LETDoWN: A Client-based Solution to Detect an Evil Twin Access Point

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：29

、訪客IP：3.144.189.177

姓名

薛宇翔(Yu-hsiang Hsueh) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

LETDoWN: A Client-based Solution to Detect an Evil Twin Access Point
(LETDoWN: A Client-based Solution to Detect an Evil Twin Access Point)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

隨著網際網路的普及，人們越來越倚賴網際網路來交換資訊，而為了滿足大眾隨時隨地能夠連上網路的需求，行動上網裝置與無線網路也廣泛地被部署和使用，無論在家中、企業中甚至出外旅遊等都離不開無線網路，而近年來政府單位也持續建置公用無線網路服務、打造網路城市，因此，無線網路的安全性也逐漸成為一項重要的議題。雖然無線網路帶來許多便利，但是由於少了實體網路線的連結，在無線網路的環境中存在著更多安全性威脅，而其中一個著名的威脅為 Evil Twin 攻擊。在無線網路的 Evil Twin 攻擊中，攻擊者會架設一個與正常 AP (Access Point) 同名 (SSID) 的 AP，並讓使用者在不知情的狀況下連線至該惡意 AP，藉此從中竊取使用者重要資訊。為了偵測 Evil Twin 攻擊，在先前的研究中大多數方法是由無線網路管理者的角度所提出，藉由檢查 AP 是否在認可的清單中來防止這種攻擊，但是這種作法不但效果有限並且無法在攻擊發生時即時保護一般使用者。雖然在其他研究中有基於用戶端提出一些解決的辦法，但其方法皆存在著一些現實環境中會面臨的局限性，因此，本研究首先提出藉由在使用者裝置上開啟無線網路卡的 Monitor 模式，並配合兩項測試，使得一般使用者在其能力範圍內，能夠對於開放式無線網路進行 Evil Twin 攻擊偵測。

摘要(英)

Wireless network is becoming extremely popular with the rapid development of wireless LAN technology and the wide deployment of Wi-Fi equipment. In this paper, we proposed a client-based solution detecting ``evil twin’’ attack in wireless local area networks (WLANs). An evil twin is a kind of rogue Wi-Fi access point (AP) which has the same SSID name to the legitimate one and is set up by an adversary. To the user who associates to the evil twin, adversary may eavesdrops sensitive data of the user on wireless communications to the Internet. Most of existing detection solutions are administrator-based, which is used by wireless network administrator to verify whether a given AP is in an authorized list or not. Such administrator-based solutions are limited, hardly maintained, and difficult to protect users timely when the attack is launched. Hence, we propose a client-based detection by operating the wireless network interface controller (WNIC) in monitor mode and capturing the Internet packets in wireless environment. Through analysing the captured packets, client users can easily and precisely detect the evil twin attack even in a complicated AP scenario as well as avoid any threat arisen from connecting to an AP. Our method does not need to know any authorized AP list, and does not rely on data training or machine learning technique of target wireless network. Finally, we implemented a detecting system, LETDoWN, on Windows 7 operating system, which is widely used nowadays.

關鍵字(中)

關鍵字(英)

★ wireless
★ evil twin
★ rogue AP

論文目次

摘要 i
Abstract ii
誌謝 iii
Contents iv
List of Figures vi
List of Tables vii
1 Introduction 1
1.1 Rogue AP and Evil Twin Attack 1
1.2 Solutions 3
1.3 Contributions 4
1.4 Thesis Organization 4
2 Background 6
2.1 RSSI 7
2.2 Monitor Mode 8
2.3 Redirection Behavior 9
3 Related Work 10
4 Design of LETDoWN 12
4.1 Overview 12
4.2 Detection Algorithm 14
5 Evaluation 20
5.1 Implementation and Experimental Setup 20
5.2 Effiectiveness 21
5.3 Time Efficiency 23
6 Discussion 24
6.1 Limitation 24
6.2 Weakness Analysis 25
6.3 Future Work 26
7 Conclusion 27
References 28

參考文獻

[1] K. N. Gopinath. (2010) Be aware of 5 wi-fi security threats.
[Online]. Available: http://fanaticmedia.com/infosecurity/archive/Feb10/
5-Wireless-Security-Threats v2.htm
[2] L. Phifer. (2010) Top ten wi-fi security threats. [On-
line]. Available: http://www.esecurityplanet.com/views/article.php/3869221/
Top-Ten-WiFi-Security-Threats.htm
[3] Wikipedia. (2011) Rogue access point. [Online]. Available: http://en.wikipedia.org/
wiki/Rogue access point
[4] Wikipedia. (2012) Received signal strength indication. [Online]. Available:
http://en.wikipedia.org/wiki/Received Signal Strength Indication
[5] J. Bellardo and S. Savage, “802.11 denial-of-service attacks: Real vulnerabilities and
practical solutions,” in USENIX Security Symposium, Auguest 2003.
[6] Cisco. (2007) Rogue detection under unified wireless networks. [On-
line]. Available: http://www.cisco.com/en/US/tech/tk722/tk809/technologies
white paper09186a0080722d8c.shtml
[7] The airmagnet project. [Online]. Available: http://www.airmagnet.com
[8] The netstumbler project. [Online]. Available: http://www.netstumbler.com
[9] Wisentry - wireless access point detection system. [Online]. Available: http:
//www.wimetrics.com/Products/WAPD.htm
[10] The inssider software. [Online]. Available: http://www.metageek.net/products/
inssider
[11] The airwave project. [Online]. Available: http://www.airwave.com
[12] Wavelink. [Online]. Available: http://www.wavelink.com
[13] Rogue access point detection: Automatically detect and manage wireless threats to
your network. [Online]. Available: http://www.proxim.com
[14] P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and
B. Zill, “Enhancing the security of corporate wi-fi networks using dair,” in
Proceedings of the 4th international conference on Mobile systems, applications and
services, ser. MobiSys ’06. New York, NY, USA: ACM, 2006, pp. 1–14. [Online].
Available: http://doi.acm.org/10.1145/1134680.1134682
[15] W. Wei, K. Suh, B. Wang, Y. Gu, J. Kurose, and D. Towsley, “Passive online
rogue access point detection using sequential hypothesis testing with tcp ack-pairs,”
in Proceedings of the 7th ACM SIGCOMM conference on Internet measurement,
ser. IMC ’07. New York, NY, USA: ACM, 2007, pp. 365–378. [Online]. Available:
http://doi.acm.org/10.1145/1298306.1298357
[16] H. Yin, G. Chen, and J. Wang, “Detecting protected layer-3 rogue aps,” in Broad-
band Communications, Networks and Systems, 2007. BROADNETS 2007. Fourth
International Conference on, Sept. 2007, pp. 449 –458.
[17] W. Wei, B. Wang, C. Zhang, J. Kurose, and D. Towsley, “Classiﬁcation of
access network types: Ethernet, wireless lan, adsl, cable modem or dialup?”
Comput. Netw., vol. 52, no. 17, pp. 3205–3217, Dec. 2008. [Online]. Available:
http://dx.doi.org/10.1016/j.comnet.2008.08.018
[18] S. Shetty, M. Song, and L. Ma, “Rogue access point detection by analyzing net-
work traffic characteristics,” in Military Communications Conference, 2007. MIL-
COM 2007. IEEE, Oct. 2007, pp. 1 –7.
[19] W. Wei, S. Jaiswal, J. Kurose, and D. Towsley, “Identifying 802.11 traffic from
passive measurements using iterative bayesian inference,” in INFOCOM 2006. 25th
IEEE International Conference on Computer Communications. Proceedings, April
2006, pp. 1 –12.
[20] V. Baiamonte, K. Papagiannaki, and G. Iannaccone, “Detecting 802.11 wireless hosts
from remote passive observations,” in Proceedings of the 6th international IFIP-TC6
conference on Ad Hoc and sensor networks, wireless networks, next generation
internet, ser. NETWORKING’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp.
356–367. [Online]. Available: http://dl.acm.org/citation.cfm?id=1772322.1772361
[21] L. Watkins, R. Beyah, and C. Corbett, “A passive approach to rogue access point de-
tection,” in Global Telecommunications Conference, 2007. GLOBECOM ’07. IEEE,
Nov. 2007, pp. 355 –360.
[22] Y. Song, C. Yang, and G. Gu, “Who is peeping at your passwords at starbucks? – to
catch an evil twin access point,” in Dependable Systems and Networks (DSN), 2010
IEEE/IFIP International Conference on, 28 2010-July 1 2010, pp. 323 –332.
[23] S. Nikbakhsh, A. Manaf, M. Zamani, and M. Janbeglou, “A novel approach for rogue
access point detection on the client-side,” in Advanced Information Networking and
Applications Workshops (WAINA), 2012 26th International Conference on, March
2012, pp. 684 –687.
[24] Microsoft network monitor. [Online]. Available: http://support.microsoft.com/kb/
933741
[25] A. Panch and S. K. Singh, “A novel approach for evil twin or rogue ap mitigation in
wireless environment,” International Journal of Security and Its Applications, vol. 4,
no. 4, October 2010.
[26] Winpcap. [Online]. Available: http://www.winpcap.org
[27] Aircrack-ng. (2011) Determine the driver. [Online]. Avail-
able: http://www.aircrack-ng.org/doku.php?id=compatibility drivers&DokuWiki=
01c89160d88dc29d91c1546165ca8089#determine the driver

指導教授

許富皓(Fu-hau Hsu)

審核日期

2012-7-23

推文