Legitimate Access Point Research Articles

VR-Defender: Self-Defense Against Vehicular Rogue APs for Drive-Thru Internet

This paper considers the problem of vehicular rogue access points (APs) for drive-thru Internet. Vehicular rogue APs are set up in moving vehicles to mimic legitimate roadside APs so as to lure users into associating with them. Due to the mobility, a vehicular rogue AP is able to maintain a long connection with users, which gives the adversary more time to launch various attacks and steal users' sensitive data. We propose a practical user-side detection scheme to prevent users from connecting to vehicular rogue APs without the help of a network administrator. In our solution, each AP broadcasts its GPS location; thus, a vehicular rogue AP has toforge its location to evade detection. A lie detector algorithm based on information collected and exchanged by clients is then used to validate whether the reported location is fake, aiming to detect the rogue AP. We have implemented the prototype and evaluated it on commercial off-the-shelf devices. We observed that our scheme can achieve more than 90% accuracy in real-world experiments. Index Terms—Drive-thru Internet, IEEE 802.11 wireless net- works, rogue access points (APs).

A Timing-Based Scheme for Rogue AP Detection

This paper considers a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing-based technique that allows the user to avoid connecting to rogue APs. Our detection scheme is a client-centric approach that employs the round trip time between the user and the DNS server to independently determine whether an AP is a rogue AP without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance. Extensive experiments have demonstrated the accuracy, effectiveness, and robustness of our approach. The algorithm achieves close to 100 percent accuracy in distinguishing rogue APs from legitimate APs in lightly loaded traffic conditions, and larger than 60 percent accuracy in heavy traffic conditions. At the same time, the detection only requires less than 1 second for lightly-loaded traffic conditions and tens of seconds for heavy traffic conditions.

Rogue-base station detection in WiMax/802.16 wireless access networks

We address the problem of detecting a rogue base station (Bs) in WiMax/802.16 wireless access networks. A rogueBs is a malicious station that impersonates a legitimate access point (Ap). The rogueBs attack represents a major denial-of-service threat against wireless networks. Our approach is based on the observation that inconsistencies in the signal strength reports received by the mobile stations (Mss) can be seen if a rogueBs is present in a network. These reports can be assessed by the legitimate base stations, for instance, when a mobile station undertakes a handover towards anotherBs. Novel algorithms for detecting violations of received signal strength reports consistency are described in this paper. These algorithms can be used by an intrusion detection system localized on the legitimateBss or on a global network management system operating theBss.