Connect with us

Hi, what are you looking for?

MOBILE PRODUCTS

Securing open hotspots

By Louis Au, Vice President, Asia Pacific, Ruckus Wireless

Louis AuAccording to estimates by Wireless Broadband Alliance and Informa, the number of public hotspots is predicted to rise by 350% to 5.8 million, and private hotspots are expected to hit over 640 million by 2015.

While global public and private hotspots are exploding so is identity theft, fraud and other criminal activities that can be made possible through access to unencrypted confidential information.

So despite this insatiable desire for connectivity, users are becoming more aware and fearful that their communications at open hotspots could be compromised. In particular, most public hotspots are not encrypted or protected in any way. This means that users are potentially vulnerable to attacks or confidentiality breaches.

To provide a more secure hotspot experience, authentication (i.e., the user’s identity) and encryption (data scrambling) are the two primary security items that should be addressed. Security at the transport layer (e.g. HTTPS) does help by encrypting transmissions between the client and the destination server. However users want more assurances at the link layer (layer 2) as their traffic goes flying through the air.

Advertisement. Scroll to continue reading.

Security at Today’s Hotspots

Traditional approaches to link layer encryption require users to select an SSID and enter some sort of shared encryption key or passphrase to scramble their data before transmission. Wi-Fi access at hotspots, like your typical Starbucks or airport, is generally provided over an open SSID that is easy to find but with no encryption of their data transmissions. This is because most hotspots do not offer IEEE 802.11i security framework that leverages WPA2-Enterprise (Wi-Fi Protected Access II) encryption and EAP (Extensible Authentication Protocol) authentication. As a result, users have no assurance their connection is secured and their data protected. In other words, the security setting in hotspots is typically “open.” So while users will be authenticated, there is no attempt to ensure that the on-going access provided is encrypted to prevent security breaches.

Finally, the use of WPA2-Enterprise can make it difficult for clients to roam among different Wi-Fi hotspots. If the mobile device’s connection manager doesn’t recognize the SSID for a roaming partner’s network, it won’t attempt to join that network. And most of the time, users don’t know the SSID for a roaming partner’s network.

What if there was a way to automatically provide encrypted access through an open SSID without users having to do anything other than click a box to select a more secure connection? That could be the holy grail of hotspots.

Cool New Technology Secures Hotspots

Advertisement. Scroll to continue reading.

Secure hotspot technology pushes much of the Wi-Fi security process; typically a manual process performed by each user, into the network while providing new methods for configuring client devices without cumbersome keying of SSIDs and encryption keys. Doing this can completely transform and protect users’ hotspot experience with little to no effort.

At the heart of secure hotspot technology are two essential tasks:

1)    generating unique encryption keys for each user and
2)    automating the configuration of these keys and other Wi-Fi information within the user’s device.

Two exciting technologies either in progress or already available to solve these problems: Hotspot 2.0 and new secure hotspot technology.

Hotspot 2.0 is a global initiative championed by the Wi-Fi Alliance (WFA) and Wireless Broadband Alliance (WBA) to address a myriad of Wi-Fi hotspot concerns ranging from automating the authentication and security of Wi-Fi connections to provisioning policy, establishing roaming agreements and ultimately the seamless transition between Wi-Fi and cellular networks. Hotspot 2.0 is an ideal way for carriers and enterprises to address some of these specific Wi-Fi hotspot security concerns when commercial Hotspot 2.0 network services become available in the future.

Advertisement. Scroll to continue reading.

Beyond the larger Hotspot 2.0 framework, recent advances in Wi-Fi and Wi-Fi security now provide a way for public venues, enterprise and carrier to offer secure hotspots through an open Wi-Fi network. This has the advantage of requiring no new protocol or software support (Hotspot 2.0) and works across nearly all Wi-Fi enabled devices.

With secure hotspot technology, once a client associates to an open SSID from an access point, the wireless LAN (WLAN) controller sends the client device to a predetermined Web portal. The end user is then asked if he or she wants a secure or open connection.

After signing in, a unique 63-byte encryption key with a limited life span is generated and bound to the user device by the WLAN controller. Vendors often call this capability Dynamic Pre-Shared Keys (DPSK). There is no need for pre-defined user credentials whatsoever. The Web server simply instructs WLAN controller to create a unique encryption key based on whatever information that hotspot operator wants to use to track users such as an email address, name, etc.

Once the key generation process is complete, the unique PSK and all the requisite WLAN information necessary to establish a secure connection is installed within the user’s device connection manager using a dissolvable provisioning file that it automatically created and pushed to the user’s devices without having to install any additional applications. The user device then automatically associates with the encrypted hotspot Wi-Fi network.

The end-user sees the option to connect more securely or not. There is no need for the hotspot administrator to pre-configure any user, although they can log details on each user and usage within the hotspot. The administrator’s set-up is very simple: configure an “open” (provisioning) SSID and an encrypted hotspot SSID for devices to automatically connect, once the user has agreed to setup an encrypted connection.

Advertisement. Scroll to continue reading.

Ultimately secure hotspot technology breaks the traditional paradigm between higher levels of security and higher complexity in implementing stronger security giving organizations a unique way to easily offer encrypted connections over open networks with little to no effort.

Hotspots will never be the same again.

 

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

HEADLINES

This development marks a major step forward in Globe's long-standing #PlayItRight advocacy to help promote and protect the country’s ₱1.6-trillion creative industry from the...

HEADLINES

Spoofing is a technique where fraudsters impersonate SMS channels to deceive recipients. The practice has seen a marked rise, especially in Metro Manila, with...

Advertisement