Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n

Rhongho Jang; Jeonil Kang; Aziz Mohaisen; Daehun Nyang

doi:10.1109/ICDCS.2017.153

Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n

Rhongho Jang, Jeonil Kang, Aziz Mohaisen, Daehun Nyang

Department of Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

11 Scopus citations

Abstract

In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station back and forth, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through extensive experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based rAP. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art. We show that PrAP-Hunter is fast (takes 5-10 sec), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.

Original language	English
Title of host publication	Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017
Editors	Kisung Lee, Ling Liu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	2515-2520
Number of pages	6
ISBN (Electronic)	9781538617915
DOIs	https://doi.org/10.1109/ICDCS.2017.153
State	Published - 13 Jul 2017
Event	37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017 - Atlanta, United States Duration: 5 Jun 2017 → 8 Jun 2017

Publication series

Name	Proceedings - International Conference on Distributed Computing Systems

Conference

Conference	37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017
Country/Territory	United States
City	Atlanta
Period	5/06/17 → 8/06/17

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Keywords

Channel interference
IEEE 802.11n
Intrusion detection
Rogue AP
Wireless LAN

Access to Document

10.1109/ICDCS.2017.153

Cite this

Jang, R., Kang, J., Mohaisen, A., & Nyang, D. (2017). Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n. In K. Lee, & L. Liu (Eds.), Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017 (pp. 2515-2520). Article 7980221 (Proceedings - International Conference on Distributed Computing Systems). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCS.2017.153

Jang, Rhongho ; Kang, Jeonil ; Mohaisen, Aziz et al. / Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n. Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017. editor / Kisung Lee ; Ling Liu. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 2515-2520 (Proceedings - International Conference on Distributed Computing Systems).

@inproceedings{28a04470a38d47aca7fdcfd42c02e1f3,

title = "Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n",

abstract = "In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station back and forth, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through extensive experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based rAP. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100\% of detection rate, compared to 60\% detection rate by the state-of-the-art. We show that PrAP-Hunter is fast (takes 5-10 sec), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.",

keywords = "Channel interference, IEEE 802.11n, Intrusion detection, Rogue AP, Wireless LAN",

author = "Rhongho Jang and Jeonil Kang and Aziz Mohaisen and Daehun Nyang",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017 ; Conference date: 05-06-2017 Through 08-06-2017",

year = "2017",

month = jul,

day = "13",

doi = "10.1109/ICDCS.2017.153",

language = "English",

series = "Proceedings - International Conference on Distributed Computing Systems",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "2515--2520",

editor = "Kisung Lee and Ling Liu",

booktitle = "Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017",

}

Jang, R, Kang, J, Mohaisen, A & Nyang, D 2017, Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n. in K Lee & L Liu (eds), Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017., 7980221, Proceedings - International Conference on Distributed Computing Systems, Institute of Electrical and Electronics Engineers Inc., pp. 2515-2520, 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, Atlanta, United States, 5/06/17. https://doi.org/10.1109/ICDCS.2017.153

Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n. / Jang, Rhongho; Kang, Jeonil; Mohaisen, Aziz et al.
Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017. ed. / Kisung Lee; Ling Liu. Institute of Electrical and Electronics Engineers Inc., 2017. p. 2515-2520 7980221 (Proceedings - International Conference on Distributed Computing Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n

AU - Jang, Rhongho

AU - Kang, Jeonil

AU - Mohaisen, Aziz

AU - Nyang, Daehun

PY - 2017/7/13

Y1 - 2017/7/13

N2 - In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station back and forth, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through extensive experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based rAP. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art. We show that PrAP-Hunter is fast (takes 5-10 sec), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.

AB - In this work, we introduce a powerful hardware-based rogue access point (PrAP), which can relay traffic between a legitimate AP and a wireless station back and forth, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through extensive experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although effective against software-based rAP. To defend against PrAPs, we propose PrAP-Hunter based on intentional channel interference. PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100% of detection rate, compared to 60% detection rate by the state-of-the-art. We show that PrAP-Hunter is fast (takes 5-10 sec), does not require any prior knowledge, and can be deployed in the wild by real world experiments at 10 coffee shops.

KW - Channel interference

KW - IEEE 802.11n

KW - Intrusion detection

KW - Rogue AP

KW - Wireless LAN

UR - https://www.scopus.com/pages/publications/85027255082

U2 - 10.1109/ICDCS.2017.153

DO - 10.1109/ICDCS.2017.153

M3 - Conference contribution

AN - SCOPUS:85027255082

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 2515

EP - 2520

BT - Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017

A2 - Lee, Kisung

A2 - Liu, Ling

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017

Y2 - 5 June 2017 through 8 June 2017

ER -

Jang R, Kang J, Mohaisen A, Nyang D. Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n. In Lee K, Liu L, editors, Proceedings - IEEE 37th International Conference on Distributed Computing Systems, ICDCS 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 2515-2520. 7980221. (Proceedings - International Conference on Distributed Computing Systems). doi: 10.1109/ICDCS.2017.153

Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this