3 Comments

Summary:

With the next release of its WLAN software all Ruckus-built hotspots will be able to supply optional encrypted connections to any user who wanders into Wi-Fi coverage.

A Ruckus Wireless Wi-Fi access point similar to those used in TWC's network (source: Ruckus)
photo: Ruckus Wireless

Wi-Fi is everywhere and more often than not it’s free for the taking. Pretty much everyone but airlines and fancy hotels are opening their networks to all comers. The only problem is that open networks are, well, wide open. They’re unencrypted and insecure, exposing users to a world of electronic eavesdroppers and attacks.

Hotspot maker Ruckus Wireless, however, has developed a kind of ad-hoc security system for open hotspots, which it plans to release next week with the next version of its access point management software. Called Open Secure Hotspot, the technology automatically generates encryption keys for any user who logs into an open Ruckus hotspot, granting them a secure connection within moments, Ruckus VP of marketing David Callisch told GigaOM.

Ruckus started out as a supplier of IPTV wireless streaming nodes and enterprise wireless LANs, over which security measures were much easier to enforce. But as Ruckus’s public access network business grew it found itself supplying more Wi-Fi gear that enterprises and service providers simply wanted open to the public, Callisch said. Those customers didn’t want their open networks turning into playgrounds for Firesheep, man-in-the-middle attackers and other internet nasties, Callisch said, so they pressed Ruckus to develop a secure form of open Wi-Fi.

Ruckus DPSK Open Secure Hotspot

The rather confusing diagram above details how the security software works, but here’s what it boils down to: Anytime an unknown user connects to an upgraded Ruckus hotspot he or she will receive the option of establishing a secure connection to the network. If the user opts in, Ruckus’s network gateway will generate what Ruckus is calling a dynamic pre-shared key, randomly generated for each device. Users can either input the key by launching an executable file sent by the gateway, or they can manually enter the key into their Wi-Fi settings.

It may not seem like the most elegant way of getting online in a hotel lobby or public square, but Callisch but it’s still a relatively simple process, and it beats the alternative – surfing the internet over a naked connection or installing virtual private network (VPN) software on the fly.

You’re subscribed! If you like, you can update your settings

  1. “But Callisch but”???

  2. I proposed a similar idea to fon.com where the routers would have VPN servers aboard to encrypt the hotspot user’s data stream. Nominally, this VPN would exist between a client running on the laptop, and terminating in the access point being used. The beauty of this idea is that with thousands of VPN endpoints in their network, they could offer a cheaper, VPN-only service to potential customers who weren’t actually located in range of a fon hotspot. Your VPN client would tunnel your traffic through any untrusted or open wifi (or any connection) and proxy out of a fon router elsewhere. There would be some basic test to pick the best performing endpoint for a given customer, and maybe a choice of countries to appear in for a small extra fee. Those who also hosted fon hotspots could even optionally select their home network to terminate into. This would make every hotspot in the world capable of selling fon’s services. They wouldn’t have been so strained to deploy their El Cheapo routers everywhere to achieve critical mass. It would also make fon hotspots that were out of range of visitors useful, as VPN endpoints. Fon expressed not one whit of interest in this idea. I do know the idea was brought to their internal meetings. They just wanted to be dream-sellers and merchandizers.

  3. What about EAP-TTLS? Doing the same but standardized?

Comments have been disabled for this post