AN ATTACK SCENARIO USING A ROGUE ACCESS POINT IN IEEE 802.11 NETWORKS
Open Access
- 1 January 2021
- journal article
- Published by Borys Grinchenko Kyiv University in Cybersecurity: Education, Science, Technique
- Vol. 3 (11), 144-154
- https://doi.org/10.28925/2663-4023.2021.11.144154
Abstract
One of the most serious security threats to wireless local area networks (WLANs) in recent years is rogue access points that intruders use to spy on and attack. Due to the open nature of the wireless transmission medium, an attacker can easily detect the MAC addresses of other devices, commonly used as unique identifiers for all nodes in the network, and implement a spoofing attack, creating a rogue access point, the so-called "Evil Twin". The attacker goal is to connect legitimate users to a rogue access point and gain access to confidential information. This article discusses the concept, demonstrates the practical implementation and analysis of the “Evil Twin” attack. The algorithm of the intruder's actions, the scenario of attack on the client, and also procedure for setting up the program-implemented rogue access point is shown. It has been proven that the implementation of the attack is possible due to the existence of several access points with the same service set identifier and MAC address in the same area, allowed by 802.11 standard. The reasons for failure operation of the network and possible interception of information as a result of the attack are identified, methods of detecting rogue access points are analyzed. During the experiment, observations of the 802.11 frames showed that there were deviations in the behavior of beacon frames at the time of the "Evil Twin" attack. First, the number of beacon frames coming from the access point which succumbed to the attack is increasing. Secondly, the traffic analyzer detected significant fluctuations in the values of the received signal level, which simultaneously come from a legitimate and rogue access point, which allows to distinguish two groups of beacon frames. The "Evil Twin" attack was implemented and researched using Aircrack-ng – a package of software for auditing wireless networks, and Wireshark – network traffic analyzer. In the future, the results obtained can be used to improve methods of protection against intrusion into wireless networks, in order to develop effective systems for detecting and preventing intrusions into WLAN.Keywords
This publication has 10 references indexed in Scilit:
- EvilScout: Detection and Mitigation of Evil Twin Attack in SDN Enabled WiFiIEEE Transactions on Network and Service Management, 2020
- Security vulnerabilities, attacks and countermeasures in wireless sensor networks at various layers of OSI reference model: A surveyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- An Accurate Fake Access Point Detection Method Based on Deviation of Beacon Time IntervalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- A Novel Approach for Rogue Access Point Detection on the Client-SidePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- A Timing-Based Scheme for Rogue AP DetectionIEEE Transactions on Parallel and Distributed Systems, 2011
- On the reliability of wireless fingerprinting using clock skewsPublished by Association for Computing Machinery (ACM) ,2010
- On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock SkewsIEEE Transactions on Mobile Computing, 2009
- Enhancing the security of corporate Wi-Fi networks using DAIRPublished by Association for Computing Machinery (ACM) ,2006
- Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networksPublished by Association for Computing Machinery (ACM) ,2004
- Agent based intrusion detection and response system for wireless LANsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004