Simple and effective defense against evil twin access points

WiSec'08: Proceedings of the 1st ACM Conference on Wireless Network Security

Volumn , Issue , 2008, Pages 220-225

  Roth, Volker ^a   Polak, Wolfgang ^a   Turner, Thea ^a   Rieffel, Eleanor ^a  

^a FX PALO ALTO LABORATORY   (United States)

Author keywords

Device pairing; Evil twin; Usable security; Wireless security

Indexed keywords

ACCESS POINTS; CRYPTOGRAPHIC KEYS; DEVICE PAIRING; EVIL TWIN; PROTECTION MECHANISMS; PUBLIC PLACES; TWO COLORS; USABILITY STUDIES; USABLE SECURITY; WIRELESS NETWORKINGS; WIRELESS SECURITY;

CRYPTOGRAPHY; FREQUENCY ALLOCATION; INTERNET; NETWORK SECURITY;

WIRELESS NETWORKS;

EID: 56649111524     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1352533.1352569     Document Type: Conference Paper

References (34)

1. ABDOLLAH, T. Ensnared on the wireless Web. Los Angeles Times, March 16 2007.
2. ALKASSAR, A., STÜBLE, C., AND SADEGHI, A.-R. Secure object identification: or: solving the chess grandmaster problem. In NSPW '03: Proceedings of the 2003 workshop on New security paradigms (New York, NY, USA, 2003), ACM Press, pp. 77-85.
3. BALFANZ, D., SMETTERS, D. K., STEWART, P., AND WONG, H. C. Talking to strangers: Authentication in ad-hoc wireless networks. In Proceedings of Network and Distributed System Security Symposium 2002 (NDSS'02) (San Diego, CA, February 2002).
4. BIBA, E. Does your Wi-Fi hotspot have an evil twin? PC World, March 15 2005. Author writes for Medill New Service.
5. BRANDS, S., AND CHAUM, D. Distance-bounding protocols. In EUROCRYPT '93: Workshop on the theory and application of cryptographic techniques on Advances in cryptology (Secaucus, NJ, USA, 1994), Springer-Verlag New York, Inc., pp. 344-359.
6. BUSSARD, L., AND ROUDIER, Y. Embedding distance-bounding protocols within intuitive interactions. In Proc. Conference on Security in Pervasive Computing (SPC'03) (Mar. 2003), vol. 2802 of Lecture Notes in Computer Science, Springer Verlag, pp. 143-156.
7. DOHRMANN, S., AND ELLISON, C. Public-key support for collaborative groups. In Proc. 1st Annual PKI Research Workshop (Gaithersburg, Mayland, USA, Apr. 2002), National Institute for Standards and Technology, pp. 139-148.
8. FLEISHMAN, G. My evil twin. Published online at http://wifinetnews.com/archives/004718.html, January 20 2005.
9. GEHRMANN, C., MITCHELL, C. J., AND NYBERG, K. Manual authentication for wireless devices. RSA Cryptobytes 7, 1 (Jan. 2004), 29-37.
10. GOODRICH, M. T., SIRIVIANOS, M., SOLIS, J., TSUDIK, G., AND UZUN, E. Loud And Clear: Human verifiable authentication based on audio. In Proc. 26th International Conference on Distributed Computing Systems (July 2006), IEEE.
11. GROUP, T. S. Airsnarf. Published online at airsnarf.shmoo.com, Apr. 2007. Airsnarf is a simple wireless access point setup utility designed to demonstrate how a rogue access point can steal usernames and passwords from public wireless hotspots.
12. HALLER, N., METZ, C., NESSER, P., AND STRAW, M. A one-time password system. Internet Request for Comments 2289, Internet Engineering Task Force, Feb. 1998.
13. KUO, C., WALKER, J., AND PERRIG, A. Low-cost manufacturing, usability, and security: An analysis of Bluetooth simple pairing and Wi-Fi protected setup. In Proc. Usable Security Workshop (USEC) (Lowlands, Scarborough, Trinidad/Tobago, Feb. 2007). Co-located with 11th Conference on Financial Cryptography and Data Security.
14. LAUR, S., AND NYBERG, K. Efficient mutual data authentication using manually authenticated strings. In Proc. 5th International Conference on Cryptology and Network Security (Suzhou, China, 2006), no. 4301 in Lecture Notes in Computer Science, Springer Verlag, pp. 90-107.
15. LIKERT, R. A technique for the measurement of attitudes. McGraw-Hill, New York, USA, 1932.
16. MAHER, D. P. Secure communication method and apparatus. United states patent 5,450,493, United States Patent and Trademark Office, Sept. 1995. Filed Dec. 29, 1993.
17. MCCUNE, J. M., PERRIG, A., AND REITER, M. K. Seeing-Is-Believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy (2005), pp. 110-124.
18. MEADOWS, H. "Evil Twin" hotspots are a new menace for internet users, warns cranfield university. Press release, Cranfield University, Cranfield, Bedfordshire, MK43 0AL, United Kingdom, Jan. 2005. Available online at http://www.cranfield.ac.uk/university/press/2005/14012005.cfm.
19. MILLER, G. A. The magical number seven, plus or minus two: Some limits on our capacity for processing information. Psychological Review 63 (1956), 81-97.
20. ORNAGHI, A., AND VALLERI, M. Ettercap. Available online at ettercap.sourceforge.net,Apr. 2007. Ettercap is a network sniffer with extensive support for Man-in-the-Mddle Attacks.
21. PERRIG, A., AND SONG, D. Hash visualization: a way to improve real world security. In International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) (1999).
22. REKIMOTO, J., AYATSUKA, Y., AND KOHNO, M. SyncTap: An interaction technique for mobile networking. In Human-computer interaction with mobile devices and services (Mobile HCI 2003) (2003), L. Chittaro, Ed., no. 2795 in Lecture Notes in Computer Science, Springer Verlag, pp. 104-115.
23. RICHARD, G. G. Service advertisement and discovery: Enabling universal device cooperation. IEEE Internet Computing 4, 5 (2000), 18-26.
24. SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. Communications of the ACM 17, 7 (July 1974).
25. SASTRY, N., SHANKAR, U., AND WAGNER, D. Secure verification of location claims. In Proceedings of the 2003 ACM workshop on Wireless security (WiSe'03) (New York, NY, USA, 2003), ACM Press, pp. 1-10.
26. SAXENA, N., EKBERG, J.-E., KOSTIAINEN, K., AND ASOKAN, N. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy (May 2006).
27. SHNEIDERMAN, B. Designing the User Interface, 3rd ed. Addison Wesley, 1998.
28. STAJANO, F., AND ANDERSON, R. J. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Proc. 7th International Security Protocols Workshop (1999), pp. 172-194.
29. SUOMALAINEN, J., VALKONEN, J., AND ASOKAN, N. Security associations in personal networks: A comparative analysis. Technical Report NRC-TR-2007-004, Nokia Research Center, Jan. 2007.
30. THOMSON, I. "Evil Twin" Wi-Fi hacks target the rich. VNU Business Publications, November 23 2006. Available online at www.vnunet.com/2169400.
31. UZUN, E., KARVONEN, K., AND ASOKAN, N. Usability analysis of secure pairing methods. In Proc. Usable Security Workshop (USEC) (Lowlands, Scarborough, Trinidad/Tobago, Feb. 2007). Co-located with 11th Conference on Financial Cryptography and Data Security.
32. VAUDENAY, S. Secure communications over insecure channels based on short authenticated strings. In Proc. Advances in Cryptology (CRYPTO) (2005), vol. 3621 of Lecture Notes in Computer Science, Springer Verlag, pp. 309-326.
33. ČAGALJ, M., CAPKUN, S., AND HUBAUX, J.-P. Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE 94, 2 (Feb. 2006), 467-478.
34. VOGEL, E. K., AND MACHIZAWA, M. G. Neural activity predicts individual differences in visual working memory capacity. Nature 428 (Apr. 2004), 748-751.