Passive Client-Centric Rogue Access Point Detection Framework For WiFi Hotspots

• Main Author: Ahmad, Nazrul Muhaimin
• Format: Thesis
• Language: English; English
• Published: 2018
• Subjects: T Technology (General); TK Electrical engineering. Electronics Nuclear engineering
• Online Access: http://eprints.utem.edu.my/id/eprint/23373/1/Passive%20Client-centric%20Rogue%20Access%20Point%20Detection%20Framework%20for%20Wi_Fi%20Hotspots.pdf; http://eprints.utem.edu.my/id/eprint/23373/2/Passive%20Client-Centric%20Rogue%20Access%20Point%20Detection%20Framework%20For%20Wi_Fi%20Hotspots.pdf

The proliferation of Wi-Fi hotspots in public places provides seamless Internet connectivity anywhere at any time to the wireless clients.Although many hotspots are often unprotected,unmanaged and unencrypted,this does not prevent the clients from actively connecting to the network.The underlying problem is that the network Access Point (AP) is always trusted.The adversary can impersonate a legitimate AP by setting up a rogue AP to commit espionage and to launch evil-twin attack,session hijacking,and eavesdropping.To aggravate the threats, existing detection solutions are ill-equipped to safeguard the client against rogue AP.Infrastructure- centric solutions are heavily relied on the deployment of sensors or centralized server for rogue AP detection, which are limited,expensive and rarely to be implemented in hotspots.Even though client-centric solutions offer threat-aware protection for the client,but the dependency of the existing solutions on the spoofable contextual network information and the necessity to be associated with the network makes those solutions are not viable for the hotspot’s client.Hence,this work proposes a framework of passive client-centric rogue AP detection for hotspots.Unlike existing solutions,the key idea is to piggyback AP-specific and network-specific information in IEEE 802.11 beacon frame that enables the client to perform the detection without authentication and association to any AP.Based on the spatial fingerprints included in the broadcasted information from the APs in the vicinity of the client,this work discloses a novel concept that enables the rogue AP detection via the client’s ability to self-colocalize and self-validate its own position in the hotspot.The legitimacy of the APs in the hotspot,in this view,lies in the fact that the correct matching between the Received Signal Strength Indicator (RSSI) measurements at the client and pre-recorded fingerprints is attainable when the beacons are transmitted only from the legitimate APs.Hence,any anomalousness in AP’s beacon frame or any attempt to replay the legitimate AP’s beacon frame from different location can be detected and classified as rogue AP threats.Through experiments in real environment,the results demonstrate that with proper algorithm selection and parameters tuning,the rogue AP detection framework can achieve over 90% detection accuracy in classifying the absence and presence of rogue AP threats in the hotspot.