determine the localization of a rogue access point (RAP) using the trilateration method. Finally, we are conducting experiments to evaluate the performance of practical RAP detection. The results show that the proposed approach to detecting rogue access points can significantly reduce the frequency of false alarms, while providing an average localization error of 1.5m, which is quite acceptable for RAP localization in real indoor conditions.

AN ATTACK SCENARIO USING A ROGUE ACCESS POINT IN IEEE 802.11 NETWORKS

One of the most serious security threats to wireless local area networks (WLANs) in recent years is rogue access points that intruders use to spy on and attack. Due to the open nature of the wireless transmission medium, an attacker can easily detect the MAC addresses of other devices, commonly used as unique identifiers for all nodes in the network, and implement a spoofing attack, creating a rogue access point, the so-called "Evil Twin". The attacker goal is to connect legitimate users to a rogue access point and gain access to confidential information. This article discusses the concept, demonstrates the practical implementation and analysis of the “Evil Twin” attack. The algorithm of the intruder's actions, the scenario of attack on the client, and also procedure for setting up the program-implemented rogue access point is shown. It has been proven that the implementation of the attack is possible due to the existence of several access points with the same service set identifier and MAC address in the same area, allowed by 802.11 standard. The reasons for failure operation of the network and possible interception of information as a result of the attack are identified, methods of detecting rogue access points are analyzed. During the experiment, observations of the 802.11 frames showed that there were deviations in the behavior of beacon frames at the time of the "Evil Twin" attack. First, the number of beacon frames coming from the access point which succumbed to the attack is increasing. Secondly, the traffic analyzer detected significant fluctuations in the values of the received signal level, which simultaneously come from a legitimate and rogue access point, which allows to distinguish two groups of beacon frames. The "Evil Twin" attack was implemented and researched using Aircrack-ng – a package of software for auditing wireless networks, and Wireshark – network traffic analyzer. In the future, the results obtained can be used to improve methods of protection against intrusion into wireless networks, in order to develop effective systems for detecting and preventing intrusions into WLAN.

Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis

Traditional rogue access-point (AP) detection mechanisms are employed in network administration to protect network infrastructure and organization; however, these mechanisms do not protect end users from connecting to a rogue-AP. In this paper, a rogue-AP detection technique on the mobile-user side is proposed. By using a simple method involving walking, the round-trip time (RTT) and the modulation and coding scheme values are obtained, and a more accurate transmission rate for particular RTT values is thereby calculated. Further, the cleansed data are classified using the k-means method and the cumulative distribution function for the detection process. The results demonstrate that a rogue-AP can be detected with an F-measure value of up to 0.9. In the future, the proposed algorithm can be implemented as an application installed on mobile devices so that nontechnical users can detect rogue-APs.