Exploiting Wireless Received Signal Strength Indicators to Detect Evil-Twin Attacks in Smart Homes

Evil-Twin is becoming a common attack in smart home environments where an attacker can set up a fake AP to compromise the security of the connected devices. To identify the fake APs, The current approaches of detecting Evil-Twin attacks all rely on information such as SSIDs, the MAC address of the genuine AP, or network traffic patterns. However, such information can be faked by the attacker, often leading to low detection rates and weak protection. This paper presents a novel Evil-Twin attack detection method based on the received signal strength indicator (RSSI). Our approach considers the RSSI as a fingerprint of APs and uses the fingerprint of the genuine AP to identify fake ones. We provide two schemes to detect a fake AP in two different scenarios where the genuine AP can be located at either a single or multiple locations in the property, by exploiting the multipath effect of the Wi-Fi signal. As a departure from prior work, our approach does not rely on any professional measurement devices. Experimental results show that our approach can successfully detect 90% of the fake APs, at the cost of a one-off, modest connection delay.

[1]  Jue Wang,et al.  Dude, where's my card?: RFID positioning that works with multipath and non-line of sight , 2013, SIGCOMM.

[2]  Laurence T. Yang,et al.  Privacy Preserving Deep Computation Model on Cloud for Big Data Feature Learning , 2016, IEEE Transactions on Computers.

[3]  Xinbing Wang,et al.  Fundamental limits of RSS fingerprinting based indoor localization , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[4]  Paul Congdon,et al.  Avoiding multipath to revive inbuilding WiFi localization , 2013, MobiSys '13.

[5]  Cliff Changchun Zou,et al.  User-side Wi-Fi Evil Twin Attack detection using SSL/TCP protocols , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[6]  Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field , 2006 .

[7]  Min Gao,et al.  FILA: Fine-grained indoor localization , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  T YangLaurence,et al.  Privacy Preserving Deep Computation Model on Cloud for Big Data Feature Learning , 2016 .

[9]  Chase Qishi Wu,et al.  Transferring Compressive-Sensing-Based Device-Free Localization Across Target Diversity , 2015, IEEE Transactions on Industrial Electronics.

[10]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[11]  Anja Feldmann,et al.  Programming the Home and Enterprise WiFi with OpenSDWN , 2015, SIGCOMM.

[12]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[13]  R. A. Leibler,et al.  On Information and Sufficiency , 1951 .

[14]  Raheem A. Beyah,et al.  Rogue access point detection using temporal traffic characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[15]  Alfred O. Hero,et al.  Relative location estimation in wireless sensor networks , 2003, IEEE Trans. Signal Process..

[16]  Bo Sheng,et al.  A Timing-Based Scheme for Rogue AP Detection , 2011, IEEE Transactions on Parallel and Distributed Systems.

[17]  David A. Cieslak,et al.  RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning , 2008, TSEC.

[18]  Kaishun Wu,et al.  We Can Hear You with Wi-Fi! , 2016, IEEE Trans. Mob. Comput..

[19]  D.A. Dai Zovi,et al.  Attacking automatic wireless network selection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[20]  Eric Campo,et al.  A review of smart homes - Present state and future challenges , 2008, Comput. Methods Programs Biomed..

[21]  Desmond Loh Chin Choong,et al.  Identifying unique devices through wireless fingerprinting , 2008, WiSec '08.

[22]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[23]  Thomas Engel,et al.  Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11 , 2014, Q2SWinet '14.

[24]  Donald F. Towsley,et al.  Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs , 2007, IMC '07.

[25]  Christoph Neumann,et al.  An Empirical Study of Passive 802.11 Device Fingerprinting , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[26]  Jason Liu,et al.  Experimental evaluation of wireless simulation assumptions , 2004, MSWiM '04.

[27]  Sergey Bratus,et al.  Active behavioral fingerprinting of wireless devices , 2008, WiSec '08.

[28]  Fengyuan Xu,et al.  Defending against vehicular rogue APs , 2011, 2011 Proceedings IEEE INFOCOM.

[29]  Anshul Rai,et al.  Zee: zero-effort crowdsourcing for indoor localization , 2012, Mobicom '12.

[30]  Julien Herzen,et al.  Distributed spectrum assignment for home WLANs , 2013, 2013 Proceedings IEEE INFOCOM.

[31]  P. Levis,et al.  RSSI is Under Appreciated , 2006 .

[32]  Anja Feldmann,et al.  Programmatic Orchestration of WiFi Networks , 2014, USENIX Annual Technical Conference.

[33]  S Kullback,et al.  LETTER TO THE EDITOR: THE KULLBACK-LEIBLER DISTANCE , 1987 .

[34]  Sachin Katti,et al.  SpotFi: Decimeter Level Localization Using WiFi , 2015, SIGCOMM.

[35]  Guangzhi Qu,et al.  RAPiD: An indirect rogue access points detection system , 2010, International Performance Computing and Communications Conference.

[36]  Xiao Lu,et al.  Real-Time and Spatio-Temporal Crowd-Sourced Social Network Data Publishing with Differential Privacy , 2018, IEEE Transactions on Dependable and Secure Computing.

[37]  Jie Yang,et al.  Push the limit of WiFi based localization for smartphones , 2012, Mobicom '12.

[38]  Rong Li,et al.  Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality , 2016, Mob. Inf. Syst..

[39]  Laurence T. Yang,et al.  PPHOCFS: Privacy Preserving High-Order CFS Algorithm on the Cloud for Clustering Multimedia Data , 2016, ACM Trans. Multim. Comput. Commun. Appl..