HotspotID-crowdsourced WiFi security

SCHEME: Proof-of-Concept

CALL: 2015

DOMAIN: IS - Information and Communication Technologies





HOST INSTITUTION: University of Luxembourg

KEYWORDS: WiFi Security - Evil Twin attack - Public Wifi - Spoofed AP - Rogue AP - Mobile app - crowdsourced - Access Point Certification

START: 2016-01-15

END: 2017-03-31


Submitted Abstract

Today’s security solutions do not provide WiFi users with the tools needed to asses the security risks associated with connecting to a WiFi network, in real time. It is impossible to verify that you are connected to the legitimate access point (AP) and not an imposter (Evil Twin). Nor do you have any information about the access point. Likewise the owners of WiFi access points have no means to clearly identify themselves for their users, so they will not be mistaken for an imposter.Hotspot IDTM offers WiFi users a FREE mobile app which fingerprints all WiFi connections made and registers this (crowdsourced) data on the central server for analysis & evaluation. The server tracks all the data it receives to generate a reputation score for each registered access point (AP). The server returns to the app all relevant data for the WiFi network and warns the user if connected to an unsafe AP (i.e. Evil Twin). We propose to WiFi owners to certify their Access Points – a subscription based service to register verified network data in the system. This permits better attack detection as the live fingerprints are checked against verified networks, instead of crowdsourced records. This results in better security for the users of Certified AP.

This site uses cookies. By continuing to use this site, you agree to the use of cookies for analytics purposes. Find out more in our Privacy Statement