Aggregated Mobile Access Services Address Hot-Spot Security

By Carol Ellison  |  Posted 2005-02-10 Print this article Print

Protections against phishing schemes such as Evil Twin exist but have yet to be implemented in many public hot spots. In their absence, aggregator services help to secure enterprise users.

Evil Twin, the phishing scheme that threatens users of Wi-Fi hot spots, has been well-known in the industry for as long as two years, according to the chairman of the Wi-Fi Alliances public access committee. Evil Twins target is the Universal Authentication Method, or UAM, the basic browser-based authentication presentation screen you see at most commercial hot spots.
The good news for users is that by the time Evil Twin hit the headlines last month, the industry had come up with schemes for addressing that category of attacks, known as man-in-the-middle.
Click here for tips on how to avoid Evil Twin. The bad news is that those strategies, pegged to the WPA (Wi-Fi Protected Access) and WPA2 security standards, are not in place everywhere. The problems result from legacy equipment that has not been upgraded to WPA and from the fact that the staff at most hot spots, such as coffee shops, airport lounges and hotels, are not permitted to distribute secure login keys and support users if theres a question. "Once devices have the WPA client embedded in them," said Greg Hayes, chairman of the Alliances public access committee and director of mobility marketing at InfoNet, "it drastically reduces the local support burden on the venues because the procedure for getting authentication and getting services becomes a baseline industry standard. In October the Alliance published a technical whitepaper that detailed how WPA could be implemented in hot spots and offered a migration path to WPA for organizations using legacy equipment. "So its not a forklift upgrade," Hayes said. Ultimately, he added, the goal is "that end users will enjoy the same levels of secure mobile access when they travel" as they have when they work wirelessly within their offices. Many corporate and campus environments that provide guest access to visitors have already taken these steps, Hayes noted. But problems still exist at hot spots provided as a courtesy by restaurants, coffee shops, and other public venues where there is no good way of distributing credentials or providing support to Wi-Fi users. Hayes cited Connexion by Boeings new in-flight Wi-Fi service as an example. "Imagine an airline flight attendant being asked to troubleshoot the network connection with an end user. Obviously, thats not going to happen," he said. "The burden is really on us [as service providers] to provide seamless roaming and, more and more, to automate the process and make it transparent to the user." Traditionally, the authentication, encryption and accounting schemes that offer security and consolidated billing across networks came to enterprise users in the form of aggregated service offerings through such providers as Boingo Wireless Inc., Infonet Services Corp., iPass Inc. and Fiberlink Communications Corp. Boingo also provides service to end users, and iPass, which is largely focused on the enterprise, resells its service to users through its various partners. These services use client-side software, installed on the mobile devices, to provide authentication, encryption and consolidated billing services. Users have the same login experience whether theyre at an airport lounge, hotel or coffee shop, and they receive a single bill for services as long as the provider servicing the location is a member of the aggregated network. With their enterprise focus, Infonet, iPass and Fiberlink each provided added security services that allow IT managers to push their security to remote users logging in over any type of connection, whether its Wi-Fi, wired broadband, or dial-up. Next page: How the aggregators work.

Carol Ellison is editor of's Mobile & Wireless Topic Center. She has authored whitepapers on wireless computing (two on network security–,Securing Wi-Fi Wireless Networks with Today's Technologies, Wi-Fi Protected Access: Strong, Standards-based Interoperable Security for Today's Wi-Fi Networks, and Wi-Fi Public Access: Enabling the future with public wireless networks.

Ms. Ellison served in senior and executive editorial positions for Ziff Davis Media and CMP Media. As an executive editor at Ziff Davis Media, she launched the networking track of The IT Insider Series, a newsletter/conference/Web site offering targeted to chief information officers and corporate directors of information technology. As senior editor at CMP Media's VARBusiness, she launched the Web site, VARBusiness University, an online professional resource center for value-added resellers of information technology.

Ms. Ellison has chaired numerous industry panels and has been quoted as a networking and educational technology expert in The New York Times, Newsday, The Los Angeles Times and The Wall Street Journal, National Public Radio's All Things Considered, CNN Headline News, WNBC and CNN/FN, as well as local and regional Comcast and Cablevision reports. Her articles have appeared in most major hi-tech publications and numerous newspapers and magazines, including The Washington Post and The Christian Science Monitor.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel