2) For Completely Matched, there are two
possibilities of access points: Trusted AP or
Attacker Rogue AP. The attacker rogue AP
completely spoofs the authorized AP information
(i.e., spoof MAC and spoof SSID). Typically it is
hard to verify if an AP is the legitimate one.
Therefore, we propose the technique that can
differentiate Trust APs from Spoof Rogue AP
using timestamp information within Beacon.
Normally each access point will includes the
timestamp on the Beacon. The timestamp is total
uptime of the access point measured since its start.
Even though the attackers can manipulate the
spoof SSID and wireless MAC, they will have the
difficult time trying to synchronize and spoof
timestamp of the trusted AP.