Position-based Rogue Access Point Detection

TL;DR

This paper introduces a novel position-based method for detecting rogue Wi-Fi access points by analyzing inconsistencies in device positioning estimates derived from different subsets of AP signals, improving detection accuracy.

Contribution

The paper proposes a new rogue AP detection scheme using subset generation and position validation based on Wi-Fi positioning data, which outperforms existing CSI/RSSI-based methods.

Findings

Significant improvement in rogue AP detection accuracy

Effective use of position estimation inconsistencies for detection

Validated on real-world dataset with multiple attack types

Abstract

Rogue Wi-Fi access point (AP) attacks can lead to data breaches and unauthorized access. Existing rogue AP detection methods and tools often rely on channel state information (CSI) or received signal strength indicator (RSSI), but they require specific hardware or achieve low detection accuracy. On the other hand, AP positions are typically fixed, and Wi-Fi can support indoor positioning of user devices. Based on this position information, the mobile platform can check if one (or more) AP in range is rogue. The inclusion of a rogue AP would in principle result in a wrong estimated position. Thus, the idea to use different subsets of APs: the positions computed based on subsets that include a rogue AP will be significantly different from those that do not. Our scheme contains two components: subset generation and position validation. First, we generate subsets of RSSIs from APs, which are then utilized for positioning, similar to receiver autonomous integrity monitoring (RAIM). Second, the position estimates, along with uncertainties, are combined into a Gaussian mixture, to check for inconsistencies by evaluating the overlap of the Gaussian components. Our comparative analysis, conducted on a real-world dataset with three types of attacks and synthetic RSSIs integrated, demonstrates a substantial improvement in rogue AP detection accuracy.