VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins

Avinash Srinivasan, Jie Wu
2018 International Journal of Security and Networks (IJSN)  
Open-access 802.11 public Wi-Fi hotspots have become a basic necessity for hundreds of millions of mobile users' persistent on-the-go access to the Internet. 802.11 Wi-Fi networks are designed and deployed to support rudimentary low-level authentication at the link layer enabling an AP to decide whether to allow a client to associate. Similar authentication mechanisms are not provisioned for the clients. Hence, there is a fundamental information asymmetry at play in an 802.11 public hotspot,
more » ... ch tilts the balance in favor of an adversary intending to launch AP -based evil-twin attacks. Furthermore, link-layer authentication has little security since the link itself is completely open to numerous attacks. In this paper, we address this information asymmetry problem and propose a simple yet powerful solution for identifying and eliminating malicious APs, thereby providing users safe and private 802.11 public hotspots. Our proposed AP authentication framework is called VOUCH-AP, a portable and platform-independent solution. VOUCH-AP is, to the best of our knowledge, the first work to consider digital certificate based AP authentication. VOUCH-AP makes use of a modified version of a X.509 digital certificate consisting of additional fields for provisioning robust security and privacy to counter evil-twin attacks. The proposed solution does not require any hardware upgrades or specialized hardware, unlike 802.11i (aka WPA2). Finally, through security analysis, we show the security robustness of the proposed VOUCH-AP framework to counter evil-twin attacks.
doi:10.1504/ijsn.2018.10014324 fatcat:ln7ua3hayfgxnohmvibomzqxum