EvilScout: Detection and Mitigation of Evil Twin Attack in SDN enabled WiFi

Shrivastava, Pragati and Jamal, Mohd Saalim and Kataoka, Kotaro (2020) EvilScout: Detection and Mitigation of Evil Twin Attack in SDN enabled WiFi. IEEE Transactions on Network and Service Management. ISSN 2373-7379

Full text not available from this repository. (Request a copy)

Abstract

Spoofing the identity of a WiFi access point (AP) is trivial. Consequently, an adversary can impersonate the legitimate AP (LAP) by mimicking its network name (SSID) and MAC address (BSSID). This fake AP is called the evil twin. An evil twin can perform multiple attacks such as man-in-the-middle (MITM) attack between the LAP and a wireless client as well as service blocking of LAP. Existing solutions rely on the collection and calculation of information with the AP and/or client for finding evidence of evil twins in the WiFi network. Some of them require additional hardware to acquire further information that cannot be provided by the AP/client. In this paper, we propose “EvilScout," an evil twin detection and mitigation framework that utilizes the information of the IP-prefix distribution by the LAP. EvilScout exploits the SDN potential for detection of an evil twin without the need of any additional hardware or modifications at the AP or client. Additionally, the information that becomes available at the SDN controller enables simplified and more accurate evil twin detection. This paper presents the implementation of EvilScout over a real SDN WiFi testbed with an actual evil twin. We verify the successful detection of the evil twin with high accuracy and low processing cost at the SDN WiFi. We perform a rigorous analysis of the evil twin in different WiFi setups and discover a new “AP Service Blocking” attack by the evil twin adversary in the WPA2 protected WiFi for the first time.

[error in script]
IITH Creators:
IITH CreatorsORCiD
Kataoka, KotaroUNSPECIFIED
Item Type: Article
Uncontrolled Keywords: Software-defined networks(SDN), WiFi Security, Evil Twin Attack, Duplicate Association.
Subjects: Computer science
Divisions: Department of Computer Science & Engineering
Depositing User: Team Library
Date Deposited: 24 Feb 2020 05:14
Last Modified: 24 Feb 2020 05:14
URI: http://raiithold.iith.ac.in/id/eprint/7452
Publisher URL: http://doi.org/10.1109/TNSM.2020.2972774
Related URLs:

Actions (login required)

View Item View Item
Statistics for RAIITH ePrint 7452 Statistics for this ePrint Item