Ruckus Wireless announced today (18 May 2015) at the Wireless Broadband Alliance (WBA) Wi-Fi Global Congress that it is introducing what it claims is the industry’s first commercially available products to be Wi-Fi Alliance (WFA) Passpoint certified for Hotspot 2.0, Release 2, effectively transforming how organisations offer and users securely connect to new public WiFi network services.
With Release 2 support of Hotspot 2.0, Ruckus Smart WiFi products now provide a standardised framework for how user credentials are created, configured and administered to client devices in a secure manner—streamlining and securing the client provisioning, and delivering the industry’s first integrated Hotspot 2.0, Release 2 online signup and provisioning server wireless LAN (WLAN) solution.
Though the industry has developed proprietary methods to load credentials onto WiFi enabled devices, these often come with additional cost and complexity, without providing airlink encryption. Hotspot 2.0, Release 2 fundamentally changes this with WPA2 encryption, while providing a way for users to know they are connecting to a trusted entity.
Operators and enterprises can offer users the ability to easily sign up to connect to Wi-Fi services in a simple and secure fashion using a standards based method for automatically loading credentials and mobile configuration parameters onto WiFi devices, while enabling vital airlink encryption.
Despite WiFi’s popularity, connecting to public networks or hotspots can still often be frustrating and subject to security concerns, due to the lack of encryption and the inability for a client device to validate the public network or hotspot.
“Several strong growth factors are feeding the rapid acceleration of the WiFi market and Hotspot 2.0 is clearly one of them,” said Richard Webb, research director for mobile backhaul and small cells at Infonetics Research (now part of IHS). “By simplifying and securing the client connection experience while providing seamless roaming between disparate WiFi networks, we expect that Hotspot 2.0 will have a profoundly positive impact that will drive a new stage of WiFi deployments.”
According to its biannual Carrier WiFi Equipment report, in the second half of 2014, Infonetics again identified Ruckus Wireless as the global carrier WiFi market share leader by revenue, which was also the case in the first half of 2014, making Ruckus the leader overall, by revenue, for all of 2014 with 21% market share. Infonetics/IHS forecasts this market will reach over US$2.6bn by 2019.
Transforming public Wi-Fi access and mobility
The exploding demand for wireless data is driving the increased use of public WiFi networks, creating new challenges to improve security and seamless mobility between different WiFi networks. Designed to address these issues, Hotspot 2.0 was developed to effectively automate the user process of connecting to, authenticating against, and roaming between different WiFi networks.
Hotspot 2.0, Release 2 introduces new capabilities that standardise the provisioning and lifecycle management of user credentials, such as how they are securely provisioned, stay valid, and are used in network selection and service policy enforcement.
Release 2 also provides flexible and automatic remediation of client devices that enables the ongoing management of user subscriptions, and any other policy changes that may be necessary. Until now, there has been no standard methodology to perform these functions, and no standard format for managing Hotspot 2.0 credentials on client devices.
Release 2 of the Hotspot 2.0 specification brings a higher level of WiFi security for public access, and more robust authentication, along with the ability for WiFi operators to optimise the WiFi user experience through better control of service policy preferences that can be automatically pushed to the client devices.
Additionally, once associated to a WiFi network, users are protected against eavesdropping and forging through WFA Passpoint certified WPA2 protected management frames (802.11w) and airlink encryption of user traffic. This also covers the on-boarding process that now can occur over a 802.1X network using anonymous-EAP, removing the need for an Open WLAN for provisioning.
With Release 2, the WiFi network, for the first time, can now advertise that it supports online sign-up (OSU), a standards-based mechanism that lets users signup for a credential that is automatically downloaded to their device.
A new Public Key Infrastructure (PKI) is also being put in place by the Wi-Fi Alliance to ensure that clients only sign up for a credential if the OSU server is validated. These same checks are used for the policy update and remediation functions of Release 2 as well.
Ruckus Hotspot 2.0, Release 2
To achieve Hotspot 2.0, Release 2 WFA Passpoint certification, several Ruckus ZoneFlex indoor and outdoor access points (APs), including the ZoneFlex 7372, ZoneFlex T300 Series, and ZoneFlex R700, as well as the Ruckus SmartCell Gateway (SCG) 200, have all demonstrated interoperability with other Passpoint-certified equipment.
Ruckus asserts that unlike competitive solutions that require customers to purchase multiple products, Ruckus now integrates within a single software solution, a WLAN controller as well as an online sign up and provisioning server to deliver all the essential services to support Hotspot 2.0, Release 2.
Additionally, the Ruckus online sign up system enables the next generation of ‘Bring-Your-Own-Device’ (BYOD), with the ability to use social media logins, including Facebook, Linkedin and Google, with Hotspot 2.0, Release 2 protocols, as well as support for enterprise-class authentication methods using LDAP, Active Director and AAA servers.
This allows social login or any enterprise credentials to be automatically provisioned to the device, so users don’t have to continually login when connecting to a Hotspot 2.0, Release 2 capable network. With this support, Ruckus is able to provide a single solution that supports legacy (Hotspot 2.0, Release 1) as well as emerging (Release 2) devices on the same network.
Hotspot 2.0 – not just for service providers
Many businesses allow employees to use their own devices, instead of a company provided device, to access the network and network services. But getting these myriad devices and users securely connected and authenticated to the network has presented many challenges within organisations.
The insecurity of today’s WiFi hotspots has been identified as putting enterprise data at risk when employees connect to WiFi hotspots, or fraudulent hotspots designed to collect users’ details.
Hotspot 2.0, Release 2 specifications address this concern by enforcing tighter authentication principles and enabling support for digital credentials – a mobile device’s SIM card, a conventional username and password, or a full X.509 certificate that must be validated for access to be granted.
“Hotspot 2.0 effectively democratises public WiFi access on a global scale, fundamentally changing how WiFi services will be used and offered going forward,” said Dan Rabinovitsj, chief operating officer at Ruckus Wireless. “Leading this new revolution in WiFi services is something to which Ruckus remains strongly committed.”