Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform for leveraging alternative certificate-based trust models in wireless networks, present a proof-of-concept using one of the most promising alternative validation models identified--a whitelisting and pinning hybrid--and examine its effectiveness at defending against evil twin attacks in 802.11 networks.
College and Department
Physical and Mathematical Sciences; Computer Science
BYU ScholarsArchive Citation
Hendershot, Travis S., "Towards Using Certificate-Based Authentication as a Defense Against Evil Twins in 802.11 Networks" (2016). All Theses and Dissertations. 6115.
Wireless networks, authentication, public key cryptography, evil twin