Research and Prevention of Rogue AP Based MitM in Wireless Network

Abstract

Due to the wireless network is popularly used, the security of wireless network is more important than past. Wireless network is considerably more susceptible to MitM (man-in-the-middle) attack. This paper proposes a Rogue AP based MitM attack framework. In actual wireless network, the mobile terminals cannot properly validate the server due to their limitation. The attackers force the user to connect the Rogue AP so as to obtain the authentication credentials of the unauthorized users. Then the attackers use these credentials to connect to the legitimate AP. We test this MitM framework in the actual wireless network environment under the EAP-TTLS/MSCHAPv2 using different mobile terminals. Last we propose a two-factor based dynamic password technology to prevent this MitM attack.