SmartWhisper: Automated collaborative authentication with minimal human intervention in secure wireless enterprise 802.11 networks

Providing a usable and secure mechanism for admitting guest devices into enterprise 802.11 WLANs with minimal human intervention is a challenging problem. Several collaborative mechanisms that may be applied to this problem have been proposed in the past. However none of the existing mechanisms can be made to work in an enterprise environment without either human assistance or online presence of a trusted third-party. Some of these mechanisms depend on human-assisted aural or visual verification and therefore are less desirable from the point of view of security as well as usability. In this paper, we propose a novel mechanism called SmartWhisper for permitting guest-devices into secure 802.11 Enterprise Wireless LANs (WLANs). We extend the standard 802.11i architecture with an Access Control Server (ACS) for supporting decentralized authorization, and Trust-Bootstrap Gateways for fully automated collaborative authentication between new guest-devices and ACS. The 802.11i Authentication Server is integrated with the ACS to support secure wireless access for guest-devices. The SmartWhisper system successfully addresses most of the security and usability issues which earlier mechanisms have not been able to address, while still being scalable and lightweight. We also report the initial set of performance results of our system prototype implementation.