Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.

Slides:



Advertisements
Similar presentations
SoNIC: Classifying Interference in Sensor Networks Frederik Hermans et al. Uppsala University, Sweden IPSN 2013 Presenter: Jeffrey.
Advertisements

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
SELECT: Self-Learning Collision Avoidance for Wireless Networks Chun-Cheng Chen, Eunsoo, Seo, Hwangnam Kim, and Haiyun Luo Department of Computer Science,
1 Channel Assignment Strategies Handoff (Handover) Process Handoff: Changing physical radio channels of network connections involved in a call,
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
AdHoc Probe: Path Capacity Probing in Wireless Ad Hoc Networks Ling-Jyh Chen, Tony Sun, Guang Yang, M.Y. Sanadidi, Mario Gerla Computer Science Department,
Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)
Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Wireless Local Area Networks By Edmund Gean August 2, 2000.
Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.
20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.
1 Introduction to Wireless Networks Michalis Faloutsos.
6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.
1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.
The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks Authors: Wenyuan XU, Wade Trappe, Yanyong Zhang and Timothy Wood Wireless.
Homework 2 Similar to the experiments done in the paper “Online Game QoE Evaluation using Paired Comparisons “ “Online Game QoE Evaluation using Paired.
6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: wireless LANs  6.5: mobility management:
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
Discriminating Congestion Losses from Wireless Losses using Inter- Arrival Times at the Receiver By Saad Biaz,Nitin H.Vaidya Texas A&M University IEEE.
Semester EEE449 Computer Networks The Data Link Layer Part 2: Media Access Control En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex,
A Guide to major network components
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
A User Experience-based Cloud Service Redeployment Mechanism KANG Yu.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 6 Wireless, WiFi and mobility.
ECE 4450:427/527 - Computer Networks Spring 2015
Wi-Fi Wireless LANs Dr. Adil Yousif. What is a Wireless LAN  A wireless local area network(LAN) is a flexible data communications system implemented.
Page 1 January 2002 doc.: IEEE 802.RR-02/018A-d5 IEEE 802 IEEE 802 proposal relating to DFS and JPT5G proposal.
CS640: Introduction to Computer Networks Aditya Akella Lecture 22 - Wireless Networking.
TCP Enhancement for Random Loss Jiang Wu Computer Science Lakehead University.
Chapter 6 Control Using Wireless Throttling Valves.
Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.
Load Balancing in Distributed Computing Systems Using Fuzzy Expert Systems Author Dept. Comput. Eng., Alexandria Inst. of Technol. Content Type Conferences.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
14.1 Chapter 14 Wireless LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
The University of Bolton School of Business & Creative Technologies Wireless Networks Introduction 1.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Estimating Bandwidth of Mobile Users Sept 2003 Rohit Kapoor CSD, UCLA.
Computer Networks with Internet Technology William Stallings
Packet Dispersion in IEEE Wireless Networks Mingzhe Li, Mark Claypool and Bob Kinicki WPI Computer Science Department Worcester, MA 01609
Scenario: Internet Attack Eunice Huang. What is DDoS? A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to.
Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.
Wireless and Mobility The term wireless is normally used to refer to any type of electrical or electronic operation which is accomplished without the use.
Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems USENIX 2009 Kehuan Zhang, Indiana University, Bloomington XiaoFeng Wang,
TCP with Variance Control for Multihop IEEE Wireless Networks Jiwei Chen, Mario Gerla, Yeng-zhong Lee.
Lecture (Mar 23, 2000) H/W Assignment 3 posted on Web –Due Tuesday March 28, 2000 Review of Data packets LANS WANS.
Networks and Distributed Systems Mark Stanovich Operating Systems COP 4610.
1. Introduction REU 2006-Packet Loss Distributions of TCP using Web100 Zoriel M. Salado, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero 2. Methodology.
Rate-Based Channel Assignment Algorithm for Multi-Channel Multi- Rate Wireless Mesh Networks Sok-Hyong Kim and Young-Joo Suh Department of Computer Science.
Performance Evaluation of Mobile Hotspots in Densely Deployed WLAN Environments Presented by Li Wen Fang Personal Indoor and Mobile Radio Communications.
WIRELESS COMMUNICATION Husnain Sherazi Lecture 1.
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Development of a QoE Model Himadeepa Karlapudi 03/07/03.
Quality of Service Schemes for IEEE Wireless LANs-An Evaluation 主講人 : 黃政偉.
Networks and Distributed Systems Sarah Diesburg Operating Systems COP 4610.
1 Chapter 4 MAC Layer – Wireless LAN Jonathan C.L. Liu, Ph.D. Department of Computer, Information Science and Engineering (CISE), University of Florida.
CSMA/CA Simulation  Course Name: Networking Level(UG/PG): UG  Author(s) : Amitendu Panja, Veedhi Desai  Mentor: Aruna Adil *The contents in this ppt.
Distributed-Queue Access for Wireless Ad Hoc Networks Authors: V. Baiamonte, C. Casetti, C.-F. Chiasserini Dipartimento di Elettronica, Politecnico di.
LA-MAC: A Load Adaptive MAC Protocol for MANETs IEEE Global Telecommunications Conference(GLOBECOM )2009. Presented by Qiang YE Smart Grid Subgroup Meeting.
1. Layered Architecture of Communication Networks: Circuit Switching & Packet Switching.
ICT Unit 4: Network and the effects of using them
Empirically Characterizing the Buffer Behaviour of Real Devices
Wireless Modes.
CS 457 – Lecture 7 Wireless Networks
DK presents Division of Computer Science, KAIST
Modeling and Evaluating Variable Bit rate Video Steaming for ax
Network programming Lecture 1 Prepared by: Dr. Osama Mokhtar.
Presentation transcript:

Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University Guofei Gy, Texas A&M University

Agenda 2  Introduction  Analysis  Algorithm  Evaluation  Conclusion

Agenda 3  Introduction Wireless Network Review Evil Twin Attack  Analysis  Algorithm  Evaluation  Conclusion

Wireless Network Review 4  Wireless terminology AP – Access Point SSID – Service Set Identifier RSSI – Received Signal Strength Indication BSS 1 BSS 2 Internet hub, switch or router AP  CSMA/CA DIFS – Distributed Inter-Frame Spacing SIFS – Short Inter-Frame Spacing BF – Random Backoff Time sender receiver BF data SIFS ACK DIFS

Evil Twin Attack 5  A phishing Wi-Fi AP that looks like a legitimate one (with the same SSID name).  Typically occurred near free hotspots, such as airports, cafes, hotels, and libraries.  Hard to trace since they can be launched and shut off suddenly or randomly, and last only for a short time after achieving their goal.

Evil Twin Attack (cont.) 6  Related work Monitors radio frequency airwaves and/or additional information gathered at router/switches and then compares with a known authorized list. Monitors traffic at wired side and determines if a machine uses wired or wireless connections. Then compare the result with an authorization list to detect if the associated AP is a rogue one.

Agenda 7  Introduction  Analysis Network Setting in This Model Problem Description Server IAT (Inter-packet Arrival Time)  Algorithm  Evaluation  Conclusion

Network Setting in This Model 8 Table 1: Variables and settings in this model Protocol802.11b802.11g 11 Mbps54 Mbps 100 Mbps Bytes 338 Bytes 402 Bytes 375 Bytes

Problem Description 9  An evil twin typically still requires the good twin for Internet access. Thus, the wireless hops for a user to access Internet are actually increased. Fig. 1: Illustration of the target problem in this paper What statistics can be used to effectively distinguish one-hop and two-hop wireless channels on user side? Are there any dynamic factors in a real network environment that can affect such statistics? How to design efficient detection algorithms with the consideration of these influencing factors?

Server IAT 10 

Server IAT (cont.) 11  Fig. 2: Server IAT illustration in the normal AP scenario

Server IAT (cont.) 12  Fig. 2: Server IAT illustration in the normal AP scenario

Server IAT (cont.) 13 

Server IAT (cont.) 14 Fig. 5: IAT distribution under RSSI=50% Fig. 4: IAT distribution under RSSI=100%

Agenda 15  Introduction  Analysis  Algorithm TMM (Trained Mean Matching Algorithm) HDT (Hop Differentiating Technique) Improvement by Preprocessing  Evaluation  Conclusion

TMM 16  Trained Mean Matching Algorithm (TMM) requires knowing the distribution of Server IAT as a prior knowledge.  Given a sequence of observed Server IATs, if the mean of these Server IATs has a higher likelihood of matching the trained mean of two-hop wireless channels, we conclude that the client uses two wireless network hops to communicate with the remote server indicating a likely evil twin attack, and vice versa.

TMM (cont.) 17 

TMM (cont.) 18 

TMM (cont.) 19 

HDT 20 

HDT (cont.) 21 Fig. 2: Server IAT illustration in the normal AP scenario Fig. 6: 6-AP IAT illustration in the normal AP scenario

HDT (cont.) 22  Protocol802.11b802.11g 11 Mbps54 Mbps 100 Mbps Bytes 338 Bytes 402 Bytes 375 Bytes

HDT (cont.) 23 

Improvement by Preprocessing 24 

Agenda 25  Introduction  Analysis  Algorithm  Evaluation Environment Setup Datasets Effectiveness Cross Validation  Conclusion

Environment Setup 26 Fig. 8: Environment for evil twin APFig. 7: Environment for normal AP

Datasets 27 RangeAB+B-C+C-DE Upper100%80%70%60%50%40%20% Lower80%70%60%50%40%20%0% AlgorithmProtocolAB+B-C+C-D HDT g0.8%0.86%3.91%3.72%4.69%7.09% b1.38%1.44%5.61%6.17%9.42%10.36% TMM g0.62%0.68%2.59%2.66%3.30%6.02% b0.99%1.04%3.33%4.72%7.44%8.29% Table 3: The percentage of filtered packets Table 2: RSSI ranges and corresponding levels

Effectiveness 28 Table 5: False positive rate for HDT and TMM Table 4: Detection rate for HDT and TMM AlgorithmProtocolAB+B-C+C-D HDT g99.08%98.72%93.53%94.31%87.29%81.39% b99.92%99.99%99.96%99.95%96.05%94.64% TMM g99.39%99.97%99.49%99.5%98.32%94.36% b99.81%95.43%94.81%96.09%91.94%85.71% AlgorithmProtocolAB+B-C+C-D HDT g2.19%1.41%2.06%1.93%2.48%6.52% b8.39%8.74%5.39%6.96%5.27%5.15% TMM g1.08%1.76%1.97%1.48%1.75%1.73% b0.78%1%1.07%1.27%6.65%7.01%

Effectiveness (cont.) 29 Fig. 9: Cumulative probability of the number of decision rounds for HDT to output a correct result

Effectiveness (cont.) 30 Table 7: False positive rate when number of input data in one decision round is 50 Table 6: Detection rate when number of input data in one decision round is 50 AlgorithmProtocolAB+B-C+C-D multi-HDT g99.62%100% 99.95%100% b100% multi-TMM g100%99.11%98.73%99.88%95.83%88% b100% AlgorithmProtocolAB+B-C+C-D multi-HDT g0%0.77%0% b0%0.03%0.02%0.11%0.73%0.1% multi-TMM g0%0.96%0.16%0.13%0.55%0.96% b0%1.07%1.16%1.02%1.36%1.41% Table 7: False positive rate when number of input data in one decision round is 100 AlgorithmProtocolAB+B-C+C-D multi-HDT g0% b0% 0.01% 0.02%0.01% multi-TMM g0% b0% 0.02% 0.03%

Effectiveness (cont.) 31 Fig. 10: Detection rate for multi-HDT using different numbers of input data in one decision round

Cross Validation 32 Fig. 11: Detection rate for TMM under different RSSI ranges

Cross Validation (cont.) 33 Fig. 12:Detection rate under different g networks

Cross Validation (cont.) 34 Fig. 13: False positive rate under different g networks

Agenda 35  Introduction  Analysis  Algorithm  Evaluation  Discussion and Conclusion Discussion Conclusion

Discussion 36  More wired hops? Several studies showed that the delays from the wired link is not comparable to those in the wireless link. We can trade-off for more decision rounds. Use a server within small hops. Maybe use techniques similar to “traceroute” to know the wired transfer time and then exclude/subtract them to minimize the noisy effect at wired side.

Discussion (cont.) 37  Will attacker increase IAT to avoid detection? Users don’t like a slow connection.  Eq. 1: Attacker may delay the packet to reduce the SAIR  What if some evil twin AP connect to wired network instead of using normal AP? That’s our future work.

Conclusion 38  We propose TMM and HDT to detect evil twin attack where TMM requires trained data and HDT doesn’t.  HDT is particularly attractive because it doesn’t rely on trained knowledge or parameters, and is resilient to changes in wireless environments.

The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.