| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 薛宇翔 | zh_TW |
| DC.creator | Yu-hsiang Hsueh | en_US |
| dc.date.accessioned | 2012-7-23T07:39:07Z | |
| dc.date.available | 2012-7-23T07:39:07Z | |
| dc.date.issued | 2012 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=995202093 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 隨著網際網路的普及,人們越來越倚賴網際網路來交換資訊,而為了滿足大眾隨時隨地能夠連上網路的需求,行動上網裝置與無線網路也廣泛地被部署和使用,無論在家中、企業中甚至出外旅遊等都離不開無線網路,而近年來政府單位也持續建置公用無線網路服務、打造網路城市,因此,無線網路的安全性也逐漸成為一項重要的議題。雖然無線網路帶來許多便利,但是由於少了實體網路線的連結,在無線網路的環境中存在著更多安全性威脅,而其中一個著名的威脅為 Evil Twin 攻擊。在無線網路的 Evil Twin 攻擊中,攻擊者會架設一個與正常 AP (Access Point) 同名 (SSID) 的 AP,並讓使用者在不知情的狀況下連線至該惡意 AP,藉此從中竊取使用者重要資訊。為了偵測 Evil Twin 攻擊,在先前的研究中大多數方法是由無線網路管理者的角度所提出,藉由檢查 AP 是否在認可的清單中來防止這種攻擊,但是這種作法不但效果有限並且無法在攻擊發生時即時保護一般使用者。雖然在其他研究中有基於用戶端提出一些解決的辦法,但其方法皆存在著一些現實環境中會面臨的局限性,因此,本研究首先提出藉由在使用者裝置上開啟無線網路卡的 Monitor 模式,並配合兩項測試,使得一般使用者在其能力範圍內,能夠對於開放式無線網路進行 Evil Twin 攻擊偵測。
| zh_TW |
| dc.description.abstract | Wireless network is becoming extremely popular with the rapid development of wireless LAN technology and the wide deployment of Wi-Fi equipment. In this paper, we proposed a client-based solution detecting ``evil twin’’ attack in wireless local area networks (WLANs). An evil twin is a kind of rogue Wi-Fi access point (AP) which has the same SSID name to the legitimate one and is set up by an adversary. To the user who associates to the evil twin, adversary may eavesdrops sensitive data of the user on wireless communications to the Internet. Most of existing detection solutions are administrator-based, which is used by wireless network administrator to verify whether a given AP is in an authorized list or not. Such administrator-based solutions are limited, hardly maintained, and difficult to protect users timely when the attack is launched. Hence, we propose a client-based detection by operating the wireless network interface controller (WNIC) in monitor mode and capturing the Internet packets in wireless environment. Through analysing the captured packets, client users can easily and precisely detect the evil twin attack even in a complicated AP scenario as well as avoid any threat arisen from connecting to an AP. Our method does not need to know any authorized AP list, and does not rely on data training or machine learning technique of target wireless network. Finally, we implemented a detecting system, LETDoWN, on Windows 7 operating system, which is widely used nowadays.
| en_US |
| DC.subject | wireless | en_US |
| DC.subject | evil twin | en_US |
| DC.subject | rogue AP | en_US |
| DC.title | LETDoWN: A Client-based Solution to Detect an Evil Twin Access Point | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | LETDoWN: A Client-based Solution to Detect an Evil Twin Access Point | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |