Online detection of fake access points using received signal strengths

Wireless access points (APs) are widely used for the convenience and productivity of smartphone users. The growing popularity of wireless local area networks (WLANs) increases the risk of wireless security attacks. A fake AP can be set in any public space in order to impersonate legitimate APs for monetization. Existing fake AP detection methods analyze wireless traffic by using extra devices, and the traffic is collected by servers. However, using these server-side methods is costly and only provide secure communication, in limited places, of clients' devices. Recently, several fake AP detection methods have been designed in order to overcome the server-side problems in a client-side. However, there are two limitations to the client-side methods: cumbersome processes and limited resources. When the methods attempt to collect data, calculating interval time incurs time-consuming processes to detect fake characteristics in the client-side. Moreover, the operating systems in smartphones provide limited resources that can hardly be adopted in the client-side. In this paper, we propose a novel fake AP detection method to solve the aforementioned problems in the client-side. The method leverages received signal strengths (RSSs) and online detection algorithm. Our method collects RSSs from nearby APs and normalizes them for accurate measurement. We measure the similarity of normalized RSSs. If the similarity between normalized RSSs is less than the fixed threshold value, we determine that the RSSs are generated from a fake device. We can measure the optimal threshold value derived from the sequential hypothesis testing. In our experiment, when the fixed threshold value was 2, the true positive was over than 99% and the false positive was less than 0.1% in three observations.