TY - GEN
T1 - Practical defenses for evil twin attacks in 802.11
AU - Gonzales, Harold
AU - Bauer, Kevin
AU - Lindqvist, Janne
AU - McCoy, Damon
AU - Sicker, Douglas
PY - 2010
Y1 - 2010
N2 - Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.
AB - Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.
UR - http://www.scopus.com/inward/record.url?scp=79551626084&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79551626084&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2010.5684213
DO - 10.1109/GLOCOM.2010.5684213
M3 - Conference contribution
AN - SCOPUS:79551626084
SN - 9781424456383
T3 - GLOBECOM - IEEE Global Telecommunications Conference
BT - 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 53rd IEEE Global Communications Conference, GLOBECOM 2010
Y2 - 6 December 2010 through 10 December 2010
ER -