Title: Using link RTT to passively detect unapproved wireless nodes

Authors: Lanier Watkins, Raheem Beyah, Cherita Corbett

Addresses: Department of Computer Science, Georgia State University, GA, 30303, USA. ' Department of Computer Science, Georgia State University, GA, 30303, USA. ' Computer & Network Security Group, Sandia National Labs, CA 94550, USA

Abstract: Rogue Access Points (APs) produce security vulnerabilities in enterprise/campus networks by circumventing security mechanisms. We propose to use network traffic Round Trip Time (RTT) coupled with standard wireless network policies to distinguish between wired nodes, authorised APs, and rogue APs. Further, this approach has the following advantages: independent of wireless technology (802.11a/b/g); resilient to increases in capacity for wired and wireless links; scalable; resilient to effects of multiple hops; independent of rouge AP signal range. Our experimental results show that we can quickly classify the nodes as wired or wireless with 80-100% accuracy.

Keywords: rogue access point detection; wireless security; insider threats; intrusion detection; network security; wireless networks; rogue access points; wired nodes; wireless nodes.

DOI: 10.1504/IJSN.2009.027341

International Journal of Security and Networks, 2009 Vol.4 No.3, pp.153 - 163

Published online: 20 Jul 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article