Most wireless hotspots use open, unencrypted wireless networks. Guests using these networks risk information disclosure and system compromise. Operators risk registration portal bypass and in the case of pay registration systems, potential sensitive data loss. Copyright concerns, including new legislation in the United Kingdom and a court case in Germany, may increase the pressure on providers to provide secure registration services.
I am proposing a solution that would have the encryption benefits provided by WPA/WPA2-Enterprise without the requirement for client authentication. This is possible using a novel (but RFC compliant) application of the existing EAP-TLS standard. The effect is similar to a web browser connecting to an HTTPS web site - the server certificate is validated, but a client certificate is only needed if the server is configured to require client authentication.
I currently have this working in a lab environment. Using a modified open source RADIUS server, I have been able to establish a secure wireless connection from both open source and commercial wireless supplicants. Without modification these clients require a client certificate to be configured, although this certificate will never be requested. With minor code modifications, I was able to connect with wpa_supplicant without a client certificate configured. Closed source supplicants would need to be modified by their respective vendors to make this a reality.
Please read my research on Open Secure Wireless attached, and let me know what you think.
(Originally published 2010-05-19)