This Article 
 Bibliographic References 
 Add to: 
Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions
September/October 2011 (vol. 9 no. 5)
pp. 56-61
Raheem Beyah, Georgia Tech
Since wireless access points have reached commodity pricing, the appeal of deploying them in an unauthorized fashion has grown. Unlike traditional attacks, which originate outside the network, the insertion of rogue access points (RAPs) is most often due to insiders. This seemingly simple misfeasance can have significant consequences; it creates a back door to the network, completely negating the significant investment in securing the network. Several RAP detection approaches exist, but none are foolproof. Industry, government, and academia need to be aware of this problem and promote state-of-the-art detection methods.

1. "Wireless LANs: Risks and Defenses," white paper, AirDefense, 2002; .
2. "Tired of Rogues: Solutions for Detecting and Eliminating Rogue Wireless Networks," white paper, AirDefense, 2009.
3. "Best Practices for Securing Your Wireless LAN," white paper, AirMagnet, 2004.
4. J. Branch et al., "Autonomic 802.11 Wireless LAN Security Auditing," IEEE Security & Privacy, vol. 2, no. 3, 2004, pp. 56–65.
5. "AirWave Wireless Management Suite," white paper, AirWave, 2006.
6. P. Bahl et al., "Enhancing the Security of Corporate Wi-Fi Networks Using DAIR," Proc. 4th Int'l Conf. Mobile Systems, Applications and Services (MobiSys 06), ACM Press, 2006, pp. 1–14.
7. R. Beyah et al., "Rogue Access Point Detection Using Temporal Traffic Characteristics," Proc. 2004 Global Telecommunications Conf. (GLOBECOM 04), IEEE CS Press, 2004, pp. 2271–2275.
8. W. Wei et al., "Passive Online Rogue Access Point Detection Using Sequential Hypothesis Testing with TCP ACK-Pairs," Proc. 7th ACM SIGCOMM Conf. Internet Measurement (IMC 07), ACM Press, 2007, pp. 365–378.
9. C.D. Mano et al., "RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts through Network Traffic Conditioning," ACM Trans. Information and System Security, vol. 11, no. 2, 2007, article 2.
10. L. Ma, A.Y. Teymorian, and X. Cheng, "A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks," Proc. 27th Conf. Computer Communications (INFOCOM 08), IEEE CS Press, 2008, pp. 1220–1228.
11. "Rogue Access Point Detection: Automatically Detect and Manage Wireless Threats to Your Network," white paper, Proxim Wireless, 2004.
12. K. Gao, C. Corbett, and R. Beyah, "A Passive Approach to Wireless Device Fingerprinting," Proc. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN 10), IEEE CS Press, 2010, pp. 383–392.
13. S. Bratus et al., "Active Behavioral Fingerprinting of Wireless Devices," Proc. 1st ACM Conf. Wireless Network Security (WiSec 08), ACM Press, 2008, pp. 56–61.
1. H. Han et al., "A Timing-Based Scheme for Rogue AP Detection," to be published in IEEE Trans. Parallel and Distributed Systems.
2. S. Jana and S.K. Kasera, "On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews," IEEE Trans. Mobile Computing, vol. 9, no. 3, 2010, pp. 449–462.
1. A. Venkataraman and R. Beyah, "Rogue Access Point Detection Using Innate Characteristics of the 802.11 MAC," Proc. Int'l ICST Conf. Security and Privacy in Communication Networks (SecureComm 09), Springer, 2009, pp. 394–416.
2. C. Corbett, R. Beyah, and J. Copeland, "A Passive Approach to Wireless NIC Identification," IEEE Int'l Conf. Communications (ICC 06), IEEE Press, 2006, pp. 2329–2334.

Index Terms:
rogue access points, insider attacks, intrusion detection, computer security
Raheem Beyah, Aravind Venkataraman, "Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions," IEEE Security & Privacy, vol. 9, no. 5, pp. 56-61, Sept.-Oct. 2011, doi:10.1109/MSP.2011.75
Usage of this product signifies your acceptance of the Terms of Use.