Rogue access point (AP) has emerged as an important security problem in WLANs. However, it is a challenge task to localize the rogue AP with both high accuracy and minimal infrastructure cost. Either expensive professional infrastructure (e.g., multiple wireless sniffers) or additional hardware (e.g., directional antenna) need to be pre-deployed for rogue AP localization with high cost. Moreover, existing methods using Received Signal Strength (RSS) result in a large error as RSS is suffered from the multipath and shadowing effects in complex wireless environment. In this work, we exploit the channel state information (CSI), which is readily available from commercial Wi-Fi devices, to locate the rogue AP with high accuracy. We use only a single off-the-shelf Wi-Fi device for rogue AP localization which involves minimal infrastructure requirement. Our proposed rogue AP localization framework consists of two components: direction determination and position estimation. The direction determination can be carried out by using the human blocking effect on the CSI amplitude or phase. The multiple antennas on the Wi-Fi devices can be further utilized to enhance the rogue AP direction estimation. Given the estimated direction, two schemes are proposed to pinpoint the position of the rogue AP: determining directions at multiple locations grounded on triangulation and walking towards the rogue AP with direction adjustment. Results from extensive experiments in both indoor and outdoor environments show that our framework can achieve more practical and accurate rogue AP localization when comparing with the existing RSS-based approach.
Read full abstract