Abstract | Users of public Wi-Fi networks risk being tricked into connecting to `evil twin' access points set up by attackers to launch man-in-the-middle attacks. We present a system which employs post hoc validation of an anonymous Diffie-Hellman key exchange undertaken as part of an 802.1X/EAP-TTLS network association process. Our system utilises an additional secure auxilliary channel to run a modified version of the interlock protocol based on physical evidence in the network location. By using keying information generated during the network joining process, we allow spontaneous network users to detect man-in-the-middle attacks as well as avoiding the need for pre-shared keys. We report on implementations of our system which utilise physical evidence of authenticity in the alternative forms of public displays and 2D barcodes embedded in the environment and read by mobile phones.

Associated Project
Cityware: Urban Design and Pervasive Systems
Kindberg, T., Mitchell, J., Grimmett, J., Bevan, C., & O'Neill, E. (2009 , Oct). Authenticating public wireless networks with physical evidence. 2009 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (pp. 394–399). doi:10.1109/WiMob.2009.73
@INPROCEEDINGS{5325253, author={T. {Kindberg} and J. {Mitchell} and J. {Grimmett} and C. {Bevan} and E. {O'Neill}}, booktitle={2009 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications}, title={Authenticating Public Wireless Networks with Physical Evidence}, year={2009}, volume={}, number={}, pages={394-399}, keywords={cryptographic protocols;mobile radio;telecommunication security;wireless channels;wireless LAN;public wireless network authenticity;public Wi-Fi network;evil twin access points;man-in-the-middle attack;post hoc validation;anonymous Diffie-Hellman key exchange;802.1X network association process;EAP-TTLS network association process;secure auxilliary channel;interlock protocol;network location;mobile phone;Wireless networks;Portals;Cryptography;Joining processes;Protection;Uniform resource locators;Authentication;Wireless LAN;Communication system security;Mobile computing;Wireless LAN;security;authentication}, doi={10.1109/WiMob.2009.73}, ISSN={2160-4886}, month={Oct},}