Exploiting wireless received signal strength indicators to detect evil-twin attacks in smart homes

Evil-twin is becoming a common attack in Smart Home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel evil-twin attack detection method based on the received signal strength indicator (RSSI). Our key insight is that the location of the genuine AP rarely moves in a home environment and as a result the RSSI of the genuine AP is relatively stable. Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the WIFI signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of an one-off, modest connection delay

Lightweight Method for Detecting Fake Authentication Attack on Wi-Fi

Wireless networks, despite providing better access and flexibility, have vulnerabilities that are easier to realize compared to wired networks. Fake authentication attack can be taken by an attacker prior to carrying out a Man in the Middle attack to intercept the other party's communication. Such an attack is generally carried out in public places that provide free Wi-Fi access. Detection of fake authentication is necessary to maintain communication success. Several methods have been applied to detect fake authentication such as the use of Wireless Intrusion Detection System (WIDS) or certificates on Transport Layer Security (TLS). However, attackers can trick the use of WIDS or TLS. Moreover, the WIDS and TLS techniques require large costs and computations. In this study, a lightweight method based on the comparison of BSSID/MAC address for detecting fake authentication is proposed. The lightweight method is implemented by creating an application that runs on Android mobile phones, and Linux operating system. We compared the detection performance of the device with the proposed application and the one without the proposed application. It can be concluded that the proposed method using comparison of BSSID / MAC address is an effective way to detect fake authentication attacks on Wi-Fi networks

Time of Flight and Fingerprinting Based Methods for Wireless Rogue Device Detection

Existing network detection techniques rely on SSIDs, network patterns or MAC addresses of genuine wireless devices to identify malicious attacks on the network. However, these device characteristics can be manipulated posing a security threat to information integrity, lowering detection accuracy, and weakening device protection. This research study focuses on empirical analysis to elaborate the relationship between received signal strength (RSSI) and distance; investigates methods to detect rogue devices and access points on Wi-Fi networks using network traffic analysis and fingerprint identification methods. In this paper, we conducted three experiments to evaluate the performance of RSSI and clock skews as features to detect rogue devices for indoor and outdoor locations. Results from the experiments suggest different devices connected to the same access point can be detected (p \u3c 0.05) using RSSI values. However, the magnitude of the difference was not consistent as devices were placed further from the same access point. Therefore, an optimal distance for maximizing the detection rate requires further examination. The random forest classifier provided the best performance with a mean accuracy of 79% across all distances. Our experiment on clock skew shows improved accuracy in using beacon timestamps to detect rogue APs on the network

PENERAPAN EVIL TWIN DETEKTOR DALAM PENDETEKSIAN PENGGANGGU JARINGAN NIRKABEL PADA USER

Nowadays, wireless networking facilities are provided in public places such as fast food restaurant, airports, hotels, campuses and are an attraction for users to use them. The wireless network provided uses an open authentication system and web-based authentication as the second layer used by customers to identify themselves according to the service they have before they can connect to the internet or WiFi Hotspot is a frequently used name. However, unnoticed by the user, it can be utilized by parties who are not entitled to attack and disturb. One of the attacks on wireless networks is the evil twin attack, given the ease in creating it by only duplicating the existing wireless network configuration and forcing users to move to the evil twin network because the installation tends to be closer to the victim's location. Administrator-based detection is one solution that is implemented but has a dependency on the availability of network administrators and supporting devices. To assist users in detecting disturbances, this research proposed client-based evil twin detection that utilizes Medium Access Control (MAC) address data and automatic configuration information provided by a Dynamic Host Configuration Protocol (DHCP) server on a wireless network. Shell programming on the Linux operating system is used to implement the solution. Keywords: Evil Twin Attack, Hotspot WiFi, WiFi Securit

Effective Management of Energy Internet in Renewable Hybrid Microgrids : A Secured Data Driven Resilient Architecture

This paper proposes a two-layer in-depth secured management architecture for the optimal operation of energy internet in hybrid microgrids considering wind turbines, photovoltaics, fuel cell unit, and microturbines. In the physical layer of the proposed architecture, the operation of the grid is formulated as a single objective problem that is solved using teacher learning-based optimization (TLBO). Regarding the cyber layer of the proposed architecture, a two-level intrusion detection system (IDS) is proposed to detect various cyber-attacks (i.e. Sybil attacks, spoofing attacks, false data injection attacks) on wireless-based advanced metering infrastructures. The sequential probability ratio testing (SPRT) approach is utilized in both levels of the proposed IDS to detect cyber-attacks based on a sequence of anomalies rather than only one piece of evidence. The feasibility and performance of the proposed architecture are examined on IEEE 33-bus test system and the results are provided for both islanded and grid-connected operation modes.©2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.fi=vertaisarvioitu|en=peerReviewed

FakeAP Detector: An Android-Based Client-Side Application for Detecting Wi-Fi Hotspot Spoofing

This research article published by IEEE Access, 2022Network spoofing is becoming a common attack in wireless networks. The trend is going high due to an increase in Internet users. Similarly, there is a rapid growth of numbers in mobile devices in the working environments and on most official occasions. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving guest users with mobile devices at risk. Some approaches on Android-based devices demand root privilege, which is highly discouraged. This paper presents an Android-based client-side solution to detect the presence of fake access points in a perimeter using details collected from probe responses. Our approach considers the difference in security information and signal level of an access point (AP). We present the detection in three networks, (i) open networks, (ii) closed networks and (iii) networks with captive portals. As a departure from existing works, our solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that our approach can detect fake access points with an accuracy of 99% and 99.7% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively

A taxonomy of cyber-physical threats and impact in the smart home

In the past, home automation was a small market for technology enthusiasts. Interconnectivity between devices was down to the owner’s technical skills and creativity, while security was non-existent or primitive, because cyber threats were also largely non-existent or primitive. This is not the case any more. The adoption of Internet of Things technologies, cloud computing, artificial intelligence and an increasingly wide range of sensing and actuation capabilities has led to smart homes that are more practical, but also genuinely attractive targets for cyber attacks. Here, we classify applicable cyber threats according to a novel taxonomy, focusing not only on the attack vectors that can be used, but also the potential impact on the systems and ultimately on the occupants and their domestic life. Utilising the taxonomy, we classify twenty five different smart home attacks, providing further examples of legitimate, yet vulnerable smart home configurations which can lead to second-order attack vectors. We then review existing smart home defence mechanisms and discuss open research problems

Indoor Navigation Ontology for Smartphone Semi- Automatic Self-Calibration Scenario

The indoor navigation within public environments and location-based service development are very interesting and promising tasks. This paper describes an ontology-based technique for human movement recognition using the hybrid indoor localization technique based on received signal strength multilateration and pedestrian dead reckoning which relies on internal smartphone sensors. This technique takes into account the anchor node proximity zones and using internal sensors performs the semi-automatic online calibration procedure of log- distance path loss propagation model in accordance with a certain semi-automatic self-calibration scenario. The usage of indoor navigation ontology allows to decrease the influence of radio signal obstructions induced by user's body and moving people