Using end-to-middle security to protect against evil twin access points

Abstract

The term Evil Twin refers to a type of rogue wireless access point that appears to be legitimate, but is set up for the purpose of intercepting traffic between mobile users and the Internet. This paper generalizes a known technique into a model we call ldquoend-to-middle security,rdquo which can be adopted by mobile users to protect against Evil Twin attacks. This model involves using a virtual gateway to securely relay traffic for mobile users. Our intention of formalizing this model is to gain wider awareness of its effectiveness, and to encourage more solution implementations that target on the less programmable mobile devices such as game consoles and VoIP phones. We also derive a minimal set of requirements to verify the correctness of implementation. Towards the end, this paper also provides suggestions to mitigate possible delay in traffic transmission as a result of adopting this model.