Detecting Evil-twin Attacks in Smart Homes Using The Received Signal Strength Indicator

Evil-twin is a common attack in WIFI environments, with which an attacker can set up a fake AP to steal sensitive information from the connected devices. The current approaches of detecting Evil-twin AP use some identities or fingerprints (such as SSIDs, MAC address and network traffic patterns) to verify the identify of the AP. However, such information can be easily obtained and faked by the attacker, leading to low detection rates. This paper presents a novel Evil-Twin AP detection method based on the received signal strength indicator (RSSI). Our key insight is that the AP location rarely moves in a smart home environment where the RSSI of the genuine AP is relatively stable. Therefore, the RSSI can be used as the fingerprint of the genuine AP to detect fake APs. Our approach employs two strategies to detect a fake AP in two different scenarios where the genuine AP can be located on a single or multiple locations. Our approach uses the multipath effect of the WIFI signal to detect the identify of the connected AP. Compared to classical detection methods, our approach does not rely professional devices. Experimental results show that the single position detection approach achieves with an accuracy over 90% with little cost in delay time.