Rogue Access Point Detection by Using ARP Failure under the MAC Address Duplication

Kosuke Igarashi, Hiroya Kato, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Detecting a Rogue Access Point (RAP) in Wi-Fi network is imperative. The previous scheme is user side detection focusing on two channels used by a RAP. That scheme can detect a RAP in stable traffic environment by revealing the channel used with a Legitimate Access Point (LAP) with intentional interference. However, the detection performance is degraded in the real environment where traffic is more unstable because it affects the traffic on the channel. Thus, it is necessary to design the scheme which is independent of such factors. In this paper, we propose RAP detection by using Address Resolution Protocol (ARP) failure under the Media Access Control (MAC) address duplication. Our main idea is that the traffic is relayed via a RAP and a LAP on the LAN path between a client and a gateway under the attack. This is because the RAP must be established between a client and a LAP to provide Internet connection. On the basis of this idea, the proposed scheme reveals that the Access Point (AP) with which a client connects is a RAP by discovering the MAC address of a LAP on the path. In order to find the MAC address, we leverage the phenomenon that a client cannot receive ARP reply packets in the situation where its MAC address and that of a AP are duplicated on the path. By doing this, the presence of a LAP is revealed, which can judge that the connected AP is a RAP. In our evaluation, the proposed scheme achieves accuracy of 96.5% even in unstable traffic environment. True positive rate and false positive rate are 31.0% higher and 9.0% lower than the previous scheme. Furthermore, the proposed scheme can detect RAPs accurately in real environment where the previous scheme cannot.

Original languageEnglish
Title of host publication2021 IEEE 32nd Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1469-1474
Number of pages6
ISBN (Electronic)9781728175867
DOIs
Publication statusPublished - 2021 Sep 13
Event32nd IEEE Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021 - Virtual, Helsinki, Finland
Duration: 2021 Sep 132021 Sep 16

Publication series

NameIEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC
Volume2021-September

Conference

Conference32nd IEEE Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021
Country/TerritoryFinland
CityVirtual, Helsinki
Period21/9/1321/9/16

Keywords

  • Address Resolution Protocol
  • Evil Twin Attack
  • Rogue Access Point

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Rogue Access Point Detection by Using ARP Failure under the MAC Address Duplication'. Together they form a unique fingerprint.

Cite this