Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Guest View: Securing open hotspots

Louis Au | July 5, 2013
Recent advances in wi-fi technology that automatically secure client devices in open hotspots have the potential to forever change mobile data access.

According to estimates by Wireless Broadband Alliance and Informa, the number of public hotspots is predicted to rise by 350 percent and private hotspots are expected to hit over 640 million by 2015.

While global public and private hotspots are exploding so is identity theft, fraud and other criminal activities that can be made possible through access to unencrypted confidential information.

So despite this insatiable desire for connectivity, users are becoming more aware and fearful that their communications at open hotspots could be compromised. In particular, most public hotspots are not encrypted or protected in any way. This means that users are potentially vulnerable to attacks or confidentiality breaches.

To provide a more secure hotspot experience, authentication (i.e., the user's identity) and encryption (data scrambling) are the two primary security items that should be addressed. Security at the transport layer (e.g. HTTPS) does help by encrypting transmissions between the client and the destination server. However, users want more assurances at the link layer (layer 2) as their traffic goes flying through the air.

Security at today's hotspots

Traditional approaches to link layer encryption require users to select an SSID and enter some sort of shared encryption key or passphrase to scramble their data before transmission. Wi-fi access at hotspots, like your typical Starbucks or airport, is generally provided over an open SSID that is easy to find but with no encryption of their data transmissions. This is because most hotspots do not offer IEEE 802.11i security framework that leverages WPA2-Enterprise (Wi-Fi Protected Access II) encryption and EAP (Extensible Authentication Protocol) authentication.

As a result, users have no assurance their connection is secured and their data protected. In other words, the security setting in hotspots is typically "open." So while users will be authenticated, there is no attempt to ensure that the ongoing access provided is encrypted to prevent security breaches.

Finally, the use of WPA2-Enterprise can make it difficult for clients to roam among different wi-fi hotspots. If the mobile device's connection manager doesn't recognise the SSID for a roaming partner's network, it won't attempt to join that network. And most of the time, users don't know the SSID for a roaming partner's network.

What if there was a way to automatically provide encrypted access through an open SSID without users having to do anything other than click a box to select a more secure connection? That could be the holy grail of hotspots.

Cool new technology secures hotspots

Secure hotspot technology pushes much of the wi-fi security process; typically a manual process performed by each user, into the network while providing new methods for configuring client devices without cumbersome keying of SSIDs and encryption keys. Doing this can completely transform and protect users' hotspot experience with little to no effort.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.