Systems and methods for detecting potentially illegitimate wireless access points

US 9,781,601 B1
Filed: 06/08/2015
Issued: 10/03/2017
Est. Priority Date: 06/08/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for detecting illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

determining that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected;

performing, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by;

identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points,establishing, via the wireless access point, a connection between the computing device and the network resource,collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, andcomparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point;

determining, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point;

determining that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and

performing, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from compromising a security state of the computing device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) determining that a computing device has established a connection with a wireless access point that resembles a known wireless access point, (2) collecting a set of network details related to a route from the computing device to a network resource via the wireless access point, (3) identifying a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point, (4) determining that a portion of the set of network details related to the route via the wireless access point does not match the set of network details related to the route via the known wireless access point, and then (5) determining that the wireless access point is potentially illegitimate.

Citations

19 Claims

1. A computer-implemented method for detecting illegitimate wireless access points, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- determining that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected;
  
  performing, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by;
  
  identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points,establishing, via the wireless access point, a connection between the computing device and the network resource,collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, andcomparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point;
  
  determining, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point;
  
  determining that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and
  
  performing, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from compromising a security state of the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining that the computing device has established the connection with the wireless access point that resembles the known wireless access point comprises determining that the wireless access point broadcasts a network identification string of a network to which the computing device was previously provided access by connecting to the known wireless access point.
  - 3. The method of claim 1, wherein collecting the set of network details related to the route from the computing device to the network resource via the wireless access point comprises identifying an Internet Protocol (IP) address of the computing device while the computing device is connected to the wireless access point.
  - 4. The method of claim 1, wherein collecting the set of network details related to the route from the computing device to the network resource via the wireless access point comprises identifying a Domain Name System (DNS) server that assigns an IP address to the computing device while the computing device is connected to the wireless access point.
  - 5. The method of claim 1, wherein collecting the set of network details related to the route from the computing device to the network resource via the wireless access point comprises performing a traceroute on the network resource to identify a series of computing devices included in the route from the computing device to the network resource via the wireless access point.
  - 6. The method of claim 1, further comprising:
    - generating a signature that identifies the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point; and
      
      storing the signature within the computing device.
  - 7. The method of claim 6, wherein determining that the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point comprises:
    - generating a signature that identifies the set of network details related to the route from the computing device to the network resource via the wireless access point; and
      
      determining that the signature that identifies the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the signature that identifies the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point.
  - 8. The method of claim 1, wherein the security action comprises disconnecting the computing device from the wireless access point.
  - 9. The method of claim 1, wherein the security action comprises warning a user of the computing device that the wireless access point is illegitimate.

10. A system for detecting illegitimate wireless access points, the system comprising:
- a connection module, stored in memory, that determines that a computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected;
  
  a collection module, stored in memory, that performs, in response to the determination that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by;
  
  identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points,establishing, via the wireless access point, a connection between the computing device and the network resource,collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, andcomparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point;
  
  a comparison module, stored in memory, that determines, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point;
  
  a legitimacy module, stored in memory, that determines that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point;
  
  a security module, stored in memory, that performs, in response to the determination that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from harming a security state of the computing device; and
  
  at least one physical processor configured to execute the connection module, the collection module, the comparison module, the legitimacy module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the connection module determines that the wireless access point broadcasts a network identification string of a network to which the computing device was previously provided access by connecting to the known wireless access point.
  - 12. The system of claim 10, wherein the collection module identifies an IP address of the computing device while the computing device is connected to the wireless access point.
  - 13. The system of claim 10, wherein the collection module identifies a DNS server that assigns an IP address to the computing device while the computing device is connected to the wireless access point.
  - 14. The system of claim 10, wherein the collection module performs a traceroute on the network resource to identify a series of computing devices included in the route from the computing device to the network resource via the wireless access point.
  - 15. The system of claim 10, wherein after identifying the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, the collection module:
    - generates a signature that identifies the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point; and
      
      stores the signature within the computing device.
  - 16. The system of claim 15, wherein:
    - the collection module generates a signature that identifies the set of network details related to the route from the computing device to the network resource via the wireless access point; and
      
      the comparison module determines that the signature that identifies the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the signature that identifies the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point.
  - 17. The system of claim 10, wherein the security module disconnects the computing device from the wireless access point.
  - 18. The system of claim 10, wherein the security module warns a user of the computing device that the wireless access point is illegitimate.

19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- determine that the computing device has established a connection with a wireless access point that resembles a known wireless access point to which the computing device has previously connected;
  
  perform, in response to determining that the computing device has established the connection with the wireless access point, an authentication process to determine the legitimacy of the wireless access point by;
  
  identifying a network resource to which the computing device is configured to connect as part of authentication processes to determine the legitimacy of wireless access points,establishing, via the wireless access point, a connection between the computing device and the network resource,collecting, based on the connection between the computing device and the network resource, a set of network details related to a route from the computing device to the network resource via the wireless access point, the set of network details describing properties of at least one network device that facilitates the connection between the computing device and the network resource, andcomparing the set of network details related to the route from the computing device to the network resource via the wireless access point with a previously collected set of network details related to a route from the computing device to the network resource via the known wireless access point;
  
  determine, based on the comparison, that at least a portion of the set of network details related to the route from the computing device to the network resource via the wireless access point does not match the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point;
  
  determine that the wireless access point is illegitimate by determining, based at least in part on the portion of the set of network details related to the route from the computing device to the network resource via the wireless access point not matching the previously collected set of network details related to the route from the computing device to the network resource via the known wireless access point, that a malicious network device is spoofing the known wireless access point; and
  
  perform, in response to determining that the wireless access point is illegitimate, a security action on the computing device to prevent the wireless access point from harming a security state of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Kurani, Ankit
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/732,811
Time in Patent Office

848 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 40/246   Connectivity information di...

Systems and methods for detecting potentially illegitimate wireless access points

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for detecting potentially illegitimate wireless access points

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links