一种基于RSSI的智能家居环境Evil-Twin攻击的检测方法

An Evil-Twin AP Detection Method Based on RSSI in Smart Home

Wi-Fi正在为各种各样的设备提供网络连接,但因其网络标识(SSID,BSSID)易被伪造,攻击者很容易伪造出普通用户无法识别的Evil-Twin AP并进行其他高级攻击.本文利用智能家居中AP位置稳定的特点,提出了基于RSSI的Evil-Twin攻击检测方法,它由单位置检测和多位置协同检测两种方案组成.该方法将Evil-Twin攻击检测问题转化为AP位置检测问题,两种方案都需要先在安全环境中构建指纹库.单位置检测时,确定当前检测到的目标AP与检测器之间的距离,并与指纹库中的安全距离进行比较,判断其安全性;多位置协同检测时,则先通过参考AP进行室内定位,确定检测设备的位置,然后反向定位确定当前检测到的目标AP与检测设备之间的距离,并与指纹库中该位置处的安全距离进行比较,判断其安全性.成功解决了基于AP硬件特征或流量特征的检测方法易被绕过的问题.该方法与已有的检测方法相比,检测设备不连入网络时依然可以成功检测,且无需加入专业的检测设备.实验结果显示,单位置检测方案将延迟时间降低至20s,且检测正确率达到98%,使用多位置协同检测时,正确率也达到90%.

Wi-Fi is now widely used for providing internet service.Since the identifiers（SSID,BSSID）of Wi-Fi could be faked easily,attackers could deploy an Evil-Twin AP,and users could not distinguish it from the legitimate one.Based on the fact of that the location of APs are relatively stable in the scenarios of Smart Home,a RSSI-based Evil-Twin Attack detection method was proposed.It consisted of two detection strategies：single position detection and multiple position cooperative detection.This method converted the detection of Evil-Twin Attack to the detection of the locations of APs,both of the two schemes should build a fingerprint database firstly in a security Wi-Fi condition.When it comes to single position detection,the distance between the detected target AP and the detector should be firstly computed,then comparing itwith the safe distance stored in the database,and checking to determine the security.As for multi-position cooperative detection,we should proceed an indoor positioning to get the position of the detector by reference APs,then confirm the distance between the detected target AP and the detector,lastly comparing it with the safe distance of the position,and checking to determine the security.This method fixed the vulnerabilities of existing methods based on hardware fingerprint or traffic feature.Compared to traditional detection methods,the proposed method could finish the detection without network or professional devices.Experimental results showed that single position detection reduced the delay time to 20 sand raised the accuracy to 98%,and that multiple position detection raised the accuracy to 90%.