If you're like most people, you love to have access to the Internet when traveling. It is a great way to keep your office work going when on the road, and apart from anything else, getting e-mails at your hotel in Outer Mongolia makes you feel a lot closer to home. As it happened, wireless LAN technology was developing about the same time that Internet use was expanding rapidly, and it is not surprising that the two have become linked. Today there are an increasing number of places where you can power up your laptop with a Wi-Fi wireless LAN adapter and connect to the Internet. Locations such as airports, hotels, coffee shops, and even private homes are becoming hosts for the service. This chapter reviews the types of systems and different approaches to security you might encounter. We also point out some security risks if you are a user of such networks and what you can do to protect yourself.
What is public wireless access? This is not as straightforward a question as it might sound. Some countries such as the United Kingdom regulate the use of IEEE 802.11 for providing a public service. This has caused much discussion about what constitutes "public." For example, if your company allows visitors in the lobby to get access to the Internet via Wi-Fi LAN, is it providing a public service?
In its broadest sense, "public wireless access" simply means that any person who has purchased equipment with IEEE 802.11 capability can legitimately connect to an access point and get service from an open location such as a coffee shop. The only restriction on who may connect is that they might have to pay the required fees for the privilege. If there are enough access points installed in public places, IEEE 802.11 could eventually provide almost universal wireless broadband access in cities. In principle, it means that IEEE 802.11 could compete with the existing cellular phone infrastructure in the future?a prospect that rattles the huge telecommunications providers and makes venture capitalists drool with excitement.
It sounds rather simple to set up a Wi-Fi LAN hotspot, but several early players who launched into large-scale deployments in hotels found little financial success, and some went broke. So what went wrong?
There are two barriers to the growth of public Wi-Fi LAN. The first is what we will call the "fax machine problem," and the second is the multiparty nature of the business.
Facsimile machines have been around for almost a century, but sales didn't pick up until the 1980s, when they grew explosively. The barrier here was that it was no good being the only person with a fax machine?there had to be someone to send faxes to. It was only when a critical mass of fax machine owners was reached that ownership had real benefits, causing rapid acceptance. The situation is similar with Wi-Fi LAN hotspots. People won't buy an IEEE 802.11 card for public access until most hotels provide service. However, hotels won't install the required access points and network because customers don't have Wi-Fi LAN cards. This problem is being overcome now because so many people are using IEEE 802.11 in their homes and businesses; not only do they have the equipment, but it is installed on their laptops.
The multiparty barrier is only just being solved now, and different approaches are being tried. The issue is that, in each wireless hotspot, you have several players providing one piece of the solution and all hoping to make money out of it. For example, in a hotel you have:
The proprietor (hotel management)
The installer and operator of the local Wi-Fi access points
The provider of the connection to the Internet
The company that manages the access control and billing of the system
The company that sells subscriptions and provides customer service
The early entrants to the market tried to take on roles (2), (4), and (5) and negotiate directly with each hotel for installation rights. However, this meant that each location was limited to supporting a single supplier's service. People soon realized that it would make more sense if the location could support a range of different service providers and route the authentication and billing to the appropriate company when a user logs in.
Today, there are essentially three business models being deployed around these parties. We look at each briefly because the type of approach affects the security problem.
In this model a single company takes on the entire service provision. Often it focuses on one type of facility, such as hotels or airports. It may also provide regular wired Ethernet jacks in hotel rooms, with wireless used only in conference facilities or where wiring is difficult. To use the service, you must subscribe, which can be done on a monthly basis or on a daily basis when you are staying in a hotel. The subscription is only good for one service provider; so if the hotel where you are staying has access points from a competing service provider, you may have to subscribe to more than one service.
In this approach, the subscription process is separated from the network provision. When you sign on, your customer service and billing are handled by a company that does not actually own a wireless network but promotes a brand.
For instance, say the service provider promotes a brand called GetItHere. GetItHere has negotiated access with other companies that own and install wireless hotspots. This separation has several benefits. The "brand" company deals with marketing and customer service. It advertises the service and explains the benefits. Potential customers are told that they can get wireless access at any location showing the GetItHere logo.
The actual network can be provided by specialist companies, individual enterprises like coffee shops, or even private individuals. These providers can focus on running the network; they get paid based on how many GetItHere customers connect. Furthermore, this approach allows the network providers to support more than one brand-based service. For example, they could support both GetItHere customers and ConnectItUp customers. This model makes efficient use of available wireless hotspots and provides a wider choice of locations for customers.
Cellular phone operators have huge existing billing and customer service organizations. They also have a massive customer base. It makes a lot of sense for them to extend their service to cover Wi-Fi LAN access. Many people would like the idea of a combined bill for cell phone and mobile Internet access. The problem for the cellular phone operators is that their existing network architecture is not compatible with Wi-Fi LAN hotspots. While access points and cell phone base-stations perform an analogous role, the approach to installation and maintenance is quite different. Therefore, although they seem natural candidates, the cellular phone operators are moving cautiously into this area. If they succeed, they have a huge advantage from a business operations point of view.