Practical defenses for evil twin attacks in 802.11

Harold Gonzales, Kevin Bauer, Janne Lindqvist, Damon McCoy, Douglas Sicker

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.

    Original languageEnglish (US)
    Title of host publication2010 IEEE Global Telecommunications Conference, GLOBECOM 2010
    DOIs
    StatePublished - 2010
    Event53rd IEEE Global Communications Conference, GLOBECOM 2010 - Miami, FL, United States
    Duration: Dec 6 2010Dec 10 2010

    Other

    Other53rd IEEE Global Communications Conference, GLOBECOM 2010
    CountryUnited States
    CityMiami, FL
    Period12/6/1012/10/10

    Fingerprint

    Authentication
    Wireless networks
    Network protocols
    Internet
    Malware

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering

    Cite this

    Gonzales, H., Bauer, K., Lindqvist, J., McCoy, D., & Sicker, D. (2010). Practical defenses for evil twin attacks in 802.11. In 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010 [5684213] https://doi.org/10.1109/GLOCOM.2010.5684213

    Practical defenses for evil twin attacks in 802.11. / Gonzales, Harold; Bauer, Kevin; Lindqvist, Janne; McCoy, Damon; Sicker, Douglas.

    2010 IEEE Global Telecommunications Conference, GLOBECOM 2010. 2010. 5684213.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Gonzales, H, Bauer, K, Lindqvist, J, McCoy, D & Sicker, D 2010, Practical defenses for evil twin attacks in 802.11. in 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010., 5684213, 53rd IEEE Global Communications Conference, GLOBECOM 2010, Miami, FL, United States, 12/6/10. https://doi.org/10.1109/GLOCOM.2010.5684213
    Gonzales H, Bauer K, Lindqvist J, McCoy D, Sicker D. Practical defenses for evil twin attacks in 802.11. In 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010. 2010. 5684213 https://doi.org/10.1109/GLOCOM.2010.5684213
    Gonzales, Harold ; Bauer, Kevin ; Lindqvist, Janne ; McCoy, Damon ; Sicker, Douglas. / Practical defenses for evil twin attacks in 802.11. 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010. 2010.
    @inproceedings{0282337169ed4ee6b9d3317f7914a6bf,
    title = "Practical defenses for evil twin attacks in 802.11",
    abstract = "Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.",
    author = "Harold Gonzales and Kevin Bauer and Janne Lindqvist and Damon McCoy and Douglas Sicker",
    year = "2010",
    doi = "10.1109/GLOCOM.2010.5684213",
    language = "English (US)",
    isbn = "9781424456383",
    booktitle = "2010 IEEE Global Telecommunications Conference, GLOBECOM 2010",

    }

    TY - GEN

    T1 - Practical defenses for evil twin attacks in 802.11

    AU - Gonzales, Harold

    AU - Bauer, Kevin

    AU - Lindqvist, Janne

    AU - McCoy, Damon

    AU - Sicker, Douglas

    PY - 2010

    Y1 - 2010

    N2 - Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.

    AB - Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.

    UR - http://www.scopus.com/inward/record.url?scp=79551626084&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=79551626084&partnerID=8YFLogxK

    U2 - 10.1109/GLOCOM.2010.5684213

    DO - 10.1109/GLOCOM.2010.5684213

    M3 - Conference contribution

    AN - SCOPUS:79551626084

    SN - 9781424456383

    BT - 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010

    ER -