PoEx: Proof of Existence for Evil Twin Attack Prevention in Wi-Fi Personal Networks

Abstract

Wi-Fi is the dominant infrastructure for last-mile internet access both in indoor and outdoor environments. The existing Wi-Fi infrastructure leverages to offer IoT services. Despite the growth and popularity of Wi-Fi, security is a significant concern associated with it. One such issue with the Wi-Fi network is Evil Twin Attack (ETA). In ETA, the adversary creates an Evil Twin AP (EAP), a copy of Legitimate Access Point (LAP), for the user to connect. Once the user connects to EAP, the adversary can perform various attacks. Enterprise networks can solve ETA with the help of certificate-based server authentication using 802.1X and Extensible Authentication Protocol. However, there is no proper solution to detect ETA in Wi-Fi personal networks. Latest Wi-Fi security algorithms, namely Wi-Fi Protected Access 3 (WPA3) and Opportunistic Wireless Encryption (OWE) also vulnerable to ETA. This paper proposes a novel Proof of Existence (PoEx) scheme, bringing network lifetime to Access Point (AP). Wi-Fi client devices will detect and prevent ETA using associated AP lifetime. We apply the proposed PoEx scheme on WPA3 and OWE and show the security improvements. Our experiment results show that lifetime forging is difficult due to an exponential number of computations (2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">(N-1)</sup> ) required. The experimental result also shows negligible overhead (less than 2%) on throughput when the PoEx solution is enabled.