The development of secure interface system for wi-fi internet access using blended approach of captive portals and key verification techniques / Kamarul Ariffin Abdul Basit … [et al.]

Wi-Fi technology has become one of the common ways to establish a connection to the Internet. However, the current implementation of Wi-Fi does not offer enough security protection. The security problems in Wi-Fi have become quite well-known to the public and this matter indirectly has opened a doorway to many people with adequate ICT skills to bypass the Wi-Fi security protection. One of the things that entice people to break the Wi-Fi security is that they could use the internet access as much as they want without having to worry about the charges on the Internet usage (i.e., using Internet for free). One way to tackle this problem is by adding another level of the Wi-Fi security protection. We proposed to blend the ‘captive portal’ strategy with ‘key verification’ techniques in order to improve the security system in Wi-Fi. We developed an information system known as ‘Secured Interface System’ (Sis) that linked to the Wi-Fi infrastructure. Our approach should force all users in the environment to register in our SiS and get an electronic key before they have the permission to access the Internet. This technique could be seen as a twofold strategy in order to harden the security protection of Wi-Fi system. The first protection is when any user tries to use the Internet facilities (through the communication to the access point), their device will be directed to our SiS. This system uses the captive portal technique in which it accepts the request of HTTP from the users on a network and displays a special web page before allowing the users to connect to the Internet. This captive portal has the ability to convert a web browser into an authentication device. In the beginning phase, users have to register by entering their details into SiS. The system also requires some specific user information with respect to the organization that supplies the facilities of the Wi-Fi systems in their place. Given the hotel as an example, the specific information demanded by SiS could be the user’s room number or payment receipt number or any special id provided by the hotel management in order to justify that users are actually the legitimate hotel’s resident. The user’s details are then being kept in a database. After users complete the registration, the Interface System should require them to apply for a verification key. The mechanism of verification key could be described as our second protection. The ‘symmetric key algorithm’ was used to build up the keys for every registered user. The key of a particular user has to match with his/her account. When a registered user wants to use the Internet via the organization’s access point, he/she has to login to the SiS by supplying the correct username and password as well as the key. The SiS will then process that information to determine whether the user is a legitimate user or not. The legitimate user will be granted permission and the non-legitimate user will be blocked to use the Internet facilities. We built a simulation environment that describes a scenario of implementing the SiS to a Wi-Fi system. The simulation results have shown that our system has worked well with the Wi-Fi system. The results of the penetration test to the Wi-Fi system which include the Interface System indicated that the security protection to access the Internet via Wi-Fi improved.