This paper proposes a passive user‐side solution, called Wi‐Fi legal access point (AP) finder (LAF), to the notorious evil twin access point problem, which in turn can result in diverse security problems, such as fraud, identity theft, and man‐in‐the‐middle attacks. Due to the severe security threats created by evil twins, many promising solutions have been proposed. However, the majority of these solutions are designed for the administrators of wireless networks, not for Wi‐Fi users. Hence, they are either too expensive or need some data that are usually not accessible to normal users. LAF utilizes the TCP three‐way handshake‐related packets and packet forwarding property created by evil twins to find legal APs, called good twins, at public hotspots or unencrypted WLANs; thus, it does not need any data or assistance from wireless network administrators. LAF does not send exploring packets actively; hence, evil twins cannot sense its existence. No matter when and where a user needs to utilize an AP to connect to the Internet at a hotspot, he can just use LAF to find out a legal AP to connect to. Experimental results show that LAF can quickly and accurately find legal APs after observing only a few packets.

中文翻译：

---

在公共热点检测邪恶双胞胎接入点的被动用户端解决方案

本文针对臭名昭著的邪恶双胞胎接入点问题提出了一种称为Wi-Fi合法接入点（AP）查找器（LAF）的被动用户端解决方案，该解决方案反过来又可能导致各种安全问题，例如欺诈，身份盗用以及中间人攻击。由于邪恶双胞胎造成的严重安全威胁，已经提出了许多有希望的解决方案。但是，这些解决方案中的大多数是为无线网络的管理员设计的，而不是为Wi-Fi用户设计的。因此，它们要么太昂贵，要么需要普通用户通常无法访问的一些数据。LAF利用邪恶双胞胎创建的与TCP三向握手相关的数据包和数据包转发属性在公共热点或未加密的WLAN中找到合法的AP（称为好双胞胎）。从而，它不需要任何数据或无线网络管理员的帮助。LAF不会主动发送探索数据包；因此，邪恶的双胞胎无法感知其存在。无论用户何时何地需要使用AP在热点上连接到Internet，他都可以使用LAF找出合法的AP进行连接。实验结果表明，LAF只需观察少量数据包，即可快速，准确地找到合法的AP。