User-Side Wi-Fi Evil Twin Attack Detection Using Random Wireless Channel Monitoring

Free open wireless Internet access is a complimentary Wi-Fi service offered by most coffee shops, fast food restaurants and airports to their customers. For ease of access, these Wi-Fi networks are inherently insecure where no authentication/encryption is used to protect customers wireless data. An attacker can easily deceive a wireless customer (WC) by setting up a rogue access point (RAP) impersonating the legitimate access point (LAP). The WC connecting to the RAP becomes an easy target to the Man-In-the-Middle Attack (MIMA) and data traffic snooping. In this paper, we present a real-time client-side detection scheme to detect evil twin attack (ETA) when the attacker relies on the LAP to direct WC data to the Internet. The WC can detect ETA by monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by a dedicated sever on the Internet. Once an ETA is detected, our scheme can clearly identify whether a specific AP is a LAP or a RAP. The effectiveness of the proposed detection method was mathematically modeled, prototyped and evaluated in real life environment with a detection rate approximates to 100%.