VR-Defender: Self-Defense Against Vehicular Rogue APs for Drive-Thru Internet

This paper considers the problem of vehicular rogue access points (APs) for drive-thru Internet. Vehicular rogue APs are set up in moving vehicles to mimic legitimate roadside APs so as to lure users into associating with them. Due to the mobility, a vehicular rogue AP is able to maintain a long connection with users, which gives the adversary more time to launch various attacks and steal users´ sensitive data. We propose a practical user-side detection scheme to prevent users from connecting to vehicular rogue APs without the help of a network administrator. In our solution, each AP broadcasts its GPS location; thus, a vehicular rogue AP has to forge its location to evade detection. A lie detector algorithm based on information collected and exchanged by clients is then used to validate whether the reported location is fake, aiming to detect the rogue AP. We have implemented the prototype and evaluated it on commercial off-the-shelf devices. We observed that our scheme can achieve more than 90% accuracy in real-world experiments.