skip to main content

Title: Analysis of Rogue Access Points Using SDR
When people connect to the Internet with their mobile devices, they do not often think about the security of their data; however, the prevalence of rogue access points has taken advantage of a false sense of safety in unsuspecting victims. This paper analyzes the methods an attacker would use to create rogue WiFi access points using software-defined radio (SDR). To construct a rogue access point, a few essential layers of WiFi need simulation: the physical layer, link layer, network layer, and transport layer. Radio waves carrying WiFi packets, transmitted between two Universal Software Radio Peripherals (USRPs), emulate the physical layer. The link layer consists of the connection between those same USRPs communicating directly to each other, and the network layer expands on this communication by using the network tunneling/network tapping (TUN/TAP) interfaces to tunnel IP packets between the host and the access point. Finally, the establishment of the transport layer constitutes transceiving the packets that pass through the USRPs. In the end, we found that creating a rogue access point and capturing the stream of data from a fabricated "victim" on the Internet was effective and cheap with SDRs as inexpensive as $20 USD. Our work aims to expose how more » a cybercriminal could carry out an attack like this in order to prevent and defend against them in the future. « less
; ; ; ; ;
Award ID(s):
Publication Date:
Journal Name:
2019 IEEE International Conference on Industrial Internet (ICII)
Page Range or eLocation-ID:
50 to 55
Sponsoring Org:
National Science Foundation
More Like this
  1. WiFi is the dominant means for home Internet access, yet is frequently a performance bottleneck. Without reliable, satisfactory performance at the last hop, end-to-end quality of service (QoS) efforts will fail. Three major reasons for WiFi bottlenecking performance are its: 1) inherent wireless channel characteristics, 2) approach to access control of the shared broadcast channel, and 3) impact on transport layer protocols, such as TCP, that operate end-to-end, and over-react to the loss or delay caused by the single WiFi link. In this paper, we leverage the philosophy of centralization in modern networking and present our cross layer design to address the problem. Specifically, we introduce centralized control at the point of entry/egress into the WiFi network. Based on network conditions measured from buffer sizes, airtime and throughput, flows are scheduled to the optimal utility. Unlike most existing WiFi QoS approaches, {\em our design only relies on transparent modifications, requiring no changes to the network (including link layer) protocols, applications, or user intervention}. Through extensive experimental investigation, we show that our design significantly enhances the reliability and predictability of WiFi performance, providing a ``virtual wire''-like link to the targeted application.
  2. Internet of Things (IoT) is a connected network of devices that exchange data using different protocols. The application of IoT ranges from intelligent TVs and intelligent Refrigerators to smart Transportation. This research aims to provide students with hands-on training on how to develop an IoT platform that supports device management, connectivity, and data management. People tend to build interconnected devices without having a basic understanding of how the IoT platform backend function. Studying the Arm Pelion will help to understand how IoT devices operate under the hood. This past summer, Morgan State University has hosted undergraduate engineering students and high school STEM teachers to conduct IoT security research in the Cybersecurity Assurance & Policy (CAP) Center. The research project involved integrating various hardware sensor devices and real-time data monitoring using the Arm Pelion IoT development platform. Some of the student/teacher outcomes from the project include: 1) Learning about IoT Technology and security; 2) Programming an embedded system using Arm Mbed development board and IDE; 3 3) Developing a network of connected IoT devices using different protocols such as LWM2M, MQTT, CoAP; 4) Investigating the cybersecurity risks associated with the platform; and 5) Using data analysis and visualization to understand themore »network data and packet flow. First, the student/teacher must consider the IoT framework to understand how to address the security. The IoT framework describes the essential functions of an IoT network, breaking it down into separate layers. These layers include an application layer, middleware layer, and connectivity layer. The application layer allows the users to access the platform via a smartphone or any other dashboard. The Middleware layer represents the backend system that provides edge devices with data management, messaging, application services, and authentication. Finally, the connectivity layer includes devices that connect the user to the network, including Bluetooth or WiFi. The platform consists of several commercial IoT devices such as a smart camera, baby monitor, smart light, and other devices. We then create algorithms to classify the network data flow; to visualize the packets flow in the network and the structure of the packets data frame over time.« less
  3. Hybrid wireless networks are foreseen to play a major role in the visioning and planning of the sixth generation (6G) network. Most of the 6G applications are human-centric, and thus high security and privacy are key features. Recently, physical layer (PHY) security has become an emerging area of research. This work introduces a novel, to the best of our knowledge, PHY security approach called wireless link pairing (WiLP). In WiLP, signals received from both air interfaces in a hybrid radio frequency and optical network are required for successful signal reconstruction and processing at the receiver. The transmitted packets based on the IEEE 802.11 standards are redesigned, and improvements in performance are validated via simulations and experimental measurements using software-defined radio platforms. The obtained results demonstrate improvements in bit-error rate (BER) and the secrecy capacity for multiple modulation and coding schemes.

  4. There is much interest in integrating millimeter wave radios (mmWave) into wireless LANs and 5G cellular networks to benefit from their multi-GHz of available spectrum. Yet, unlike existing technologies, e.g., WiFi, mmWave radios require highly directional antennas. Since the antennas have pencil-beams, the transmitter and receiver need to align their beams before they can communicate. Existing systems scan the space to find the best alignment. Such a process has been shown to introduce up to seconds of delay and is unsuitable for wireless networks where an access point has to quickly switch between users and accommodate mobile clients. This paper presents Agile-Link, a new protocol that can find the best mmWave beam alignment without scanning the space. Given all possible directions for setting the antenna beam, Agile-Link provably finds the optimal direction in logarithmic number of measurements. Further, Agile-Link works within the existing 802.11ad standard for mmWave LAN, and can support both clients and access points. We have implemented Agile-Link in a mmWave radio and evaluated it empirically. Our results show that it reduces beam alignment delay by orders of magnitude. In particular, for highly directional mmWave devices operating under 802.11ad, the delay drops from over a second to 2.5more »ms.« less
  5. Dense deployment of access points in 60 GHz WLANs can provide always-on gigabit connectivity and robustness against blockages to mobile clients. However, this dense deployment can lead to harmful interference between the links, affecting link data rates. In this paper, we attempt to better understand the interference characteristics and effectiveness of interference mitigation techniques using 802.11ad COTS devices and 60 GHz software radio based measurements. We first find that current 802.11ad COTS devices do not consider interference in sector selection, resulting in high interference and low spatial reuse. We consider three techniques of interference mitigation - channelization, sector selection and receive beamforming. First, our results show that channelization is effective but 60 GHz channels have non-negligible adjacent and non-adjacent channel interference. Second, we show that it is possible to perform interference-aware sector selection to reduce interference but its gains can be limited in indoor environment with reflections, and such sector selection should consider fairness in medium access and avoid asymmetric interference. Third, we characterize the efficacy of receive beamforming in combating interference and quantify the related overhead involved in the search for receive sector, especially in presence of blockages. We elaborate on the insights gained through the characterization and pointmore »out important outstanding problems through the study.« less