Security of customer data is one of the most critical elements of guest WiFi solution. Ability to secure customer data over guest WiFi separates enterprise-grade WiFi monetization solutions from the others. There are 2 levels at which the guest WiFi solutions must take care of customer data, first at the authentication stage and secondly during the browsing stage.
Data security at the authentication stage falls under the scope of providing secure access to guest WiFi, which is vital to the success of WiFi monetization.
Data sent and received on WiFi network during the browsing session of the customer has to be encrypted. Otherwise, it is vulnerable to hacking, man-in-the-middle, and eavesdropping kind of attacks. The encryption of data over WiFi went through 3 specific evolutionary iterations:
Wired Equivalent Privacy (WEP)
WEP is an old standard; it served the purpose for quite some time when it came into effect. However, due to an inherent limitation in the implementation of its encryption algorithm (RC4), the WEP key could be leaked out to an intruder.
WiFi Protected Access (WPA)
WPA came into effect to counter the issues of WEP. It became possible to crack through WPA and acquire the WPA key by merely waiting for the customer device to send a re-authentication request. WPA is now superseded by WPA 2.
WPA 2 is the ongoing standard for WiFi encryption. It uses advanced encryption standard (AES) and uses a fixed encryption key for authentication of all users. Both WPA/ WPA 2 enables Pre-shared Key Encryption for authentication under which both the access point and all the clients share the same key. The PSK is what is offered as a voucher to the customers for acquiring access to the WiFi network. Since PSK is shared on both ends, it might get compromised at one end without the knowledge of other ends.
Unfortunately, there are quite a few highly sophisticated mechanisms to cut through WPA/ WPA2. However, your customer data is more secure with WPA/ WPA 2 than not having any security mechanism. The cost of attack for the hacker must be justifiable for the level of investment they have to do to crack open WPA/ WPA2.
Most access point providers have already implemented mechanisms to counter the vulnerabilities of WPA/ WPA2 e.g., rotation keys.
Securing Data at Guest WiFi Solution Level
Guest WiFi solutions should be able to comply and complement with the WiFi encryption standards. Following are 3 innovative approaches to handle the customer data security at the guest WiFi level:
Guest WiFi solutions are privy to a deeper level of customer demographic and behavioral data. These data points can provide deeper insights into the risk profile of a user, device, or session. Based on these insights, it can enforce a user/ device or session to log out of the network.
Integrated Secure Web VPN
Guest WiFi solutions are ideally placed to offer an embedded web VPN for the end users, where the risk profile of the users is very high. A secure web VPN hosted within the guest WiFi doesn’t require users to do anything special. However, it routes all traffic through a virtual private, secure tunnel providing secure remote access to the Internet overall.
Cryptographic Identity Based Encryption
Identity is at the center of every transaction on the Internet. Guest WiFi solutions often use a public identity of the customer, such as their social id or their phone number. Guest WiFi solutions can provide integrated support for identity-based cryptography. The public identity of the customer such as email id, the phone number is used as the public key. Access points would have their own identity based public key. Guest WiFi solution provider or the host enterprise generates the corresponding private key dynamically for each authentication and browsing session. The communication packets between the customer device and the access point are encrypted using identity-based encryption. This approach renders the packets captured by MITM hacker useless.
While the data security threats and counter-measures are ever evolving, the methods, tools, and techniques to be employed in each scenario depend upon the business reasoning for employing it. The idea of security is to enable business over WiFi and not to destroy the customer experience; therefore, customer experience is a critical parameter in selecting the right data security measure.
CaptiveXS, a secure guest WiFi solution invests in identifying core security threats and works with the venue businesses to design, develop, and deploy custom guest WiFi solutions. Contact CaptiveXS today to evaluate your guest WiFi security posture.