Title: VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins
Authors: Avinash Srinivasan; Jie Wu
Addresses: Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA ' Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA
Abstract: Open-access 802.11 public Wi-Fi hotspots support rudimentary low-level authentication at the access-point link-layer but offers no authentication mechanisms for the clients. Hence, there is a fundamental information asymmetry at play, enabling an adversary to launch AP-based evil-twin attacks. In this paper, we address this information asymmetry problem and propose a simple yet powerful solution for identifying and eliminating malicious APs, thereby providing users safe and private 802.11 public hotspots. Our proposed VOUCH-AP is a portable, platform-independent AP authentication framework. VOUCH-AP is, to our best knowledge, the first work to consider digital certificate-based AP authentication. The proposed solution does not require any hardware upgrades or specialised hardware, unlike 802.11i (aka WPA2). Finally, through security analysis, we show the security robustness of the proposed VOUCH-AP framework to counter evil-twin attacks.
Keywords: authentication; captive portal; evil-twin; identity theft; privacy; security; vulnerability.
International Journal of Security and Networks, 2018 Vol.13 No.3, pp.153 - 168
Available online: 03 Jul 2018 *Full-text access for editors Access for subscribers Purchase this article Comment on this article