[en] Commonly used identifiers for IEEE 802.11 access points
(APs), such as network name (SSID), MAC (BSSID), or
IP address can be trivially spoofed. Impersonating existing
APs with faked ones to attract their traffic is referred to in
the literature as the evil twin attack. It allows an attacker
with little effort and expenditure to fake a genuine AP and
intercept, collect, or alter (potentially even encrypted) data.
Due to its severity, the topic has gained remarkable research
interest in the past decade. In this paper, we introduce a
differentiated attacker model to express the attack in all its
facets. We propose a taxonomy for classifying and struc-
turing countermeasures and apply it to existing approaches.
We are the first to conduct a comprehensive survey in this
domain to reveal the potential and the limits of state-of-
the-art solutions. Our study discloses an important attack
scenario which has not been addressed so far, i.e., the usage
of specialized software to mount the attack. We propose and
experimentally validate a novel method to detect evil twin
APs operated by software within a few seconds.
Disciplines :
Computer science
Author, co-author :
Lanze, Fabian ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Panchenko, Andriy ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Ponce-Alcaide, Ignacio; University of Malaga > Escuela Técnica Superior de Ingeniería Informática
Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
Undesired Relatives: Protection Mechanisms Against The Evil Twin Attack in IEEE 802.11
Publication date :
September 2014
Event name :
The 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet'14)
Event date :
21.09.2014
Main work title :
Proceedings of the 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks
Peer reviewed :
Peer reviewed
European Projects :
FP7 - 288535 - CONFINE - Community Networks Testbed for the Future Internet