Abstract
In this paper, we introduce a powerful hardware-based rogue access point (PrAP), which can relay back and forth traffic between a legitimate AP and a wireless station, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although perhaps effective against software-based rAP. In demonstrating that, we unveil new insight into fundamentals of time-based detectors for software-based rAPs and their operation: such techniques are only capable of detecting rAPs due to the speed of wireless AP bridging. To address the threat of such PrAPs, we propose a new tool for network administrators, a PrAP-Hunter based on intentional channel interference. Our PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile phone) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100 percent of detection rate, compared to 60 percent detection rate by the state-of-the-art. We show that our PrAP-Hunter is fast (takes 5-10 seconds), does not require any prior knowledge, and can be deployed in the wild by real-world experiments at 10 coffee shops.
| Original language | English |
|---|---|
| Article number | 8658163 |
| Pages (from-to) | 1056-1071 |
| Number of pages | 16 |
| Journal | IEEE Transactions on Mobile Computing |
| Volume | 19 |
| Issue number | 5 |
| DOIs | |
| State | Published - 1 May 2020 |
Bibliographical note
Publisher Copyright:© 2002-2012 IEEE.
Keywords
- Channel interference
- Ieee 802.11n
- Intrusion detection
- Rogue ap
- Wireless lan