Authors:
Jonny Milliken
1
;
Valerio Selis
2
;
Kian Meng Yap
3
and
Alan Marshall
4
Affiliations:
1
Queens University Belfast, United Kingdom
;
2
Northern Ireland Science Park, United Kingdom
;
3
Sunway University, Malaysia
;
4
Queens University Belfast, Northern Ireland Science Park and Sunway University, United Kingdom
Keyword(s):
WiFi, WLAN, Rogue AP, MAC, Probe, Frames, Identity.
Related
Ontology
Subjects/Areas/Topics:
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Network Security
;
Security in Information Systems
;
Security Metrics and Measurement
;
Wireless Network Security
Abstract:
The susceptibility of WiFi networks to Rogue Access Point attacks derives from the lack of identity for 802.11 devices. The most common means of detecting these attacks in current research is through tracking the credentials or the location of unauthorised and possibly malicious APs. In this paper, the authors outline a method of distinguishing WiFi Access Points using 802.11 MAC layer management frame traffic profiles. This system does not require location estimation or credential tracking techniques as used in current research techniques, which are known to be inaccurate. These characteristic management traffic profiles are shown to be unique for each device, tantamount to a MAC identity. The application of this technique to solving Rogue AP attacks under the constraints of an open access, public WiFi environment is discussed with the conclusion that the identity is practically very difficult to forge.