white paper January 30, 2013Hotspot 2.0MAKING WI-FI AS EASY TO USEAND SECURE AS CELLULARToday’s cellular networks are being overwhelmed with data traffic,much of it being generated by the rapid proliferation of smartphones.The latest projections are for the industry to ship over 800 millionsuch devices in 2013.To deal with all this traffic, service providers are looking for technologies that cangreatly increase the densification of their networks. Wi-Fi is an excellent option here asit has access to upwards of 600 MHz of spectrum, supports dense AP deployments,is available on all data-centric devices, and it is available in all locations where peoplecongregate. These locations include stadiums, arenas, airports, convention centers,colleges, train stations, downtown city center and the like. Most of these venues areindoors, where Wi-Fi is an especially strong solution because of its enormous capacityand its ability to support neutral host deployments.Capacity and ease of deployment are only the first steps in enabling a carrier-classsolution. The industry is now focused on improving the Wi-Fi user experience whileroaming. The goal being to allow users to connect to visited networks as easily asthey can connect to their home network. And the easier it is to get connected to anetwork, the more likely it is to be used. This work is known as Hotspot 2.0 and isbeing driven by the Wi-Fi Alliance (WFA), which also certifies interoperability as part oftheir Passpoint program. The Wireless Broadband Alliance is also very much involved TMin the process through their Next Generation Hotspot (NGH) initiative.Hotspot 2.0 is focused on enabling a mobile device to automatically “discover” APsthat have a roaming arrangement with the user’s home network and then securelyconnect. This is very much the cellular experience that we all enjoy when getting offan airplane just about anywhere in the world. Wi-Fi roaming would apply anytime amobile device does not see an AP belonging to its home network provider. A usercould roam on a Wi-Fi network that is across town or on the other side of the world.Roaming partners can include MSOs, MNOs, wireline operators, public venues,enterprises, and basically any other entity that has Wi-Fi assets.Hotspot 2.0 capabilities are emerging in a series of releases, the first of which wascompleted in June of 2012 and certifications began shortly thereafter.
Hotspot 2.0 MAKING WI-FI AS EASY TO USE AND SECURE AS CELLULAR Figure 1: Hotspot 2.0 protocol stack HS 2.0 CREDENTIAL Network Discovery ANQP EAP Authentication and Selection Generic Advertisement 802.1X Service (GAS) 802.11 Hotspot 2.0 Release 1 Release 1 is focused squarely on over-the-air security and 2) If roaming is required, then the list of roaming partners that are network discovery and selection. The key enabling protocols are supported by that AP must be passed down to the mobile device IEEE 802.11u, along with IEEE 802.1X, selected EAP methods, via the ANQP protocol. This can be provided in the form of a and IEEE 802.11i. The latter three are part of the WPA2- PLMN (Public Land Mobile Network) ID, realm, or the organiza- Enterprise certification program in the Wi-Fi Alliance, and are tional identifier (OI): standard on all smartphones. While the certification is called • 3GPP PLMN ID (MCC plus MNC) would be the preferred “WPA2-Enterprise”, the end result is a process that is every bit method for a mobile operator. MCC refers to the mobile country as secure and easy to use as what exists in the cellular world. code and MNC to the mobile network code. The IEEE 802.11u protocol enables a mobile device to have a • NAI Realm List (username@domain name) would be the dialog with a Wi-Fi AP “pre-association” to determine the preferred method to identify most non-mobile operators like capabilities that the network can support. The two protocols that MSOs, wireline operators, and public venues. 802.11u uses to make this happen are the generic advertisement service (GAS) and the access network query protocol (ANQP). • IEEE Organization Identifier (6 hexadecimal digits that many These protocols run on top of 802.11 and enable the Hotspot 2.0 would recognize as the first 3 bytes of a MAC address). The experience (see Figure 1). WFA recommends that national and international SPs have an Organization Identifier (OI). The two primary use cases for OI are The Process of Network Discovery and Selection as follows: When a user with an HS2.0 capable mobile device comes within • A small number of OIs can be put in the AP’s beacon; if the range of a Hotspot 2.0 capable AP, it will automatically open up mobile device recognizes the OI, it doesn’t need to use ANQP a dialog with that AP to determine its capabilities. This is done to determine if it can successfully authenticate at that AP. This using ANQP packets that are carried at layer 2 by the GAS can conserve the mobile’s battery as well as reduce the time service (Note: the device has not yet attached and does not yet to associate. have an IP address). It is the exchange of ANQP packets that allows the mobile device to automatically learn the capabilities of • Some SPs may wish to sell subscription levels (e.g., gold, an AP. A few of the more important capabilities include: silver, bronze) in which not all subscribers have access at every AP. For example, gold users might have access 1) The domain name of the network operator. If the AP is part privileges at all APs in an operator’s network, but bronze of the user’s home network then no roaming is required and the users might not be authorized to use an operator’s APs in user can move straight to authentication. If the AP is not on the premium locations. OIs enable this use case. user’s home network, then roaming is required.page 2
Hotspot 2.0 MAKING WI-FI AS EASY TO USE AND SECURE AS CELLULAR It is possible that service providers might advertise roaming performance of mobile networks, as it reduces the airlink consortiums in more than one way. A mobile operator might traffic associated with the beacons generated by these advertise both a PLMN ID and a realm. The former is used for additional SSIDs. SIM-based devices and the latter for non-SIM devices (this is covered in HS2.0 Release 2). A wireline operator or an MSO Secure Authentication would only advertise their realm, as they don’t have a PLMN ID. Hotspot 2.0 also requires the use of 801.1X authentication. Captive portal based authentication is not supported in HS2.0. 1 3) Other attributes that can be relayed to the mobile device As part of the 802.1X authentication process, the following EAP include backhaul bandwidth and loading on the access network. methods must be supported: This is useful information if there is more than one AP that can roam with the user’s home network. Other details that are • If a mobile device has a Subscriber Identity Module (SIM), then passed down to the phone as part of the HS2.0 process include: EAP-SIM as defined in RFC-4186 • The operator friendly name (San Jose Airport for instance). • If a mobile device has a UMTS Subscriber Identity Module This can be displayed on the mobile device once the (USIM), then EAP-Authentication and Key Agreement (AKA) as connection is established and is fairly standard when roaming defined in RFC-4187. EAP-AKA’ (RFC-5448) will be required in on cellular networks. HS2.0 Release 2 • Venue type (stadium or hospital) • All mobile devices must support EAP-Transport Layer Security (TLS) as defined in RFC-5216 and which uses an X.509 • IP Address Type (v4/v6) digital certificate • Internet access or walled garden • All mobile devices must support EAP-Tunneled Transport • And more Layer Security (TTLS) as defined in RFC-5281) along with MS-CHAPv2 which uses username and password, with a server Once the mobile device learns the roaming partners and the side certificate identity of the AP operator, it invokes some basic, built-in network selection policies to determine which AP to join. The basic policy TABLE 1 provided by Passpoint Release 1 capable mobile devices is, in CREDENTIALS AND EAP METHODS IN HOTSPOT 2.0 the absence of [overriding] user-configured preferences, to prefer Credential EAP Method Hotspot 2.0 compliant APs over legacy APs (i.e., non-Hotspot 2.0 APs) and to prefer an AP operated by the user’s home operator Username / Password EAP-TTLS + MS-CHAPv2 over one operated by a visited operator. Users are allowed to Certificate EAP-TLS specify that certain Wi-Fi networks should always have priority and these would typically include the user’s home network and (U)SIM (if mobile has this credential) EAP-SIM, AKA, AKA’(Rel2) their work network. The ability of the mobile device to “learn” about Wi-Fi network WPA2-Enterprise also requires that the airlink be encrypted using capabilities pre-association will completely transform the Wi-Fi 802.11i. This addresses a security vulnerability with open access user experience. It will also completely change the nature of an or portal based hotspots that don’t provide airlink encryption. SSID (Service Set IDentifier). In the past, users and devices had Hotspot 2.0 plugs this vulnerability with 802.11i, which uses AES to “remember” SSIDs that have provided connectivity in the past, (advanced encryption standard) technology. This combination so that they can be accessed again in the future. These are of protocols is what enables Wi-Fi to be every bit as secure and typically SSIDs for which they have credentials or which provide easy to use as a cellular service. In addition, Hotspot 2.0 Release open access. With HS2.0 the importance of SSIDs will be 1 improves upon WPA2-Enterprise security by eliminating the reduced, and what really matters is does the visited AP have a so-called “Hole-196” attack. In these attacks, a device can forge roaming arrangement with my home network provider. In fact the broadcast or multicast frames (as if coming from a legitimate AP) notion of having an AP advertise many different SSIDs for to initiate its attack. different purposes will also be greatly reduced in favor of Hotspot 2.0 based advertisements. This should also enhance the 1 otspots using Captive Portal authentication are expected to be used in parallel with Hotspot H 2.0-compliant hotspots due to the need to service users’ legacy mobile devices.page 3
Hotspot 2.0 MAKING WI-FI AS EASY TO USE AND SECURE AS CELLULAR Figure 2: Authenticating a roaming user to their home network Visited Network (wireline, MNO Home Network cable, MNO, hotel, etc.) MNO AAA Server HLR/HSS AAA Proxy SWd SWx STa Local Breakout Internet SmartCell Gateway Figure 2 shows the process by which a user in a visited network credential that can be use to authenticate to an AP. Typically, can have their authentication request proxied back to the home there would be an indication on the mobile device’s UI that network. In this example the visited network could be an MNO, signing up for a subscription (and subsequent credential MSO, a private enterprise, a public venue (such as a hotel, provisioning) with a particular SP is available at that AP. If the convention center, airport, etc.), or wireline provider. Wi-Fi greatly user is interested in acquiring a subscription (either paid or free), expands the universe of possible roaming partners, and thus the the user clicks on the SP’s icon or name and the credential utility of a Wi-Fi network. provisioning sequence is launched. Hotspot 2.0 employs public key cryptography so the mobile device has proof that it’s Settlements and the Business of Roaming connecting to a provisioning server (aka the Online Signup server) Hotspot 2.0 will greatly enhance the opportunities for Wi-Fi operated by the user’s choice of SP and not a rogue server operators to monetize their networks through roaming operated by an attacker or some other SP. The type of credential arrangements with other providers. These providers can to be provisioned is chosen by the SP from the following list: include MNOs, MSOs, wireline providers, and a wide variety • User-provided username and password of enterprises including hotels, convention centers, hospitals, airports, etc. This also queues up the very important subject of • SP-provided username and password. In this case, the settlements, which are used to make sure all operators (mobile password can be quite long thereby minimizing the likelihood or wireline) get paid for services rendered, if appropriate. In of a successful dictionary attack. This is not a problem for 2012, WBA updated their WRIX service specifications, which the user since it is loaded directly into the mobile device’s governs settlements and billing. Key elements include WRIZ-i connection manager. (interconnect), WRIX-d (data clearing), and WRIX-f (financial • SP-provided x.509v3 client certificate issued at the AP using settlements). These services can be deployed by the home and the EST (Enrollment over Secure Transport) protocol under visited network providers, either directly of through a 3rd party development in the IETF. WRIX service provider. • SP pre-provisioned client certificate. This certificate can be Hotspot 2.0 Release 2 – Credential and provisioned by any out-of-band method the SP wants to use policy provisioning and typically would be done before the user obtains their In release 2 of Hotspot 2.0, the WFA is focusing on how to mobile device. provision security credentials and network selection policies • Mobile-device provided manufacturing certificate. on a user’s device. The credential provisioning process can be initiated by the mobile device when it is not in possession of apage 4
Hotspot 2.0 MAKING WI-FI AS EASY TO USE AND SECURE AS CELLULAR Figure 3: The untapped market for non-SIM devices Millions of devices in use, worldwide 5,000 4,000 Smartphones Tablets 3,000 Laptops Desktops 2,000 1,000 0 2001 2003 2005 2007 2009 2011 2013 2015 Credential provisioning can be used with smartphones, tablets, process is that these credentials end up stuck in the browser laptops, and almost anything else that uses Wi-Fi connectiv- cache instead of the connection manager. This prevents the ity. What is compelling about this approach versus legacy connection manager from automatically using them the next time approaches that use the MAC address or a cookie to identify they’re needed for Wi-Fi network access. the, is that it supports roaming and a secure airlink. Not only In Figure 4 on the following page, we show the series of steps can the user automatically connect to APs belonging to the that the user must go through to acquire credentials as well as the operator for whom they signed up for the service, but also with process to get connected each time. This involves several manual any roaming partners of that operator (if that feature is enabled in steps, which must be carried out by the user. Non-technical users the service package). The ability to automatically connect to the typically don’t understand these steps, which can lead to unsuc- Internet from a wide variety of access points, using a wide variety cessful provisioning. In pre-Hotspot 2.0 deployments where the of devices, will greatly increases the utility of a Wi-Fi service, and mobile device is spoofed into joining an attacker’s Wi-Fi network the more transparent the connection process the more likely the (e.g., the so-called Evil Twin attack), the user can end up installing service is to be used. rogue credentials or trust roots on their mobile, wreaking havoc (in Credential provisioning (aka online signup) opens up new the future) for the user. This entire process needs to be simplified revenue opportunities for service providers, as there are for both the user and the service provider. hundreds of millions of Wi-Fi enabled devices that do not have With Hotspot 2.0 credential provisioning as shown in Figure SIM-cards (see Figure 3). This list includes tablets, digital 5, the user is directed to a portal where they signup for a cameras, and laptops to name a few. They will need the same service and provide credit card info or some suitable payment secure and transparent connection experience while roaming method. After that, an OMA-DM (Open Mobile Alliance – Device that already exists in the cellular world. Management) MO (Management Object) containing the provi- sioning data is sent to the mobile device’s connection manager A Closer Look at Credential Provisioning without any further user actions. This ensures the connection Today’s credential provisioning process (for non-SIM devices) manager can automatically use the newly provisioned credential involves quite a bit of user interaction to set up the service, the next time it’s needed for Wi-Fi network access. acquire a credential, and get connected to the network. Another problem with today’s username and password provisioningpage 5
Hotspot 2.0 MAKING WI-FI AS EASY TO USE AND SECURE AS CELLULAR Figure 4: Credential provisioning without HS2.0 support First Time Registration 1) Connect to 2) HTTP redirect to 3) Enrollment triggers a 4) Click “Install” “register” SSID (open) enroll Portal page certificate download downloads a certificate First Connection 1) Connect to “Secure- 2) Set mode to TLS, select 3) Automatic secure Internet”, pop-up certificate under connection until prompt “Identity” certificate expires / revoked * Using iOS 4.x Figure 5: Credential provisioning with HS2.0 support First Time Registration Subscribe 1) HS2.0 -AP+ no subs cr iption 2) Subscriber enrolls means automatic offering using Portalpage 6