research-article

Simple and effective defense against evil twin access points

Authors:

Wolfgang Polak,

Eleanor Rieffel,

Thea TurnerAuthors Info & Claims

WiSec '08: Proceedings of the first ACM conference on Wireless network security

Pages 220 - 235

https://doi.org/10.1145/1352533.1352569

Published: 31 March 2008 Publication History

Abstract

Wireless networking is widespread in public places such as cafes. Unsuspecting users may become victims of attacks based on "evil twin" access points. These rogue access points are operated by criminals in an attempt to launch man-in-the-middle attacks. We present a simple protection mechanism against binding to an evil twin. The mechanism leverages short authentication string protocols for the exchange of cryptographic keys. The short string verification is performed by encoding the short strings as a sequence of colors, rendered sequentially by the user's device and by the designated access point of the cafe. The access point must have a light capable of showing two colors and must be mounted prominently in a position where users can have confidence in its authenticity. We conducted a usability study with patrons in several cafes and participants found our mechanism very usable.

References

[1]

Abdollah, T. Ensnared on the wireless Web. Los Angeles Times, March 16 2007.

[2]

Alkassar, A., Stüble, C., and Sadeghi, A.-R. Secure object identification: or: solving the chess grandmaster problem. In NSPW '03: Proceedings of the 2003 workshop on New security paradigms (New York, NY, USA, 2003), ACM Press, pp. 77--85.

Digital Library

[3]

Balfanz, D., Smetters, D. K., Stewart, P., and Wong, H. C. Talking to strangers: Authentication in ad-hoc wireless networks. In Proceedings of Network and Distributed System Security Symposium 2002 (NDSS'02) (San Diego, CA, February 2002).

[4]

Biba, E. Does your Wi-Fi hotspot have an evil twin? PC World, March 15 2005. Author writes for Medill New Service.

[5]

Brands, S., and Chaum, D. Distance-bounding protocols. In EUROCRYPT '93: Workshop on the theory and application of cryptographic techniques on Advances in cryptology (Secaucus, NJ, USA, 1994), Springer-Verlag New York, Inc., pp. 344--359.

Digital Library

[6]

Bussard, L., and Roudier, Y. Embedding distance-bounding protocols within intuitive interactions. In Proc. Conference on Security in Pervasive Computing (SPC'03) (Mar. 2003), vol. 2802 of Lecture Notes in Computer Science, Springer Verlag, pp. 143--156.

[7]

Dohrmann, S., and Ellison, C. Public-key support for collaborative groups. In Proc. 1st Annual PKI Research Workshop (Gaithersburg, Mayland, USA, Apr. 2002), National Institute for Standards and Technology, pp. 139--148.

[8]

Fleishman, G. My evil twin. Published online at http://wifinetnews.com/archives/004718.html, January 20 2005.

[9]

Gehrmann, C., Mitchell, C. J., and Nyberg, K. Manual authentication for wireless devices. RSA Cryptobytes 7, 1 (Jan. 2004), 29--37.

[10]

Goodrich, M. T., Sirivianos, M., Solis, J., Tsudik, G., and Uzun, E. Loud And Clear: Human verifiable authentication based on audio. In Proc. 26th International Conference on Distributed Computing Systems (July 2006), IEEE.

Digital Library

[11]

Group, T. S. Airsnarf. Published online at http://airsnarf.shmoo.com, Apr. 2007. Airsnarf is a simple wireless access point setup utility designed to demonstrate how a rogue access point can steal usernames and passwords from public wireless hotspots.

[12]

Haller, N., Metz, C., Nesser, P., and Straw, M. A one-time password system. Internet Request for Comments 2289, Internet Engineering Task Force, Feb. 1998.

Digital Library

[13]

Kuo, C., Walker, J., and Perrig, A. Low-cost manufacturing, usability, and security: An analysis of Bluetooth simple pairing and Wi-Fi protected setup. In Proc. Usable Security Workshop (USEC) (Lowlands, Scarborough, Trinidad/Tobago, Feb. 2007). Co-located with 11th Conference on Financial Cryptography and Data Security.

Digital Library

[14]

Laur, S., and Nyberg, K. Efficient mutual data authentication using manually authenticated strings. In Proc. 5th International Conference on Cryptology and Network Security (Suzhou, China, 2006), no. 4301 in Lecture Notes in Computer Science, Springer Verlag, pp. 90--107.

Digital Library

[15]

Likert, R. A technique for the measurement of attitudes. McGraw-Hill, New York, USA, 1932.

[16]

Maher, D. P. Secure communication method and apparatus. United states patent 5,450,493, United States Patent and Trademark Office, Sept. 1995. Filed Dec. 29, 1993.

[17]

McCune, J. M., Perrig, A., and Reiter, M. K. Seeing-Is-Believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy (2005), pp. 110--124.

Digital Library

[18]

Meadows, H. "Evil Twin" hotspots are a new menace for internet users, warns cranfield university. Press release, Cranfield University, Cranfield, Bedfordshire, MK43 0AL, United Kingdom, Jan. 2005. Available online at http://www.cranfield.ac.uk/university/press/2005/14012005.cfm.

[19]

Miller, G. A. The magical number seven, plus or minus two: Some limits on our capacity for processing information. Psychological Review 63 (1956), 81--97.

[20]

Ornaghi, A., and Valleri, M. Ettercap. Available online at http://ettercap.sourceforge.net, Apr. 2007. Ettercap is a network sniffer with extensive support for Man-in-the-Mddle Attacks.

[21]

Perrig, A., and Song, D. Hash visualization: a way to improve real world security. In International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) (1999).

[22]

Rekimoto, J., Ayatsuka, Y., and Kohno, M. SyncTap: An interaction technique for mobile networking. In Human-computer interaction with mobile devices and services (Mobile HCI 2003) (2003), L. Chittaro, Ed., no. 2795 in Lecture Notes in Computer Science, Springer Verlag, pp. 104--115.

[23]

Richard, G. G. Service advertisement and discovery: Enabling universal device cooperation. IEEE Internet Computing 4, 5 (2000), 18--26.

Digital Library

[24]

Saltzer, J. H., and Schroeder, M. D. The protection of information in computer systems. Communications of the ACM 17, 7 (July 1974).

Digital Library

[25]

Sastry, N., Shankar, U., and Wagner, D. Secure verification of location claims. In Proceedings of the 2003 ACM workshop on Wireless security (WiSe'03) (New York, NY, USA, 2003), ACM Press, pp. 1--10.

Digital Library

[26]

Saxena, N., Ekberg, J.-E., Kostiainen, K., and Asokan, N. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy (May 2006).

Digital Library

[27]

Shneiderman, B. Designing the User Interface, 3rd ed. Addison Wesley, 1998.

Digital Library

[28]

Stajano, F., and Anderson, R. J. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Proc. 7th International Security Protocols Workshop (1999), pp. 172--194.

Digital Library

[29]

Suomalainen, J., Valkonen, J., and Asokan, N. Security associations in personal networks: A comparative analysis. Technical Report NRC-TR-2007-004, Nokia Research Center, Jan. 2007.

[30]

Thomson, I. "Evil Twin" Wi-Fi hacks target the rich. VNU Business Publications, November 23 2006. Available online at http://www.vnunet.com/2169400.

[31]

Uzun, E., Karvonen, K., and Asokan, N. Usability analysis of secure pairing methods. In Proc. Usable Security Workshop (USEC) (Lowlands, Scarborough, Trinidad/Tobago, Feb. 2007). Co-located with 11th Conference on Financial Cryptography and Data Security.

Digital Library

[32]

Vaudenay, S. Secure communications over insecure channels based on short authenticated strings. In Proc. Advances in Cryptology (CRYPTO) (2005), vol. 3621 of Lecture Notes in Computer Science, Springer Verlag, pp. 309--326.

Digital Library

[33]

Čagalj, M., Capkun, S., and Hubaux, J.-P. Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE 94, 2 (Feb. 2006), 467--478.

[34]

Vogel, E. K., and Machizawa, M. G. Neural activity predicts individual differences in visual working memory capacity. Nature 428 (Apr. 2004), 748--751.

Cited By

Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Xue XYu SSong M(2023)Secure Device Trust Bootstrapping Against Collaborative Signal Modification AttacksIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229007(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229007
Neal ZSha K(2023)Analysis of Evil Twin, Deauthentication, and Disassociation Attacks on Wi-Fi Cameras2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230183(1-7)Online publication date: Jul-2023
https://doi.org/10.1109/ICCCN58024.2023.10230183
Show More Cited By

Index Terms

Simple and effective defense against evil twin access points

Recommendations

Analysis and Identification of Evil Twin Attack through Data Science Techniques Using AWID3 Dataset
MLMI '23: Proceedings of the 6th International Conference on Machine Learning and Machine Intelligence

Wi-Fi is a widely used technology worldwide but can also be a source of insecurity. One of the most common forms of attack is the evil twin, where an attacker creates a fake Wi-Fi network with the same name as a legitimate network. Machine learning ...
A novel Evil Twin MiTM attack through 802.11v protocol exploitation
Abstract
In recent years, especially where 802.11 networks are involved, we have seen a rise in Man in the Middle (MiTM) attacks. In this work, we propose a novel method that maliciously exploits the BSS Transition Management frames IEEE 802.11v protocol ...
A Novel Approach for Rogue Access Point Detection on the Client-Side
WAINA '12: Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops

There is a big risk for public Wi-Fi users being tricked into connecting to rogue access points. Rogue access point is one of the most serious threats in WLAN, since it exposes a large number of users to MITM and evil twin attack. In this paper we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '08: Proceedings of the first ACM conference on Wireless network security

March 2008

234 pages

ISBN:9781595938145

DOI:10.1145/1352533

General Chair:
Virgil Gligor
University of Maryland, USA
,
Program Chairs:
Jean-Pierre Hubaux
EPFL, Switzerland
,
Radha Poovendran
University of Washington, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '08

Sponsor:

WISEC '08: First ACM Conference on Wireless Network Security

March 31 - April 2, 2008

VA, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
1,099
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)7

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Xue XYu SSong M(2023)Secure Device Trust Bootstrapping Against Collaborative Signal Modification AttacksIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229007(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229007
Neal ZSha K(2023)Analysis of Evil Twin, Deauthentication, and Disassociation Attacks on Wi-Fi Cameras2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230183(1-7)Online publication date: Jul-2023
https://doi.org/10.1109/ICCCN58024.2023.10230183
Chatzisofroniou GKotzanikolaou PGroß TViganò L(2022)Exploiting WiFi usability features for association attacks in IEEE 802.11Journal of Computer Security10.3233/JCS-21003630:3(357-380)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210036
Wang KZheng YZhang QBai GQin MZhang DDong J(2022)Assessing certificate validation user interfaces of WPA supplicantsProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3517026(501-513)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3517026
Thankappan MRifà-Pous HGarrigues C(2022)Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2022.118401210:COnline publication date: 30-Dec-2022
https://dl.acm.org/doi/10.1016/j.eswa.2022.118401
Shen WCheng YYin BDu JCao X(2021)Diffie-Hellman in the Air: A Link Layer Approach for In-Band Wireless PairingIEEE Transactions on Vehicular Technology10.1109/TVT.2021.311661970:11(11894-11907)Online publication date: Nov-2021
https://doi.org/10.1109/TVT.2021.3116619
McCormack MVasudevan ALiu GSekar V(2021) Formalizing an Architectural Model of a Trustworthy Edge IoT Security Gateway ‡ 2021 IEEE 27th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA)10.1109/RTCSA52859.2021.00019(93-102)Online publication date: Aug-2021
https://doi.org/10.1109/RTCSA52859.2021.00019
Kim WKim SLim H(2021)Malicious Data Frame Injection Attack Without Seizing Association in IEEE 802.11 Wireless LANsIEEE Access10.1109/ACCESS.2021.30541309(16649-16660)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3054130
Chatzisofroniou GKotzanikolaou P(2021)Association Attacks in IEEE 802.11: Exploiting WiFi Usability FeaturesSocio-Technical Aspects in Security and Trust10.1007/978-3-030-55958-8_6(107-123)Online publication date: 10-May-2021
https://doi.org/10.1007/978-3-030-55958-8_6
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten