ALAWN Project

The ALAWN (Authentication and Legal Access in WiFi Networks) aims at developing new techniques and protocols to allow owners of WiFi networks to securely share their network and Internet access with visitors.

The internet has been transforming work and leisure. 10 years ago, having internet access at home or during travel was reserved to only a few researchers or specialized computer scientists. Today, Internet access is a necessity for many professions. WiFi technology has become one of the basic network access methods, both for companies and for individuals. Moreover, most laptops and many VoIP mobile phones are equipped with a WiFi interface.

Today, two kinds of techniques are being deployed to provide WiFi internet access in a company’s facilities. Some companies (willingly or not) leave their WiFi network open and hence provide internet access without restriction. This open access yields serious security threats, since a hacker can easily take advantage of this to attack distant systems. The other technique is to control network access via methods such as WEP, WPA, or 802.1x. Unfortunately, these techniques imply significant user handling and management costs.

The objective of ALAWN is to develop a WiFi network access control architecture that is both secure and fit for wide-scale use, allowing a large number of organizations to mutualize their WiFi networks. The goal is to allow each member of a participating organization to use – possibly against some fee – the WiFi network deployed by another organization. In order to reach this goal, project partners are tackling three main challenges.

The first challenge is legal. One must first identify the legal framework that applies to such networks and establish whether, according to the national law and European Directives, they must be considered as a service provided to the public or not. Constraints regarding privacy, liability and trafic data retention which should be applicable to mutualized networks must then be identified.

The second challenge is technological and deals with security. To avoid malevolent actions from a visitor endangering or incriminating the visited network, the developed solution opens a secured tunnel allowing the visitor to access his home network, and only this one. The home network can then allow the visitor to access, from this tunnel, other destinations and possibly the full internet, but this access will then be viewed by the external world as originating from the home network. This secured aspect protects thus, on the one hand, the visited network, that does not have to worry about the visitor’s actions and, on the other hand, the visitor, who is certain he does get connection with his home network, without the need to trust the visited network.

The third challenge is that of solution acceptance. For such a solution to be commercially accepted, it must be possible to implement it in existing WiFi networks. A prototype of our system is being developed for implementation at some partner's facilities so as to provide us with operational feedback on our protocols.

Research Project funded by the Division de la Recherche et de la Coopération scientifique de la DGTRE