Yıl 2020, Cilt 8 , Sayı 1, Sayfalar 50 - 56 2020-01-31

Automated Fake Access Point Attack Detection and Prevention System with IoT Devices

İlhan Fırat KILINÇER [1] , Fatih ERTAM [2] , Abdülkadir ŞENGÜR [3]


Wireless access points (APs), which allow many devices to be easily connected to the Internet, are widely used today because they offer the easiest way to connect to the Internet. With the development of the concept of Internet of Things (IoT), WiFi networks are widely used in our homes, workplaces, social areas, campus areas. With the increase of WiFi networks, attacks on these networks are constantly increasing. In this study, an IoT-based approach to detect and prevent Fake Access point attacks frequently seen in WiFi networks is proposed. A Single Board Computer (SBC) and a wireless antenna in the "Soft AP" feature are used for operation. Fake APs were detected by air scanning. In the first phase of the study, fake Access point broadcasts have been created which can create security weakness. In order to determine the fake Access points created in the second stage, SBC and wifi module were used to scan air. In the final stage, the mac address of the fake AP has been assigned to an unauthorized Virtual Local Area Network (vLAN) on the network to prevent detected fake AP broadcasts. The possible attack methods for the study were implemented and it was revealed that the proposed approach prevented the attack successfully in all scenarios. The study is seen as an effective, developed and economically useful IoT application for network administrators to prevent the attack using fake Access point.

Attack detection, Attack prevention, Network security, Wireless access point security, Internet security, IoT
  • [1] C. Xu, W. Jin, X. Wang, G. Zhao, and S. Yu, “MC-VAP: A multi-connection virtual access point for high performance software-defined wireless networks,” J. Netw. Comput. Appl., vol. 122, pp. 88–98, 2018.
  • [2] D. Liu, B. Barber, and L. DiGrande, Cisco CCNA/CCENT exam 640-802, 640-822, 640-816 preparation kit. 2009.
  • [3] V. Kumkar, A. Tiwari, P. Tiwari, A. Gupta, and S. Shrawne, “Vulnerabilities of Wireless Security protocols (WEP and WPA2),” Int. J. Adv. Res. Comput. Eng. Technol., vol. 1, no. 2, pp. 2278–1323, 2012.
  • [4] H. R. Hassan and Y. Challal, “Enhanced WEP: an efficient solution to WEP threats,” 2005, pp. 594–599.
  • [5] R. Heartfield et al., “A taxonomy of cyber-physical threats and impact in the smart home,” Computers and Security. 2018.
  • [6] S. Wong, “The evolution of wireless security in 802.11 networks: WEP, WPA and 802.11 standards,” … . sans. org/rr/whitepapers/wireless/1109. php Retrieved, pp. 1–10, 2003.
  • [7] S. Vibhuti, “IEEE 802.11 WEP Wired Equivalent Privacy Concepts and Vulnerability,” San Jose State Univ., no. Iv, 2008.
  • [8] A. H. Lashkari, R. S. Hosseini, and F. Towhidi, “Wired equivalent privacy (WEP),” in Proceedings - 2009 International Conference on Future Computer and Communication, ICFCC 2009, 2009, pp. 492–495.
  • [9] Y. Liu, Z. Jin, and Y. Wang, “Survey on security scheme and attacking methods of WPA/WPA2,” 2010 6th Int. Conf. Wirel. Commun. Netw. Mob. Comput. WiCOM 2010, pp. 1–4, 2010.
  • [10] A. H. Adnan et al., “A comparative study of WLAN security protocols: WPA, WPA2,” in Proceedings of 2015 3rd International Conference on Advances in Electrical Engineering, ICAEE 2015, 2016, pp. 165–169.
  • [11] J. Z. Liu Yong-lei, “Distributed method for cracking WPA/WPA2-PSK on multi-coreCPU and GPU architecture,” no. November 2013, pp. 723–742, 2009.
  • [12] S. Gold, “Cracking wireless networks,” Netw. Secur., vol. 2011, no. 11, pp. 14–18, 2011.
  • [13] Y. Wang, Z. Jin, and X. Zhao, “Practical defense against WEP and WPA-PSK attack for WLAN,” in 2010 6th International Conference on Wireless Communications, Networking and Mobile Computing, WiCOM 2010, 2010.
  • [14] K. Bicakci and B. Tavli, “Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks,” Computer Standards and Interfaces, vol. 31, no. 5. pp. 931–941, 2009.
  • [15] J. Bellardo and S. Savage, “802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions.,” in USENIX security, 2003, pp. 15–28.
  • [16] X. Zha and M. Ma, “Security improvements of IEEE 802.11i 4-way handshake scheme,” in 12th IEEE International Conference on Communication Systems 2010, ICCS 2010, 2010, pp. 667–671.
  • [17] Z. Bai and Y. Bai, “4-Way handshake solutions to avoid denial of service attack in ultra wideband networks,” in 3rd International Symposium on Intelligent Information Technology Application, IITA 2009, 2009, vol. 3, pp. 232–235.
  • [18] S. H. Eum, Y. H. Kim, and H. K. Choi, “A Secure 4‐Way Handshake in 802.11i Using Cookies.pdf,” vol. 2, no. 1, 2008.
  • [19] A. Alabdulatif, X. Ma, and L. Nolle, “Analysing and attacking the 4-way handshake of IEEE 802.11i standard,” in 2013 8th International Conference for Internet Technology and Secured Transactions, ICITST 2013, 2013, pp. 382–387.
  • [20] Internet, “4 Way Handshake.” .
  • [21] T. D. Nguyen, D. H. M. Nguyen, B. N. Tran, H. Vu, and N. Mittal, “A lightweight solution for defending against deauthentication/ disassociation attacks on 802.11 networks,” Proc. - Int. Conf. Comput. Commun. Networks, ICCCN, pp. 185–190, 2008.
  • [22] K. El-Khatib, “Impact of feature reduction on the efficiency of wireless intrusion detection systems,” IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 8, pp. 1143–1149, 2010.
  • [23] K. F. Kao, W. C. Chen, J. C. Chang, and H. Te Chu, “An accurate fake access point detection method based on deviation of beacon time interval,” in Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014, 2014, pp. 1–2.
  • [24] M. K. Chirumamilla and B. Ramamurthy, “Agent based intrusion detection and response system for wireless LANs,” 2004, pp. 492–496.
  • [25] S. Nikbakhsh, A. B. A. Manaf, M. Zamani, and M. Janbeglou, “A novel approach for rogue access point detection on the client-side,” in Proceedings - 26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012, 2012, pp. 684–687.
Birincil Dil en
Konular Bilgisayar Bilimleri, Bilgi Sistemleri
Yayınlanma Tarihi January 2020
Bölüm Araştırma Makalesi
Yazarlar

Orcid: 0000-0001-8090-4998
Yazar: İlhan Fırat KILINÇER
Kurum: FIRAT UNIVERSITY

Orcid: 0000-0002-2306-6008
Yazar: Fatih ERTAM (Sorumlu Yazar)
Kurum: FIRAT UNIVERSITY

Orcid: 0000-0002-2306-6008
Yazar: Abdülkadir ŞENGÜR
Kurum: FIRAT UNIVERSITY

Destekleyen Kurum Fırat Üniversitesi
Proje Numarası TEKF.18.13.
Teşekkür This work was supported by the FUBAP (Firat University Scientific Research Projects Unit) under Grant No: TEKF.18.13.
Tarihler

Yayımlanma Tarihi : 31 Ocak 2020

Bibtex @araştırma makalesi { bajece634104, journal = {Balkan Journal of Electrical and Computer Engineering}, issn = {2147-284X}, address = {}, publisher = {Balkan Yayın}, year = {2020}, volume = {8}, pages = {50 - 56}, doi = {10.17694/bajece.634104}, title = {Automated Fake Access Point Attack Detection and Prevention System with IoT Devices}, key = {cite}, author = {Kılınçer, İlhan Fırat and Ertam, Fatih and Şengür, Abdülkadir} }
APA Kılınçer, İ , Ertam, F , Şengür, A . (2020). Automated Fake Access Point Attack Detection and Prevention System with IoT Devices . Balkan Journal of Electrical and Computer Engineering , 8 (1) , 50-56 . DOI: 10.17694/bajece.634104
MLA Kılınçer, İ , Ertam, F , Şengür, A . "Automated Fake Access Point Attack Detection and Prevention System with IoT Devices" . Balkan Journal of Electrical and Computer Engineering 8 (2020 ): 50-56 <https://dergipark.org.tr/tr/pub/bajece/issue/52149/634104>
Chicago Kılınçer, İ , Ertam, F , Şengür, A . "Automated Fake Access Point Attack Detection and Prevention System with IoT Devices". Balkan Journal of Electrical and Computer Engineering 8 (2020 ): 50-56
RIS TY - JOUR T1 - Automated Fake Access Point Attack Detection and Prevention System with IoT Devices AU - İlhan Fırat Kılınçer , Fatih Ertam , Abdülkadir Şengür Y1 - 2020 PY - 2020 N1 - doi: 10.17694/bajece.634104 DO - 10.17694/bajece.634104 T2 - Balkan Journal of Electrical and Computer Engineering JF - Journal JO - JOR SP - 50 EP - 56 VL - 8 IS - 1 SN - 2147-284X- M3 - doi: 10.17694/bajece.634104 UR - https://doi.org/10.17694/bajece.634104 Y2 - 2019 ER -
EndNote %0 Balkan Journal of Electrical and Computer Engineering Automated Fake Access Point Attack Detection and Prevention System with IoT Devices %A İlhan Fırat Kılınçer , Fatih Ertam , Abdülkadir Şengür %T Automated Fake Access Point Attack Detection and Prevention System with IoT Devices %D 2020 %J Balkan Journal of Electrical and Computer Engineering %P 2147-284X- %V 8 %N 1 %R doi: 10.17694/bajece.634104 %U 10.17694/bajece.634104
ISNAD Kılınçer, İlhan Fırat , Ertam, Fatih , Şengür, Abdülkadir . "Automated Fake Access Point Attack Detection and Prevention System with IoT Devices". Balkan Journal of Electrical and Computer Engineering 8 / 1 (Ocak 2020): 50-56 . https://doi.org/10.17694/bajece.634104
AMA Kılınçer İ , Ertam F , Şengür A . Automated Fake Access Point Attack Detection and Prevention System with IoT Devices. Balkan Journal of Electrical and Computer Engineering. 2020; 8(1): 50-56.
Vancouver Kılınçer İ , Ertam F , Şengür A . Automated Fake Access Point Attack Detection and Prevention System with IoT Devices. Balkan Journal of Electrical and Computer Engineering. 2020; 8(1): 50-56.