Upload
diogo-monica
View
464
Download
0
Tags:
Embed Size (px)
DESCRIPTION
ESORICS 2011 - WiFiHop - mitigating the Evil twin attack through multi-hop detection
Citation preview
WiFiHop - Mitigating the Evil Twin
Attack through Multi-hop
Detection
D. Mónica, C. RibeiroINESC-ID / IST
The Evil Twin Attack
The Evil Twin Attack
A malicious AP is configured to mimic a legitimate AP, enabling attackers to eavesdrop all wireless communications done by the victims.
The Evil Twin Attack
A malicious AP is configured to mimic a legitimate AP, enabling attackers to eavesdrop all wireless communications done by the victims.
Existing Techniques
Detection by the network
Manual administrator detection (Netstumbler)
AirDefense
RIPPS
AirDefense
Yin et al. 2007
…
Existing Techniques
Client-side detection
ETSniffer
Existing Techniques
Client-side detection
ETSniffer
WifiHop
Objectives
Provide a convinient and usable technique to detect Evil Twin Attacks
Ensuring:
User-sided operation
Operation not detectable by the attacker
Capable of operation in encrypted networks
Non-disruptive operation
WiFiHop
Approach
Detect a multi-hop setting between the user’s computer and the connection to the internet.
Assumes that the rogue AP will relay traffic to the internet using the original, legitimate AP
Solution Overview
Solution Overview
Solution Overview
WiFiHop
Open WiFiHop
Covert WiFiHop
Encrypted link between Malicious and Legitimate AP
We cannot access payloads of the exchanged packets
Encrypted
Covert WiFiHop
We modify our scheme not to require payloads
Instead, we measure on the detection of packet lengths
WEP/WPA have deterministic, predictable packet lenghts
We create an watermark using a sequence of packets with pre-determined lengths
Covert WiFiHop
Analysis of the probability of random generation of the watermark
We looked at the SIGCOMM trace
Total of 4 day sequence of packets
Got the least observed packet length given different analysis periods
Measured the correlations between successive lengths
Measured the amount of extraneous packets inserted amongst the watermark sequence packets
Covert WiFiHop
Covert WiFiHop
Covert WiFiHop
Covert WiFiHop
k-state finite state machine
Progresses whenever a packet with the proper length is detected
Ignores extraenous packets (machine state never regresses)
Due to packet loss, both the client and the server repeat the requests several times
Testing network
Profile
DL Rate(Mbps)
ULRate (Mbps)
Low 2 1
Medium
8 5
High 16 12
Summary
Final Remarks
Thank You