Exploiting wireless received signal strength indicators to detect evil-twin attacks in smart homes

Evil-twin is becoming a common attack in Smart Home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel evil-twin attack detection method based on the received signal strength indicator (RSSI). Our key insight is that the location of the genuine AP rarely moves in a home environment and as a result the RSSI of the genuine AP is relatively stable. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the WIFI signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of an one-off, modest connection delay

Experimental assessment of RRM techniques in 5 GHz dense WiFi networks using REMs

“© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.”The increasing acceptance of WiFi has created unprecedented levels of congestion in the unlicensed frequency bands, especially in densely populated areas. This results mainly because of the unmanaged interference and uncoordinated op- eration between WiFi access points. Radio Environment Maps (REM) have been suggested as a support for coordination strategies that optimize the overall WiFi network performance. In this context, the main objective of this experiment is to assess the benefit of a coordinated management of radio resources in dense WiFi networks at 5 GHz band, using REMs for indoor scenarios. It was shown that REMs can detect the presence of interfering links on the network or coverage holes, and a suitable coordination strategy can use this information to reconfigure Access Points (AP) channel assignment and re-establish the client connection, at a cost of diminishing the aggregate throughput of the network. The technique of AP hand-off was tested to balance the load from one AP to another. Using REMs, the Radio Resource Management (RRM) strategy could reconfigure the network to optimize the client distribution among available APs. Although the aggregate throughput is lower after load balancing, the RRM could increase the throughput of the overloaded AP.info:eu-repo/semantics/publishedVersio

Rogue access point detection framework on a multivendor access point WLAN

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityWireless internet access has become common throughout the world. IEEE 802.11 Wireless fidelity (Wi-Fi) is now a common internet access standard almost becoming a requirement in homes, offices, universities and public places due to developments in Bring-Your-Own-Device (BYOD), mobile telephony and telecommuting. With the proliferation of Wi-Fi comes a number of information security challenges that have to be addressed. One of the major security threats that comes with Wi-Fi is the presence of rogue access points (APs) on the network. Unsuspecting employees in a company or attackers can introduce rogue APs to a secure wired network. The problem is amplified if the wireless local area network (WLAN) consist of multivendor APs. Malicious people can leverage on rogue APs to perform passive or active attacks on a computer network. Therefore, there is need for network administrators to accurately, with less effort, detect and control presence of rogue APs on multivendor WLANs. In this thesis, a solution that can accurately support detection of rogues APs on a multi-vendor AP WLAN without extra hardware or modification of AP firmware is presented. In the solution, information from beacon frames is compared to a set of approved parameters. Intervention of a network administrator is included to prevent MAC address spoofing. A structured methodology was adopted in developing the model on a Windows operating system. Python programming language was used in coding the system with Scapy and Tkinter as the main modules. SQLite database was used to store required data. The system was tested on a setup WLAN that composed of three different access points in a University lab. It was able to capture beacon frames sent by the access points and extracted MAC address, SSID and capability information as the key parameters used in identifying and classifying the access points. The system uses the captured information to automatically compare it against an existing database of authorized parameters. It is then able to classify an access point as either rogue or authorized. The system issued alerts that described the detected APs to a network administrator. The rest of this document gives details of scholarly works that are pertinent to the study, the research methodology used, implementation and testing of the model followed by discussions of findings and the conclusions and recommendations made by the researcher

Empirical Techniques To Detect Rogue Wireless Devices

Media Access Control (MAC) addresses in wireless networks can be trivially spoofed using off-the-shelf devices. We proposed a solution to detect MAC address spoofing in wireless networks using a hard-to-spoof measurement that is correlated to the location of the wireless device, namely the Received Signal Strength (RSS). We developed a passive solution that does not require modification for standards or protocols. The solution was tested in a live test-bed (i.e., a Wireless Local Area Network with the aid of two air monitors acting as sensors) and achieved 99.77%, 93.16%, and 88.38% accuracy when the attacker is 8–13 m, 4–8 m, and less than 4 m away from the victim device, respectively. We implemented three previous methods on the same test-bed and found that our solution outperforms existing solutions. Our solution is based on an ensemble method known as Random Forests. We also proposed an anomaly detection solution to deal with situations where it is impossible to cover the whole intended area. The solution is totally passive and unsupervised (using unlabeled data points) to build the profile of the legitimate device. It only requires the training of one location which is the location of the legitimate device (unlike the misuse detection solution that train and simulate the existing of the attacker in every possible spot in the network diameter). The solution was tested in the same test-bed and yield about 79% overall accuracy. We build a misuseWireless Local Area Network Intrusion Detection System (WIDS) and discover some important fields in WLAN MAC-layer frame to differentiate the attackers from the legitimate devices. We tested several machine learning algorithms and found some promising ones to improve the accuracy and computation time on a public dataset. The best performing algorithms that we found are Extra Trees, Random Forests, and Bagging. We then used a majority voting technique to vote on these algorithms. Bagging classifier and our customized voting technique have good results (about 96.25 % and 96.32 %respectively) when tested on all the features. We also used a data mining technique based on Extra Trees ensemble method to find the most important features on AWID public dataset. After selecting the most 20 important features, Extra Trees and our voting technique are the best performing classifiers in term of accuracy (96.31 % and 96.32 % respectively)

Towards Secure, Power-Efficient and Location-Aware Mobile Computing

In the post-PC era, mobile devices will replace desktops and become the main personal computer for many people. People rely on mobile devices such as smartphones and tablets for everything in their daily lives. A common requirement for mobile computing is wireless communication. It allows mobile devices to fetch remote resources easily. Unfortunately, the increasing demand of the mobility brings many new wireless management challenges such as security, energy-saving and location-awareness. These challenges have already impeded the advancement of mobile systems. In this dissertation we attempt to discover the guidelines of how to mitigate these problems through three general communication patterns in 802.11 wireless networks. We propose a cross-section of a few interesting and important enhancements to manage wireless connectivity. These enhancements provide useful primitives for the design of next-generation mobile systems in the future.;Specifically, we improve the association mechanism for wireless clients to defend against rogue wireless Access Points (APs) in Wireless LANs (WLANs) and vehicular networks. Real-world prototype systems confirm that our scheme can achieve high accuracy to detect even sophisticated rogue APs under various network conditions. We also develop a power-efficient system to reduce the energy consumption for mobile devices working as software-defined APs. Experimental results show that our system allows the Wi-Fi interface to sleep for up to 88% of the total time in several different applications and reduce the system energy by up to 33%. We achieve this while retaining comparable user experiences. Finally, we design a fine-grained scalable group localization algorithm to enable location-aware wireless communication. Our prototype implemented on commercial smartphones proves that our algorithm can quickly locate a group of mobile devices with centimeter-level accuracy