Presentation Material
Abstract
Wireless networks are prominently seen nowadays. They are so well fitted to the requirements of the mass that, they had become an inseparable element of our day to day life. With this ease there came some drawbacks as well. To name a few, the physical location of wireless host is difficult to trace, the coverage periphery of wireless network cannot be restricted to exact geographical references, so on and so forth.
Like these there are many more drawbacks which paved a road for an attacker to intrude in wireless networks. In this topic we will discuss detection of Evil Twin Attack in open wireless networks by normal user.
Evil Twin Attack is an attack in which a malicious user spoofs the identity of legitimate access point and creates an Evil Twin (Fake Access Point) that allures the legitimate access point users to connect to Evil Twin. Once they are connected the attacker is privileged with the capability to raise a wide array of attacks on the users.
There are many approaches available from a network administrator’s side to detect these evil twin attacks.
But it is not the wireless network administrator who falls prey to Evil Twin Attack; these are normal users who are targeted. And there are not many approaches devised by researchers for detection of such Evil Twins from a normal user side.
Whichever approaches are available, they require a separate hardware or some or the other out of the box mechanism in place keeping usage of their approaches restricted to study purposes only.
To address these limitations we have proposed a packet injection approach and data link layer monitoring approach which does not require substantially implementing/changing any hardware or software in the computer of normal user.
AI Generated Summary
The talk addressed the detection of rogue access points (APs) in wireless networks, a significant threat in public environments like airports and hotels. It categorized existing detection approaches into three primary methods: packet-based analysis (monitoring probe requests and beacon frames), RF monitoring (using dedicated sensors to scan parameters like SSID, MAC address, and location), and round-trip time (RTT) analysis to fingerprint APs.
The speaker presented their research focusing on a user-side detection mechanism. Their approach involved injecting a crafted “investigator packet” into monitor mode on a client’s wireless interface and analyzing the round-trip time response from the AP. This method aimed to distinguish legitimate from rogue APs based on behavioral discrepancies, such as a rogue device failing to respond correctly to a TCP handshake. The technique was implemented using the Scapy library for packet manipulation and tested in live, multi-hop network environments rather than virtualized setups, revealing better performance in real-world scenarios.
Key findings highlighted limitations in prior methods: many required administrative privileges, specialized hardware, or failed in multi-hop topologies. The speaker’s RTT-based approach operated without admin rights and could identify anomalies like delayed or absent responses from rogue APs. Challenges remain, including the sophistication of tools like the Wi-Fi Pineapple, which can mimic legitimate APs, and the difficulty for average users to differentiate between benign and malicious hotspots.
The practical implication is a proposed lightweight utility for end-users to detect rogue APs in common settings like coffee shops or airports. This tool leverages standard laptop Wi-Fi hardware, offering an economical, accessible solution that complements existing network administrator-focused systems. The work underscores the persistent challenge of evil twin attacks and the need for user-empowered detection techniques in ubiquitous wireless environments.