Abstract
Open-access 802.11 wireless networks are commonly deployed in cafes, bookstores, and other public spaces to provide free Internet connectivity. These networks are convenient to deploy, requiring no out-of-band key exchange or prior trust relationships. However, such networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client's previously-used access point for a variety of malicious purposes including malware injection or identity theft. We propose defenses that aim to maintain the simplicity, convenience, and usability of open-access networks while offering increased protection from evil twin attacks. First, we present an evil twin detection strategy called context-leashing that constrains access point trust by location. Second, we propose that wireless networks be identified by uncertified public keys and design an SSH-style authentication and session key establishment protocol that fits into the 802.1X standard. Lastly, to mitigate the pitfalls of SSH-style authentication, we present a crowd-sourcing-based reporting protocol that provides historical information for access point public keys while preserving the location privacy of users who contribute reports.
| Original language | English |
|---|---|
| Title of host publication | 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010 |
| DOIs | |
| Publication status | Published - 1 Dec 2010 |
| MoE publication type | A4 Conference publication |
| Event | IEEE Global Telecommunications Conference - Miami, United States Duration: 6 Dec 2010 → 10 Dec 2010 Conference number: 53 |
Conference
| Conference | IEEE Global Telecommunications Conference |
|---|---|
| Abbreviated title | GLOBECOM |
| Country/Territory | United States |
| City | Miami |
| Period | 06/12/2010 → 10/12/2010 |