Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs

Jonny Milliken, Valerio Selis, Kian Meng Yap, Alan Marshall

Abstract

The susceptibility of WiFi networks to Rogue Access Point attacks derives from the lack of identity for 802.11 devices. The most common means of detecting these attacks in current research is through tracking the credentials or the location of unauthorised and possibly malicious APs. In this paper, the authors outline a method of distinguishing WiFi Access Points using 802.11 MAC layer management frame traffic profiles. This system does not require location estimation or credential tracking techniques as used in current research techniques, which are known to be inaccurate. These characteristic management traffic profiles are shown to be unique for each device, tantamount to a MAC identity. The application of this technique to solving Rogue AP attacks under the constraints of an open access, public WiFi environment is discussed with the conclusion that the identity is practically very difficult to forge.

References

  1. Beyah, R., et al., 2004, Rogue Access Point Detection using Temporal Traffic Characteristics. In GLOBECOM 7804, IEEE Global Telecommunications Conference.
  2. Beyah, R., Venkataraman, A., 2011. Rogue Access Point Detection: Challenges, Solutions and Future Directions. IEEE Journal of Security & Privacy (9/5), pp. 56-61.
  3. Faria, D. B., Cheriton, D. R., 2006. Detecting IdentityBased Attacks in Wireless Networks Using Signalprints. In 5th ACM Workshop on Wireless Security.
  4. Franklin, J., et al., 2006. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In 15th USENIX Security Symposium.
  5. Ma, L., et al., 2007. RAP: Protecting Commodity WiFi Networks from Rogue Access Points. In 4th Intl. Conf. on Heterogeneous Networking for Quality, Reliability, Security and Robustness & Workshops.
  6. Ma L., et al., 2008. A Hybrid Rogue Access Point Protection Framework for Commodity WiFi Networks. In INFOCOM 7808, 27th Intl. Conf. on Computer Communications.
  7. Milliken, J., Marshall, A., 2012. Design and Analysis of an Independent, Layer 2, Open-Access WiFi Monitoring Infrastructure in the Wild. In ICWN 7812, International Conference on Wireless Networks.
  8. Milliken, J., et al., 2012. The Effect of Probe Interval Estimation on Attack Detection Performance of a WLAN Independent Intrusion Detection System. In ICWCA 7812, International Conference on Wireless Communications and Applications.
  9. Nagarajan, V., et al., 2010. Using Power Hoping to Counter MAC Spoofing Attacks in WLAN. In 7th IEEE Consumer Communications and Networking Conference.
  10. Percoco N. J., 2010. Trustwave Global Security Report 2010. Trustwave, Chicago, USA Shetty, S., et al., 2007. Rogue Access Point Detection By Analysing Networking Traffic Characteristics. In MILCOM 7807, IEEE Military Conference.
  11. Shivaraj, G., et al., 2008. A Hidden Markov Model Based Approach to Detect Rogue Access Points. In MILCOM 7808, IEEE Military Conference.
  12. Tao, Z., et al., 2008. X-mode: A real Time Approach of Discriminating WiFi Networking Impersonators. In NWESP 7808, 4th International Conference on Next Generation Web Services Practices.
Download


Paper Citation


in Harvard Style

Milliken J., Selis V., Meng Yap K. and Marshall A. (2013). Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 488-493. DOI: 10.5220/0004506404880493


in Bibtex Style

@conference{secrypt13,
author={Jonny Milliken and Valerio Selis and Kian Meng Yap and Alan Marshall},
title={Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={488-493},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004506404880493},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs
SN - 978-989-8565-73-0
AU - Milliken J.
AU - Selis V.
AU - Meng Yap K.
AU - Marshall A.
PY - 2013
SP - 488
EP - 493
DO - 10.5220/0004506404880493