Most public Wi-Fi hotspots use no encryption and hence, communication is not very secure. Using a VPN as discussed here and here solves the issue but very few people are actually aware of the problem and willing to take such measures. So far I thought there is little that can be done from the network side as the WPA Pre-Shared Key (PSK) method is ineffective if everybody uses the same key (password) as network monitoring tools can decode the encrypted traffic if the key is known and the authentication and ciphering dialogue is captured. But then I remembered that the University of Vienna offers secure Wi-Fi Internet access so I checked out how they are doing it.
It turns out that they are using individual EAP password authentication from which a Wi-Fi ciphering key (WPA2, AES) is then calculated. The username and password used in the Wi-Fi authentication process is the student's username and password for the campus network, stored at a central place for all sorts of purposes, including Wi-Fi authentication and encryption. As each student uses individual authentication credentials, monitoring the authentication dialogue will not yield the keys to decode the ciphered traffic later-on. A very elegant solution that just requires support in the Wi-Fi access point for WPA2 enterprise authentication. On the client side, support is already built into the operating system. It's quite clumsy to set-up with Windows XP but with Windows Vista, Windows 7, Linux and Mac OS the configuration is straight forward. It even works with Symbian and Android devices and the iPhone.
The only catch of this solution: The server certificate is not provided, that would have to be done offline, i.e. it's too complicated. That means that the device can't authenticate the network and hence a rouge access point could be used for a man in the middle attack.
Great post. :)
I don't think you have to worry too much about the catch either; with e.g. EAP-PEAP a server certificate is downloaded and installed the first time you associate with the network. This can be signed by a trusted authority (to protect against a rogue ap on the first association).
For added security you can tunnel the encrypted 802.11 frames over the wire. Take a look at www.anyfinetworks.com for a solution that uses this approach. This even protects against an attacker with physical control over the access point / backhaul.
Posted by: Björn Smedman | May 09, 2010 at 04:07 PM
You'd think there's be a scheme like this available where *only* the server was authenticated - for eg. airport wireless.
All traffic should be encrypted, but that shouldn't mean that every party needs to be authenticated. see: ssl.
Posted by: Fred | May 10, 2010 at 02:59 AM