A Timing-Based Scheme for Rogue AP Detection

This paper considers a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing-based technique that allows the user to avoid connecting to rogue APs. Our detection scheme is a client-centric approach that employs the round trip time between the user and the DNS server to independently determine whether an AP is a rogue AP without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance. Extensive experiments have demonstrated the accuracy, effectiveness, and robustness of our approach. The algorithm achieves close to 100 percent accuracy in distinguishing rogue APs from legitimate APs in lightly loaded traffic conditions, and larger than 60 percent accuracy in heavy traffic conditions. At the same time, the detection only requires less than 1 second for lightly-loaded traffic conditions and tens of seconds for heavy traffic conditions.

[1]  Ilias Maglogiannis,et al.  The IEEE 802.11g standard for high data rate WLANs , 2005, IEEE Network.

[2]  Alec Wolman,et al.  Enhancing the security of corporate Wi-Fi networks using DAIR , 2006, MobiSys '06.

[3]  Jie Wang,et al.  Detecting protected layer-3 rogue APs , 2007, 2007 Fourth International Conference on Broadband Communications, Networks and Systems (BROADNETS '07).

[4]  Kevin C. Almeroth,et al.  Understanding congestion in IEEE 802.11b wireless networks , 2005, IMC '05.

[5]  Vaduvur Bharghavan,et al.  Robust rate adaptation for 802.11 wireless networks , 2006, MobiCom '06.

[6]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2010, IEEE Transactions on Mobile Computing.

[7]  Robert Tappan Morris,et al.  DNS performance and the effectiveness of caching , 2001, IMW '01.

[8]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[9]  Donald F. Towsley,et al.  Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[10]  Bo Sheng,et al.  A Measurement Based Rogue AP Detection Scheme , 2009, IEEE INFOCOM 2009.

[11]  David A. Cieslak,et al.  RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning , 2008, TSEC.

[12]  Paramvir Bahl,et al.  Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks , 2004, MobiCom '04.

[13]  Xiuzhen Cheng,et al.  A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[14]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[15]  Raheem A. Beyah,et al.  Rogue access point detection using temporal traffic characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[16]  Raheem A. Beyah,et al.  Rogue Access Point Detection Using Innate Characteristics of the 802.11 MAC , 2009, SecureComm.

[17]  Raheem A. Beyah,et al.  A Passive Approach to Rogue Access Point Detection , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[18]  Donald F. Towsley,et al.  Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs , 2007, IMC '07.

[19]  Sachin Shetty,et al.  Rogue Access Point Detection by Analyzing Network Traffic Characteristics , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[20]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.