The Community for Technology Leaders
RSS Icon
Issue No.11 - November (2011 vol.22)
pp: 1912-1925
Hao Han , College of William and Mary, Williamsburg
Bo Sheng , University of Massachusetts Boston, Boston
Chiu C. Tan , Temple University, Philadelphia
Qun Li , College of William and Mary, Williamsburg
Sanglu Lu , Nanjing University, Nanjing
This paper considers a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing-based technique that allows the user to avoid connecting to rogue APs. Our detection scheme is a client-centric approach that employs the round trip time between the user and the DNS server to independently determine whether an AP is a rogue AP without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance. Extensive experiments have demonstrated the accuracy, effectiveness, and robustness of our approach. The algorithm achieves close to 100 percent accuracy in distinguishing rogue APs from legitimate APs in lightly loaded traffic conditions, and larger than 60 percent accuracy in heavy traffic conditions. At the same time, the detection only requires less than 1 second for lightly-loaded traffic conditions and tens of seconds for heavy traffic conditions.
Wireless LAN, IEEE 802.11, rogue access point, round trip time.
Hao Han, Bo Sheng, Chiu C. Tan, Qun Li, Sanglu Lu, "A Timing-Based Scheme for Rogue AP Detection", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 11, pp. 1912-1925, November 2011, doi:10.1109/TPDS.2011.125
[1] Air defence,, 2009.
[2] Air magnet,, 2011.
[3] Air wave,, 2011.
[4] L. Ma, A.Y. Teymorian, and X. Cheng, "A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks," Proc. IEEE INFOCOM, 2008.
[5] W. Wei, K. Suh, B. Wang, Y. Gu, J. Kurose, and D. Towsley, "Passive Online Rogue Access Point Detection Using Sequential Hypothesis Testing with TCP ACK-Pairs," Proc. Seventh ACM SIGCOMM Conf. Internet Measurement (IMC), 2007.
[6] H. Yin, G. Chen, and J. Wang, "Detecting Protected Layer-3 Rogue APs," Proc. Fourth IEEE Int'l Conf. Broadband Comm., Networks, and Systems (BROADNETS '07), 2007.
[7] S. Shetty, M. Song, and L. Ma, "Rogue Access Point Detection by Analyzing Network Traffic Characteristics," Proc. IEEE Military Comm. Conf. (MILCOM '07), 2007.
[8] H. Han, B. Sheng, C.C. Tan, Q. Li, and S. Lu, "A Measurement Based Rogue AP Detection Scheme," Proc. IEEE INFOCOM, 2009.
[9] P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill, "Enhancing the Security of Corporate Wi-Fi Networks Using DAIR," Proc. Fourth Int'l Conf. Mobile Systems, Applications and Services (MobiSys '06), 2006.
[10] Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, "Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength," Proc. IEEE INFOCOM, 2008.
[11] V. Brik, S. Banerjee, M. Gruteser, and S. Oh, "Wireless Device Identification with Radiometric Signatures," Proc. Mobicom, 2008.
[12] S. Jana and S. Kasera, "On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews," Proc. Mobicom, 2008.
[13] A. Adya, P. Bahl, R. Chandra, and L. Qiu, "Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks," Proc. Mobicom, 2004.
[14] R. Beyah, S. Kangude, G. Yu, B. Strickland, and J. Copeland, "Rogue Access Point Detection Using Temporal Traffic Characteristics," Proc. IEEE Global Telecomm. Conf. (GLOBECOM '04), 2004.
[15] W. Wei, S. Jaiswal, J.F. Kurose, and D.F. Towsley, "Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference," Proc. IEEE INFOCOM, 2006.
[16] L. Watkins, R. Beyah, and C. Corbett, "A Passive Approach to Rogue Access Point Detection," Proc. IEEE Global Telecomm. Conf. (GLOBECOM '07), 2007.
[17] C.D. Mano, A. Blaich, Q. Liao, Y. Jiang, D.A. Cieslak, D. Salyers, and A. Striegel, "Ripps: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts through Network Traffic Conditioning," ACM Trans. Information and System Security, vol. 11, no. 2, 2008.
[18] A. Venkataraman and R. Beyah, "Rogue Access Point Detection Using Innate Characteristics of the 802.11 Mac," Proc. Int'l ICST Conf. Security and Privacy in Comm. Networks (SecureComm '09), 2009.
[19] 89600s Series VXI-Based Vector Signal Analyzer. Agilent Tech nologies.
[20] J. Jung, E. Sit, H. Balakrishnan, and R. Morris, "DNS Performance and the Effectiveness of Caching," Computer Comm. Rev., vol. 32, no. 1, p. 74, 2002.
[21] D. Vassis, G. Kormentzas, A.N. Rouskas, and I. Maglogiannis, "The IEEE 802.11g Standard fo High Data Rate Wlans," IEEE Network, vol. 19, no. 3, pp. 21-26, May/June 2005.
[22] S.H.Y. Wong, H. Yang, S. Lu, and V. Bharghavan, "Robust Rate Adaptation for 802.11 Wireless Networks," Proc. Mobicom, 2006.
[23] Madwifi, http:/, 2011.
[24] Ipw3945,, 2011.
[25] E. Kohler, R. Morris, B. Chen, J. Jannotti, and M.F. Kaashoek, "The Click Modular Router," ACM Trans. Computer Systems, vol. 18, no. 3, pp. 263-297, 2000.
[26] A.P. Jardosh, K.N. Ramachandran, K.C. Almeroth, and E.M. Belding-Royer, "Understanding Congestion in IEEE 802.11b Wireless Networks," Proc. Fifth ACM SIGCOMM Conf. Internet Measurement, pp. 279-292, 2005.
[27] Libpcap, http:/, 2011.
31 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool