Nirmal S Selvarathinam

Bio: Nirmal S Selvarathinam is an academic researcher from Indian Institutes of Technology. The author has contributed to research in topics: Spoofing attack & MAC address. The author has an hindex of 1, co-authored 1 publications receiving 3 citations.

Evil Twin Attack Detection using Discrete Event Systems in IEEE 802.11 Wi-Fi Networks

Abstract: Wi-Fi technology has seen rapid growth in the last two decades. It has revolutionized the way we access the Internet. However, they are vulnerable to Denial of Service attacks, Encryption Cracking, and Rogue Access Points etc. In this manuscript, our focus is on Evil Twin Attack, the most common type of Rogue Access Point (RAP). An evil twin AP lures client(s) into connecting to it, disguising itself as a genuine AP by spoofing its MAC address and SSID (Service Set IDentifier). Once a client is connected to the evil twin AP, the attacker can spy on its communication, re-direct client(s) to malicious websites, compromise credentials. Whitelisting AP(s), timing based solutions, patching AP/client etc., are some existing methods to detect evil twin AP(s) in a network. However, practically methods demand comprehensive set up and maintenance, they suffer from scalability and compatibility issues. Some even require protocol modifications, thus making it expensive and practically infeasible in a large scale network with no proof of correctness. To address these issues, we propose a Discrete Event System (DES) based approach for Intrusion Detection System (IDS) for evil twin attacks in a Wi-Fi network.

The rogue access point identification: a model and classification review

Abstract: Most people around the world make use of public Wi-Fi hotspots, as their daily routine companion in communication. The access points (APs) of public Wi-Fi are easily deployed by anyone and everywhere, to provide hassle-free Internet connectivity. The availability of Wi-Fi increases the danger of adversaries, taking advantages of sniffing the sensitive data. One of the most serious security issues encountered by Wi-Fi users, is the presence of rogue access points (RAP). Several studies have been published regarding how to identify the RAP. Using systematic literature review, this research aims to explore the various methods on how to distinguish the AP, as a rogue or legitimate, based on the hardware and software approach model. In conclusion, all the classifications were summarized, and produced an alternative solution using beacon frame manipulation technique. Therefore, further research is needed to identify the RAP.

Passive and Active Wireless Device Secure Identification

Abstract: Secure wireless device identification is necessary if we want to ensure that any transmitted data reach only a desired receiver. However the fact that wireless communications are by nature broadcast creates unique challenges such as identity theft, eavesdropping for data interception, jamming attacks to disrupt legitimate transmissions, etc. This paper proposes a new integrated radioprint framework (IRID) that has two main components. First, we propose a machine learning-based radio identification solution that relies on hardware variabilities of internal components of the transmitter caused during manufacturing, allowing us to achieve passive device identification. Second, we introduce a new kind of covert channel, based on variations in the emitted signal strength, which allows us to implement unique active device identification. We evaluate our proposed framework on an experimental test-bed of 20 identical WiFi devices. Although our experiments deal only with IEEE 802.11b, the approach can easily be extended to any wireless protocol. The experimental results show that our proposed solution can differentiate between network devices with accuracy in excess of 99% on the basis of a standard-compliant implementation.

802.11 Frame-level Network IDS for Public Wireless Networks

Abstract: The growth in capability of consumer electronics, intelligent systems, and wireless networking technology has brought about an unprecedented scale in communication by networked devices. With scale of capability comes information security issues that present themselves through all layers of software and network stacks. In this paper, we propose a lightweight network intrusion detection system for link-physical layer devices operating the 802.11 suite of protocols. Though many attempts have been made at detecting abnormal behavior through protocol modification, firmware augmentation, and machine learning, a novel approach has been proposed which is suitable for non-compute-intensive embedded devices in a distributed network, synonymous to applications of smart-city wide area networks and relatively smaller wireless local area networks.

DPETAs: Detection and Prevention of Evil Twin Attacks on Wi-Fi Networks

Abstract: AbstractNumerous types of threats could become vulnerable to Wi-Fi networks. In terms of preventing and reducing their effect on the networks, it has become an imperative activity of any user to understand the threats. Even after thoroughly encrypting them, the route between the attacker’s device and the victim’s device may even be vulnerable to security attacks on Wi-Fi networks. It has also been noted that there are current shortcomings on Wi-Fi security protocols and hardware modules that are available in the market. Any device connected to the network could be a possible primary interface for attackers. Wi-Fi networks that are available in the transmission range are vulnerable to threats. For instance, if an Access Point (AP) has no encrypted traffic while it is attached to a Wi-Fi network, an intruder may run a background check to launch the attack. And then, attackers could launch more possible attacks in the targeted network, in which the Evil Twin attack have become the most prominent. This Evil Twin attack in a Wi-Fi network is a unique outbreak mostly used by attackers to make intrusion or to establish an infection where the users are exploited to connect with a victim’s network through a nearby access point. So, there are more chance to get user’s credentials by the perpetrators. An intruder wisely introduces a fake access point that is equivalent to something looks like an original access point near the network premises in this case. So, an attacker is capable of compromising the network when a user unconsciously enters by using this fake access point. Attackers could also intercept the traffic and even the login credentials used after breaching insecure networks. This could enable monitoring the users and perhaps even manipulating the behavior patterns of an authorized network user smoother for attackers. The key consideration of this research paper is the identification and avoidance of the Evil Twin attack over any Wi-Fi networks. It is named as DPETAs to address the strategies that intruders use to extract identities and what users need to do to keep them out of the networks.KeywordsManagement framesFake access points802.11 standardsWi-Fi attacksMan in the middle (MITM) attackEvil twin AP attacks

EvilSpot: Detection and Mitigation in Multi Channel

Abstract: Amateurs hack systems; professionals make evil twins with a mere connection. Free Wi-Fi everywhere, but we need more awareness among us. An evil twin can mimic the IP address and the network name of a legitimate access point. The evil twin can obstruct the accessibility of the legitimate access point, leading to a man-in-the-middle attack. Thus, preventing such spoofing attacks is needed to strengthen security and prevent data breaches. In the past few decades, some efforts have taken place to detect and stop evil twin attacks, but they are less vast than multi-channel. This paper will detail the preventive algorithm to counterattack the evil twin attack. The suggested algorithm work on the multi-channel, information about IP prefix distribution, and whitelisting of legitimate points are implemented in evil twin detection. Authorization is performed at every channel to detect any unauthorized BSSID or Deauthorization frame in the network. The proposed algorithm successfully substantiate the detection of the evil twin.