Gateway independent user-side wi-fi Evil Twin Attack detection using virtual wireless clients

Complimentary open Wi-Fi networks offered by most coffee shops, fast food restaurants and airports are inherently insecure. An attacker can easily deceive a wireless client (WC) by setting up a rogue access point (RAP) impersonating the legitimate access point (LAP), which is usually referred as Evil Twin Attack (ETA). To pass a victim's wireless data through to the Internet, an attacker may use the same LAP's gateway, or use a different gateway, such as broadband cellular connection. Most of the existing ETA detection techniques assume that the attacker will use a specific wireless network gateway to pass victim's wireless data. In this paper, we present a real-time client-side detection scheme to detect ETA regardless of the attacker's gateway selection. The proposed ETA detection system considers both ETA scenarios in parallel by creating two Virtual Wireless Clients (VWCs). The first VWC monitors multiple Wi-Fi channels in a random order looking for specific data packets sent by a server on the Internet. Meanwhile, the second VWC warns the WC when the wireless network uses two different gateways by switching from one AP to another in the middle of a secure connection. The effectiveness of the proposed detection method has been mathematically modeled, prototyped and evaluated in real-life environment with a detection rate close to 100%.