Abstract

Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform for leveraging alternative certificate-based trust models in wireless networks, present a proof-of-concept using one of the most promising alternative validation models identified--a whitelisting and pinning hybrid--and examine its effectiveness at defending against evil twin attacks in 802.11 networks.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

http://lib.byu.edu/about/copyright/

Date Submitted

2016-11-01

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd8929

Keywords

Wireless networks, authentication, public key cryptography, evil twin

Share

COinS