Towards Using Certificate-Based Authentication as a Defense Against Evil Twins in 802.11 Networks
Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for ce...
| Main Author: | |
|---|---|
| Format: | Others |
| Published: |
BYU ScholarsArchive
2016
|
| Subjects: | |
| Online Access: | https://scholarsarchive.byu.edu/etd/6115 https://scholarsarchive.byu.edu/cgi/viewcontent.cgi?article=7115&context=etd |
| Summary: | Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform for leveraging alternative certificate-based trust models in wireless networks, present a proof-of-concept using one of the most promising alternative validation models identified--a whitelisting and pinning hybrid--and examine its effectiveness at defending against evil twin attacks in 802.11 networks. |
|---|