4th International IEEE Conference on Broadband Communications, Networks, Systems

Research Article

Detecting Protected Layer-3 Rogue APs

  • @INPROCEEDINGS{10.1109/BROADNETS.2007.4550468,
        author={Hongda Yin and Guanling Chen and Jie Wang},
        title={Detecting Protected Layer-3 Rogue APs},
        proceedings={4th International IEEE Conference on Broadband Communications, Networks, Systems},
        publisher={IEEE},
        proceedings_a={BROADNETS},
        year={2010},
        month={5},
        keywords={},
        doi={10.1109/BROADNETS.2007.4550468}
    }
    
  • Hongda Yin
    Guanling Chen
    Jie Wang
    Year: 2010
    Detecting Protected Layer-3 Rogue APs
    BROADNETS
    IEEE
    DOI: 10.1109/BROADNETS.2007.4550468
Hongda Yin1,*, Guanling Chen1,*, Jie Wang1,*
  • 1: Department of Computer Science, University of Massachusetts Lowell
*Contact email: hyin@cs.uml.edu, glchen@cs.uml.edu, wang@cs.uml.edu

Abstract

Unauthorized rogue access points (APs), such as those brought into a corporate campus by employees, pose a security threat as they may be poorly managed or insufficiently secured. Any attacker in the vicinity can easily get onto the internal network through a rogue AP, bypassing all perimeter security measures. Existing detection solutions work well for detecting layer-2 rogue APs. It is a challenge, however, to accurately detect a layer-3 rogue AP that is protected by WEP or other security measures. In this paper, we describe a new rogue AP detection method to address this problem. Our solution uses a verifier on the internal wired network to send test traffic towards wireless edge, and uses wireless sniffers to identify rouge APs that relay the test packets. To quickly sweep all possible rogue APs, the verifier uses a greedy algorithm to schedule the channels for the sniffers to listen to. To work with the encrypted AP traffic, the sniffers use a probabilistic algorithm that only relies on observed packet size. Using extensive experiments, we show that the proposed approach can robustly detect rogue APs with moderate network overhead.