Network-in-a-Box Solution

High-profile security vulnerabilities in the first generation of IEEE 802.11-based wireless networks kept them from being deployed by many corporations.  Today's best available standards for securing wireless networks, IEEE 802.1x (and follow-on standards WPA and 802.11i) can be very difficult to configure and deploy. In their most secure configuration, they require every network client to obtain and install a digital certificate and participate in a PKI (Public Key Infrastructure). Even large corporations can find this too difficult to deploy in practice, and it is well out of reach for small-office or home users.

PARC's solution takes this industrial-grade security technology and places it within reach of home users and small businesses, by making it simple to use and easy to configure. PARC's approach reduces wireless network security to intuitive physical security actions—a simple model that all users can understand.

Features

• Allows an average user to add a computer to an industry-grade 802.1x -secured wireless network.
• Takes less than 60 seconds and involves just 2 simple steps.
• Turns simple, intuitive physical-secuity actions into wireless network security
• Autoconfigures itself into a secure network

How It Works

A user wanting to set up a small network plugs in their new access point, enabled with PARC's technology, which autoconfigures itself to form a secure network.

The first time a user wants to access that secure wireless network with a new device, s/he simply takes the device and "points out" (e.g., through touch, infrared, sound, or capacitive signaling) the PARC-enabled access point serving that network. After exchanging a small amount of cryptographic information to establish "trust" over the link, the device is now able to make a secure wireless connection to the access point. The access point issues a digital certificate to the new device over this secure, authenticated connection, and the device automatically installs it and configures itself to use the new network securely.

Securing Enterprise Wireless Networks

In an enterprise setting, PARC's technology makes it easy for systems administrators to enable users to configure their own wireless devices according to the organization's security policy.

A user would take a new device such as a laptop to an "enrollment station", and then "point" (e.g., through touch, infrared, sound, or capacitive signaling) to the device, indicating his/her desire to enroll the laptop in the corporate wireless network. This enrollment station could optionally allow a human operator to intercede in each request—for example, to verify employee identity, add specific configuration information for particular devices, and so on.

After this initial exchange of trust information, the user can return to his/her routine. At a later point, potentially after additional offline operator review, the user is informed by e-mail that his/her digital certificate is ready. The user's laptop retrieves and installs the digital certificate using PARC's enrollment software, and configures the laptop according to any policy settings provided by the enterprise's IT staff.

This entire enrollment process can be performed securely using the corporate WLAN without requiring the user's laptop to have any alternative source of wireless or wired network access. The entire enrollment process requires less than 2 minutes of the user's time, while traditional approaches to certificate enrollment and network configuration can take over 2 hours.

Applications

• Can be applied to consumer use, small office/home office settings, ad-hoc networks, and can be scaled to manage enterprise-class wireless networks
• Interoperable with a wide variety of commercial devices and technology
• PARC's approach to simplifying PKIs and network configuration has been used to manage the configuration of VPN (Virtual Private Network) client software, and could easily be extended to simplify almost any PKI-enabled application