SecuSpot: Toward cloud-assisted secure multi-tenant WiFi hotspot infrastructures

Despite the increasing popularity ofWiFi networks and the trend toward automated offloading of cellular traffic to WiFi (e.g., HotSpot 2.0), today's WiFi networks still provide a very poor actual coverage: a WiFi equipped device can typically connect to the Internet only through a very small fraction of the "available" access points. Accordingly, there is an enormous potential for multi-tenant WiFi hotspot architectures, which however also introduce more stringent requirements in terms of scalability and security. The latter is particularly critical, as HotSpots are often deployed in untrusted environments, e.g., physically accessible Access Points deployed in the user's premises (e.g., FON) or cafes. This paper proposes a Cloud-assisted multi-tenant and secure WiFi HotSpot infrastructure, called SecuSpot. SecuSpot is based on a modular access point and features interesting deployment flexibilities. These flexibilities can be exploited, e.g., to move security critical f unctions to the Cloud, and hence prevent eavesdropping even when deployed across untrusted Access Points. At the heart of SecuSpot lies a novel programmable wireless switch, the wSwitch. The wSwitch allows to (de-)multiplex the different tenants already on the HotSpot and to decouple essential security functions (association, authentication, and cryptography).