TY - GEN
T1 - SeQR
T2 - 2025 CHI Conference on Human Factors in Computing Systems, CHI 2025
AU - Hasan, S. Mahmudul
AU - Tu, Che Wei
AU - Hoque, Endadul
AU - Chowdhury, Omar
AU - Chau, Sze Yiu
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/4/26
Y1 - 2025/4/26
N2 - A classic problem in enterprise Wi-Fi is client-side misconfiguration, which enables credential theft via "Evil Twin"(ET) attacks. To mitigate this, we design, develop, and evaluate a new configurator, SeQR, which allows users to effortlessly and securely set up an enterprise Wi-Fi connection. Utilizing existing authenticated channels, SeQR fully automates the client-side enterprise Wi-Fi configuration process with a simple scan, leaving no room for misconfigurations. Specifically, SeQR thwarts ET by making it impossible for users to opt-out from the security-critical certificate validation. We evaluate the efficacy of SeQR on two fronts. First, we implement a prototype of SeQR in Android, and test its functionality and runtime performance. Next, we compare the usability of SeQR against two existing Wi-Fi configuration interfaces of Android in an in-person user study (n=41) with real devices. Our evaluation shows that SeQR achieves noticeable usability improvements over existing designs, and prevents users from misconfiguring.
AB - A classic problem in enterprise Wi-Fi is client-side misconfiguration, which enables credential theft via "Evil Twin"(ET) attacks. To mitigate this, we design, develop, and evaluate a new configurator, SeQR, which allows users to effortlessly and securely set up an enterprise Wi-Fi connection. Utilizing existing authenticated channels, SeQR fully automates the client-side enterprise Wi-Fi configuration process with a simple scan, leaving no room for misconfigurations. Specifically, SeQR thwarts ET by making it impossible for users to opt-out from the security-critical certificate validation. We evaluate the efficacy of SeQR on two fronts. First, we implement a prototype of SeQR in Android, and test its functionality and runtime performance. Next, we compare the usability of SeQR against two existing Wi-Fi configuration interfaces of Android in an in-person user study (n=41) with real devices. Our evaluation shows that SeQR achieves noticeable usability improvements over existing designs, and prevents users from misconfiguring.
KW - Android UI
KW - Evil-Twin
KW - TLS
KW - WPA Enterprise
UR - https://www.scopus.com/pages/publications/105005750996
U2 - 10.1145/3706598.3714223
DO - 10.1145/3706598.3714223
M3 - Conference contribution
AN - SCOPUS:105005750996
T3 - Conference on Human Factors in Computing Systems - Proceedings
BT - CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
Y2 - 26 April 2025 through 1 May 2025
ER -