wifihop - mitigating the evil twin attack through multi-hop detection
DESCRIPTION
ESORICS 2011 - WiFiHop - mitigating the Evil twin attack through multi-hop detectionTRANSCRIPT
![Page 1: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/1.jpg)
WiFiHop - Mitigating the Evil Twin
Attack through Multi-hop
Detection
D. Mónica, C. RibeiroINESC-ID / IST
![Page 2: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/2.jpg)
The Evil Twin Attack
![Page 3: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/3.jpg)
The Evil Twin Attack
A malicious AP is configured to mimic a legitimate AP, enabling attackers to eavesdrop all wireless communications done by the victims.
![Page 4: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/4.jpg)
The Evil Twin Attack
A malicious AP is configured to mimic a legitimate AP, enabling attackers to eavesdrop all wireless communications done by the victims.
![Page 5: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/5.jpg)
Existing Techniques
Detection by the network
Manual administrator detection (Netstumbler)
AirDefense
RIPPS
AirDefense
Yin et al. 2007
…
![Page 6: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/6.jpg)
Existing Techniques
Client-side detection
ETSniffer
![Page 7: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/7.jpg)
Existing Techniques
Client-side detection
ETSniffer
WifiHop
![Page 8: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/8.jpg)
Objectives
Provide a convinient and usable technique to detect Evil Twin Attacks
Ensuring:
User-sided operation
Operation not detectable by the attacker
Capable of operation in encrypted networks
Non-disruptive operation
![Page 9: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/9.jpg)
WiFiHop
![Page 10: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/10.jpg)
Approach
Detect a multi-hop setting between the user’s computer and the connection to the internet.
Assumes that the rogue AP will relay traffic to the internet using the original, legitimate AP
![Page 11: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/11.jpg)
Solution Overview
![Page 12: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/12.jpg)
Solution Overview
![Page 13: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/13.jpg)
Solution Overview
![Page 14: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/14.jpg)
WiFiHop
![Page 15: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/15.jpg)
Open WiFiHop
![Page 16: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/16.jpg)
Covert WiFiHop
Encrypted link between Malicious and Legitimate AP
We cannot access payloads of the exchanged packets
Encrypted
![Page 17: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/17.jpg)
Covert WiFiHop
We modify our scheme not to require payloads
Instead, we measure on the detection of packet lengths
WEP/WPA have deterministic, predictable packet lenghts
We create an watermark using a sequence of packets with pre-determined lengths
![Page 18: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/18.jpg)
Covert WiFiHop
Analysis of the probability of random generation of the watermark
We looked at the SIGCOMM trace
Total of 4 day sequence of packets
Got the least observed packet length given different analysis periods
Measured the correlations between successive lengths
Measured the amount of extraneous packets inserted amongst the watermark sequence packets
![Page 19: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/19.jpg)
Covert WiFiHop
![Page 20: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/20.jpg)
Covert WiFiHop
![Page 21: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/21.jpg)
Covert WiFiHop
![Page 22: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/22.jpg)
Covert WiFiHop
k-state finite state machine
Progresses whenever a packet with the proper length is detected
Ignores extraenous packets (machine state never regresses)
Due to packet loss, both the client and the server repeat the requests several times
![Page 23: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/23.jpg)
Testing network
Profile
DL Rate(Mbps)
ULRate (Mbps)
Low 2 1
Medium
8 5
High 16 12
![Page 24: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/24.jpg)
Summary
![Page 25: WiFiHop - mitigating the Evil twin attack through multi-hop detection](https://reader035.vdocument.in/reader035/viewer/2022070321/558b4cb3d8b42a342a8b4727/html5/thumbnails/25.jpg)
Final Remarks