This week's theme for the the National Cyber Security Awareness Month (NCSAM) is "critical infrastructure and the internet of things" with a big focus on securing devices that are connected to the Internet. In conjunction with this theme, this week we're writing about the latest improvement in WiFi security—Passpoint release 2—and securing WiFi signup services with SecureWiFi Certificates.
The Wi-Fi Alliance is an association that sets standards and certifies WiFi-capable devices for interoperability and security. Passpoint was launched by the Wi-Fi Alliance in 2012 as an "industry-wide solution to streamline network access in hotspots and eliminate the need for users to find and authenticate a network each time they connect."
Passpoint automates the entire process of searching for and choosing a network, requesting a connection with the access point, and entering authentication credentials.
Last week, the Wi-Fi Alliance launched the second release of Passpoint. In this release, they announced that they would now be using digital certificates to authenticate signup service providers and secure user data during the signup process. These digital certificates are specific to the Wi-Fi Alliance and chain to a private WiFi root certificate.
DigiCert was chosen as one of two providers to offer these WiFi certificates because of our reputation as a thought leader and advocate of security best practices.
Like other types of certificates, to get a DigiCert SecureWiFi Certificate the applicant must undergo a validation process. This validation process ensures that those service providers using SecureWiFi Certificates are legitimate and trusted providers.
When a service provider has a WiFi certificate, a logo and friendly name will appear to end-users who are looking for a Internet service provider on mobile WiFi networks. This logo and friendly name only appear once the end-users device has checked that the WiFi certificate on the OSU (online sign-up) server is legitimate using the WiFi root on the device.
Once the user selects a service provider, all connections between the device and the OSU server are encrypted (credit card info, user credentials).
By 2018, the global mobile data traffic will have increased to over 190,000 petabytes (ABI Research WiFi Report, 2014). Increased public WiFi accessibility will help offload 3G/4G mobile Internet and is a more cost-effective method of transferring data for both mobile carriers and users.
However, end-users' security concerns threaten WiFi growth. Attacks targeting users on public WiFi networks are increasing and becoming more high-profile—and users are more wary than ever in connecting to an unknown network or service provider.
Like SSL Certificates on the web, SecureWiFi Certificates will help boost user trust in public WiFi networks and service providers, as well as doing business on public WiFi networks by authenticating legitimate providers and securing sensitive data.