隨著無線網路技術的發展與Wi-Fi 設備的廣泛佈建，無線網路之使用性與普遍性也隨之增加。然而，這其中卻存在著一個危險漏洞，此漏洞會嚴重威脅到無線網路使用者-偽冒之惡意無線基地台攻擊(Rogue Access Point Attack)。在此攻擊方式過程中，惡意者會透過架設偽造的無線基地台來發動各種攻擊，而在無線區域網路環境中，偽造無線基地台是一種釣魚無線基地台，其與合法無線基地台有著相同或相似名字(SSID，服務設定識別碼)，但實際上其是由惡意者所架設，此偽造無線基地台會欺騙無線網路使用者與他建立連線，將其引導到惡意者所架設網站，並進一步進行各種攻擊，藉此惡意者可透過偽造之無線基地台進行中間人攻擊(Man-In-The-Middle Attack)。
　　在本篇論文中，我們提出一套系統來抵擋偽造無線基地台攻擊。我們針對所提出之系統在無線網路環境下進行安全性分析評估並與其它相關技術進行比較，結果顯示我們所提出之系統在安全性與實用性上皆優於其它相關防禦機制。

Wireless network is becoming more and more popular and widespread with the great advance of wireless LAN techniques and the wide deployment of Wi-Fi equipment. However, there is an emerging and serious threat that can severely compromise the security of wireless users – Rouge Access Point Attack. An adversary can set up a rogue access point as a platform to launch a variety of attacks. A rogue AP in a wireless LAN is essentially a phishing wireless AP that looks like a legitimate access point with the same or similar SSID, but actually it has been set up by an adversary, the rogue AP will lure careless wireless users to connect with it and redirect victims to phishing websites so that adversary can eavesdrop and inject on wireless communications of Internet access through rogue AP.
In this thesis, we provide a system that is a defense technique against Rogue Access Point Attack. We analyze and evaluate the security of our system in wireless LAN environment and compare our system with other related defense techniques. The result shows our system better than other defense techniques of rogue AP on security and feasibility.

1.Introduction
2.Background
3.Related work
4.Attack Model
5.Design Architecture
6.Implementation
7.Discussion
8.Conclusion

[1] ”Wi-Fi”. http://www.wi-fi.org/.
[2] Anthony J Nicholson, Yatin Chawathe, Mike Y Chen, Brian D Noble, and
David Wetherall. Improved access point selection. In Proceedings of the 4th international conference on Mobile systems, applications and services, pages 233–245. ACM, 2006.
[3] ”Wireless Network”. http://en.wikipedia.org/wiki/Wireless_network.
[4] ”Wireless Local Area Network”. http://en.wikipedia.org/wiki/Wireless_LAN.
[5] ”National Institute of Standards and Technology”. http://www.nist.gov/index.html.
[6] Tom Karygiannis and Les Owens. Wireless network security. NIST special publication, 800:48, 2002.
[7] Raheem Beyah, Shantanu Kangude, George Yu, Brian Strickland, and John Copeland. Rogue access point detection using temporal traffic characteristics. In Global Telecommunications Conference, 2004. GLOBECOM’04. IEEE, volume 4, pages 2271–2275. IEEE, 2004.
[8] Sachin Shetty, Min Song, and Liran Ma. Rogue access point detection by analyzing network traffic characteristics. In Military Communications Conference, 2007. MILCOM 2007. IEEE, pages 1–7. IEEE, 2007.
[9] Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kurose, and Don Towsley. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 365–378. ACM, 2007.
[10] Guangzhi Qu and Michael M Nefcy. Rapid: An indirect rogue access points detection system. In Performance Computing and Communications Conference (IPCCC), 2010 IEEE 29th International, pages 9–16. IEEE, 2010.
[11] Liran Ma, Amin Y Teymorian, and Xiuzhen Cheng. A hybrid rogue access point protection framework for commodity wi-fi networks. In INFOCOM 2008. The 27th Conference on Computer Communications. IEEE, pages 1220–1228. IEEE, 2008.
[12] Yimin Song, Chao Yang, and Guofei Gu. Who is peeping at your passwords at starbucks?—to catch an evil twin access point. In Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on, pages 323–332. IEEE, 2010.
[13] Christian Gehrmann, Chris J Mitchell, and Kaisa Nyberg. Manual authentication for wireless devices. RSA Cryptobytes, 7(1):29–37, 2004.
[14] Volker Roth, Wolfgang Polak, Eleanor Rieffel, and Thea Turner. Simple and effective defense against evil twin access points. In Proceedings of the first ACM conference on Wireless network security, pages 220–235. ACM, 2008.
[15] Kevin Bauer, Harold Gonzales, and Damon McCoy. Mitigating evil twin attacks in 802.11. In Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International, pages 513–516. IEEE, 2008.
[16] ”Man-In-The-Middle Attack”. http://en.wikipedia.org/wiki/Man-in-the-middle_attack.
[17] Erin Biba. Does your wi-fi hotspot have an evil twin. PC World, Medill News Service, March, 15, 2005.
[18] ”Rogue Access Point”. http://www.rogueap.com/.
[19] ”Advanced Encryption Standard”. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard.
[20] Whitfield Diffie, Paul C Van Oorschot, and Michael J Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2(2):107–125, 1992.
[21] Chao Lv, Maode Ma, Hui Li, Jianfeng Ma, and Yaoyu Zhang. An novel threeparty authenticated key exchange protocol using one-time key. Journal of Network and Computer Applications, 2012.
[22] ”FreeRADIUS”. http://freeradius.org/.
[23] ”How secure is AES against brute force attacks?”. http://www.eetimes.com/design/embedded-internet-design/4372428/How-secure-is-AES-against-brute-force-attacks-.
[24] ”Supercomputer”. http://en.wikipedia.org/wiki/Supercomputer.
[25] Matthew K Franklin and Michael K Reiter. Fair exchange with a semi-trusted third party. In Proceedings of the 4th ACM conference on Computer and communications security, pages 1–5. ACM, 1997.