VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins

Open-access 802.11 public Wi-Fi hotspots support rudimentary low-level authentication at the access-point link-layer but offers no authentication mechanisms for the clients. Hence, there is a fundamental information asymmetry at play, enabling an adversary to launch AP-based evil-twin attacks. In this paper, we address this information asymmetry problem and propose a simple yet powerful solution for identifying and eliminating malicious APs, thereby providing users safe and private 802.11 public hotspots. Our proposed VOUCH-AP is a portable, platform-independent AP authentication framework. VOUCH-AP is, to our best knowledge, the first work to consider digital certificate-based AP authentication. The proposed solution does not require any hardware upgrades or specialised hardware, unlike 802.11i (aka WPA2). Finally, through security analysis, we show the security robustness of the proposed VOUCH-AP framework to counter evil-twin attacks.

[1]  Asaf Shabtai,et al.  Advanced Security Testbed Framework for Wearable IoT Devices , 2016, ACM Trans. Internet Techn..

[2]  Pin-Han Ho,et al.  A novel localised authentication scheme in IEEE 802.11 based Wireless Mesh Networks , 2008, Int. J. Secur. Networks.

[3]  Jing Liu,et al.  Internet of things' authentication and access control , 2012, Int. J. Secur. Networks.

[4]  Douglas C. Sicker,et al.  Practical Defenses for Evil Twin Attacks in 802.11 , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[5]  Srinivasan Seshan,et al.  Improving wireless privacy with an identifier-free link layer protocol , 2008, MobiSys '08.

[6]  Nalini Venkatasubramanian,et al.  Crowdsourced Mobile Data Transfer with Delay Bound , 2016, TOIT.

[7]  Thomas Engel,et al.  Undesired relatives: protection mechanisms against the evil twin attack in IEEE 802.11 , 2014, Q2SWinet '14.

[8]  Bruce Potter Wireless hotspots , 2006, Commun. ACM.

[9]  W.A.-H. Al-Salihy,et al.  A new proposed protocol of router's CA certificate , 2006, 2006 International Conference on Computing & Informatics.

[10]  Wei Cheng,et al.  Characterizing privacy leakage of public WiFi networks for users on travel , 2013, 2013 Proceedings IEEE INFOCOM.

[11]  Jihyuk Choi,et al.  Secure MAC-Layer Protocol for Captive Portals in Wireless Hotspots , 2011, 2011 IEEE International Conference on Communications (ICC).

[12]  Eric Y. Chen,et al.  Using end-to-middle security to protect against evil twin access points , 2009, 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops.