Title: VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins

Authors: Avinash Srinivasan; Jie Wu

Addresses: Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA ' Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA

Abstract: Open-access 802.11 public Wi-Fi hotspots support rudimentary low-level authentication at the access-point link-layer but offers no authentication mechanisms for the clients. Hence, there is a fundamental information asymmetry at play, enabling an adversary to launch AP-based evil-twin attacks. In this paper, we address this information asymmetry problem and propose a simple yet powerful solution for identifying and eliminating malicious APs, thereby providing users safe and private 802.11 public hotspots. Our proposed VOUCH-AP is a portable, platform-independent AP authentication framework. VOUCH-AP is, to our best knowledge, the first work to consider digital certificate-based AP authentication. The proposed solution does not require any hardware upgrades or specialised hardware, unlike 802.11i (aka WPA2). Finally, through security analysis, we show the security robustness of the proposed VOUCH-AP framework to counter evil-twin attacks.

Keywords: authentication; captive portal; evil-twin; identity theft; privacy; security; vulnerability.

DOI: 10.1504/IJSN.2018.093558

International Journal of Security and Networks, 2018 Vol.13 No.3, pp.153 - 168

Available online: 03 Jul 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article