Robust Authentication of Public Access Points Using Digital Certificates – A Novel Approach

Abstract

This paper present a novel Certificate-based authentication of public access points (APs). The presented approach is the first to consider authentication of public APs. It is also the first work to consider using digital Certificates for public AP authentication. Normally, when a user wants to access internet in public hot-spots like airports, coffee shops, library, etc., there is often lack of information for the user to make an informed decision on which AP to connect. Consequently, an adversary can easily place a rogue AP in a public hotspot luring users to connect to his AP. Unfortunately, most people focus their attention to the signal strength of the AP and the service fee, and very little attention to the security of the AP. This makes the job of the adversary significantly easier. The adversary can simply place a rogue AP with a look alike name (SSID) that is free to users. With the proposed Certificate-based authentication of APs, the user can readily see available certified APs in range and choose to connect to the one they prefer based on any parameter of choice --- signal strength, service provider, fees, etc. Finally, we have shown that an adversary can neither generate fake Certificates nor steal the Certificate from a certified AP and cause significant damage. We have also addressed defense against most common threats to public APs such as --- replay attacks, man-in-the-middle attacks, and fabrication attacks. The proposed solution is very robust in validating the authenticity of public APs and isolating rogue APs.