secure Wi-Fi roaming with 802.11u protected PassPoint

Mobile Authentication with 802.11u

Jake Ludin Consumer Protection, Education

Mobile Authentication with 802.11u

As mobile device users continue to expect stronger roaming connections and faster data speeds, Wi-Fi Alliance developed PassPoint to meet these high standards. It allows users to easily transfer from wireless network to wireless network as they travel and enjoy a seamless wireless connection.

But the risk many might anticipate is how to safely authenticate and protect your sensitive data as you switch from network to network. Within the 802.11 authentication protocol, 802.11u was designed for secure and streamlined authentication.

Mobile Authentication with 802.11u

802.11u is an amendment to the IEEE 802.1 standard, that allows the implementation of Hotspot 2.0 (also referred to as PassPoint) to enable smartphones, tablets, and other mobile devices to roam between participating Hotspot Wi-Fi networks and maintain a strong connection without any user interaction. Similar to roaming between cell phone towers, the device will continually search for and connect to the strongest wireless network it can authenticate to. Hotspot 2.0 also offers increased authentication security, which allows organizations to associate a Unique ID with their Hotspot and ensures devices don’t connect to imposter networks that are spoofing an organization’s ID.

Authenticating to Hotspot 2.0

Beyond simply enabling Hotspot 2.0 with secure authentication, 802.11u brings with it a number of strategic advantages. Users connected to Hotspot-enabled networks benefit from enhanced Data Transfer Rates (DTR) that provide faster connection speeds and allow more data to be processed by the device.

802.11u and Passpoint and Hotspot 2.0 work together for secure authentication

There is also a large amount of pre-connection data that users collect about the Hotspot network before they connect. Information such as the type of network (public or private), the venue through which the network is offered (university, business, residence, etc.), and network connection speeds.

Because 802.11u allows contactless connection to wireless networks, users are always connected to emergency services. Emergency Alarm Systems (EAS) are able to transmit vital information to users who may otherwise miss the important message, and users can always contact emergency services through this 802.11u secured connection.

802.11u Data Transmission Protection with Certificates

A concern some users may have about utilizing 802.11u and Hotspot 2.0 is the prospect of sending identifying information over-the-air. If the communication was intercepted through a man-in-the-middle attack, or other credential theft attempt, they put the data on their mobile device at risk of theft.

While devices can identify their organization through their Unique ID and reduce the risk of credential theft, but it requires end users to set up their device properly. This can be a risk, as it only takes one misconfigured device and the network is at risk. This is why we recommend organizations to use Onboarding Software, which eliminates the risk of misconfiguration by configuring settings for users.

SecureW2 has been an industry-leader in secure authentication by moving users away from credentials to certificate-based authentication, and providing the #1 Rated Onboarding Software in the industry. Certificates cannot be read by an outside actor thanks to public key cryptography, and they cannot be transferred to another device thanks to the advanced technology that is deployed when our easy-to-use JoinNow Onboarding Software configures the device.

Diverse authentication capabilities with Hotspot 2.0 and 802.11u

Secure authentication and uninterrupted wireless connection are the pillars that support the growth in wireless computing. 802.11u allows users to stay connected no matter where they are, and SecureW2’s certificate solutions ensure that connection is protected. Check out our pricing page to see if a transition to certificates is right for your organization.


Learn About This Author

Jake Ludin

Jake is a Marketing graduate from the University of Wisconsin – La Crosse. Besides the Wisconsin staples of eating cheese and wearing t-shirts in winter, he is often quoting from obscure 70s movies and longboarding along Lake Michigan.