This document is my proposed capstone project for my B.S in Computer Science. The project is working as a proof-of-concept, and is still being developed. Follow the project on my Github.
Project Background and Motivation
This document is a proposal for the development of a rogue access point detector. A rogue access point is an access point that has been installed on a network without the permission of the network’s administrator. An example is an evil twin, a rogue access point that appears legitimate but is set up with malicious intent.
The motivation for the project is the current lack of safe public WiFi usage. In a 2017 survey of 15,532 people, Norton discovered 87% of participants admitted to logging into personal email accounts, social media accounts, bank accounts, or taking other security risks while on public WiFi. Furthermore, 74% of participants did not know if the applications they used transmit data securely, and 75% of participants had never used a virtual private network (VPN) while on public WiFi.
Although safe ways to use public WiFi exist, such as using a VPN, 75% of people disregard them. Other safeguards are necessary. By creating a tool which would allow network owners detect and shut down rogue access points, WiFi would be safer for everyone.
The target user for this tool would be administrators of large networks with many access points. Examples of these include theme parks, colleges, large events, and airports. Additional users include smaller networks such as coffee shops and homes.
Goal and Deliverable
The goal is to create a portable rogue access point detector and a desktop application. The detector will be small and cheap, preferably able to fit into a pocket or into a backpack. It will discover changes to the network and send the data to the external application.
The application would run on a separate computer. It will be used to determine legitimate access points from rogue access points and to display the data.
- A portable rogue access point detector that discovers service set identifiers (SSIDs) of access points and combines them with coordinates. The detector will then send the data to an external application
- An external application which will determine if an access point is legitimate or rogue and display the information to the user
- A working demonstration of each program
Not within scope:
- Disabling/jamming rogue access points
- 100% accuracy detecting rogue access points
Methodology and Implementation
The project will be split into two parts: the rogue access point detector, and the data analysis application.
The rogue access point detector will run on a Raspberry Pi. The Raspberry Pi is ideal because it is compact and consumes low amounts of energy while still providing an ideal development environment.
The rogue access point detector will run in two stages: the first being a baseline stage, in which access points are discovered and their location marked. Administrators will confirm that these are legitimate. The second is detection stage, in which new access points will be discovered, their location marked, and then sent to the data analysis application to decide if they are rogue or not.
The data analysis application will be able to run on a computer or laptop. It will receive data transmitted from the rogue access point detector, compare new access points to the baseline, decide if they are rogue or not, and display the information in the form of a map.
The decision to split the project into two applications allows for one person to carry the detector in a discrete manner while a different person uses the application as a command and control center.
Both application will be constructed using Python and using Python libraries such as Scapy (network packet capture) and GPSd (GPS coordinate).
Risks and Rewards
Detecting rogue access points is not easy. SSIDs can be copied and MAC addresses can be spoofed. This means identifying which access points are legitimate and which are rogue can be near impossible. However, by using a baseline, even small changes in the network can be detected. But the accuracy is still unknown.
Another risk is the hardware restraints of a Raspberry Pi. It is not a guarantee that capturing network packets will work on a Raspberry Pi. If this is a problem, a laptop can be used in place of the Pi.
The project holds value for both the me and the consumer. For me, the project will involve learning in detail how networks and Wi-Fi work. It will combine networking knowledge, security knowledge, and knowledge on creating efficient programs.
For the consumer it will provide a helpful tool that will help secure networks of all sizes. While the ideal network is a large network with many access points, this project holds value all the way down to small home networks.
PCMag. Rogue Access Point. Retrieved from https://www.pcmag.com/encyclopedia/term/50596/rogue-access-point
TechTarget. Evil Twin. Retrieved from http://searchsecurity.techtarget.com/definition/evil-twin
Norton. Norton Wi-Fi Risk Report. Retrieved from https://www.symantec.com/content/dam/symantec/docs/reports/2017-norton-wifi-risk-report-global-results-summary-en.pdf