PEDR: Exploiting Phase Error Drift Range to Detect Full-model Rogue Access Point Attacks

Over the past decade, the rogue access point (RAP) has been a persistent security threat in IEEE 802.11 networks. By exploiting the vulnerability in the 802.11 family, an RAP can be disguised as a legitimate access point to eavesdrop on victims’ communications. This attack has caused a mass of privacy leakage and property loss events, prompting in-deep researches on RAP detection in both academia and industry. Recently, the phase error extracted in channel state information has been studied in state-of-the-art researches to achieve hardware-based fingerprinting. However, demonstrated by our extensive empirical experiments, we reveal a significant fact that the phase error suffers from a drift phenomenon in widespread wireless devices. Such a phenomenon could cause phase error fingerprints to overlap across different devices and affects attack detection accuracy. Inspired by our significant observation that the phase error drift phenomenon, we innovatively propose a full-model RAP detection mechanism, named PEDR. PEDR introduces a novel fingerprinting concept of the subcarrier-level P hase E rror D rift R ange and uses it as a reliable hardware fingerprint for full-model RAP detection and source identification. Through evaluating the proposed mechanism with 27 wireless devices, we demonstrate that PEDR shows a better performance in stability and effectiveness than state-of-the-art approaches. PEDR ’s detection rate against full-model RAP attacks remained above 90.5% in a real-world wireless dynamic environment with random interference factors.