HP INCFollow

Abstract

An ‘Evil Twin’ is a fraudulent Access Point (AP) setup by a malicious actor to masquerade the legitimate AP to gain access to sensitive information. There is no definitive solution to reliably identify and evade connecting to an Evil Twin. In general, an Evil Twin sends a ‘De-authentication’ Management frame to the client Station (STA). Subsequently, when the client STA tries to reconnect to the network, the Evil Twin lures the STA to establish a connection with it thereby potentially gaining access to sensitive private information. Users commonly use the ‘Auto-Reconnect’ feature which makes them oblivious of whether the STA is connected to a legitimate AP or an Evil Twin.. The proposed idea is useful in preventing a WLAN client from reconnecting to an evil twin but does not solve the problem of WLAN client connecting to the evil twin for the first time. There are two main objectives: 1. While reconnecting to a known WLAN network, identify an Evil Twin and prevent connecting to it. 2. Alert the user about any suspicious networks found. There are numerous solutions to identify Evil Twin, broadly categorized as: (1) STA Side (2) Network Side (3) Hybrid, but none of them are foolproof. The proposed idea is a STA side solution with no additional hardware requirement.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.

Download

Share

COinS