A Method to Detect Rogue Access Points in a Campus without Decrypting WLAN Frames

Tomohiro TAKEDA  Kenji OHIRA  Hiroki TANIOKA  Masahiko SANO  Kenji MATSUURA  Tetsushi UETA  

B - Abstracts of IEICE TRANSACTIONS on Communications (Japanese Edition)   Vol.J101-B   No.2   pp.90-99
Publication Date: 2018/02/01
Online ISSN: 1881-0209
Type of Manuscript: Special Section PAPER (Special Section on Student Research)
campus network,  rogue access point,  captive portal,  wirelessu LAN,  

Full Text(in Japanese): PDF(1.1MB)
>>Buy this Article

Security problems of rogue APs exist because there are many wireless access points (APs) in a campus. In many cases, there are not only university-wide network administrators but also subnet administrators and the former ones usually do not know details of each subnet. We propose a method for the university-wide network administrators to detect rogue APs without decrypting WLAN frames. HTTP packets of captive portal detection are used in this method. As a result of our evaluation, we confirmed that it is possible to associate an IP address as seen from wired upstream network and a frame from WLAN.