Guest Portal Use Cases

Guest portals are a common occurrence in the WLAN industry. They have been used for many different types of access scenarios with some criticizing their use as getting in the way of people wanting fast and free access to the internet. In this blog I want to contribute to this discussion with the proposition that due to the many different ways captive portals are used, there is some merit both from a business and security point of view for their use.

Starting with looking at WLAN access from a high level, there are several main business uses that are incorporated in designing user access. The most obvious first use case is your standard business user in a corporate network. This is the same user that we have been designing access for through most of the life of wireless technologies. Usually, due to security concerns, most corporations providing WLAN access use strong encryption and authentication methods to control access. There are, however, other types of users in a business environment. Some examples are outside vendors, visitors, subcontractors, temporary workers and most recently corporate employees bringing their personal mobile devices to work. The challenge for corporations providing access for these types of scenarios is that users outside of the traditional controlled access scenario are exploding and that puts pressure on the WLAN infrastructure which must be upgraded to keep up with demand. Until now, most corporations have used captive portals to control access so that only users sanctioned by the business have access to the WLAN.

Another group that has made heavy use of captive portals is large public venues such as stadiums, conference venues, airports, etc. This is distinct from smaller public venues such as coffee shops, restaurants, hotels or even airplanes. The challenge for large public providers is that in many cases the use of captive portals annoys the users and many will resort to alternatives such as MiFis to get around onerous signup forms and costly access plans. Security is less of a concern here than in corporate use cases but there are still concerns around users using the public venue’s access to download illegal content or perform active attacks on other users. Captive portals are often a mechanism here to provide users with notifications that their access is being monitored and that specific acceptable uses of the access are required to be met. The other side of this for large venues is that it costs a lot to maintain the public infrastructure for this access. With this in mind many large airports, for example, began by charging users for access. This has lead to it being common in large airports for users to use their mobile device for access rather than pay the associated fees. It has become apparent in recent years that many large venues have backed away from these fees and begun to see providing Wi-Fi as much more of a general infrastructure cost than something that end users should be charged for. The last challenge to using captive portals for large venues is one of scalability. Having 60,000 users streaming the last replay of a goal they just watched is challenging for the infrastructure to handle and requires a great deal of planning to achieve. I suspect many large venues will look to sponsorship as a way of meeting these costs so that free access becomes part of the experience of attending the game. This is where alternatives such as Hotspot 2.0 could make access for users easier and more secure than utilizing a captive portal as well as more scalable from an infrastructure perspective.

The smaller public venues, especially hotels, have long seen WLAN access as an additional revenue stream to help their overall business model. By charging users for access and using captive portals to collect the fees these businesses have been able to offset drops in revenue from the decline in hotel video rental, room phone charges and the cost of maintaining a high speed network to access the internet. Some business, particularly cafes and lower level business hotels, have begun to provide free access as an incentive for guests to stay but this is most often also accompanied by a terms of use captive portal and the need to obtain an access code. It will be a challenge for the smaller public providers to encourage users to actually use their WLAN, or stay longer in their cafe, with the increase in mobile devices and alternative access methods while finding a way of offsetting the cost to the business of providing that access at an acceptable level for many users. Many users detest captive portals for preventing them being easily able to access the internet and having to sign up multiple times with the different devices they carry. Viewing internet access as a utility provided as a cost of doing business has some value, however it can also be problematic as open access can invite users doing harmful acts that can incur additional costs above simply providing access. A recent report outlined many of these issues for hotels and pointed out that in higher end hotels (which more commonly charge for access) it’s often thought that Wi-Fi is something that has additional costs beyond the base room price as guests expect constant reliable connections beyond what the lower level business hotel’s ‘free’ service offers. Captive portals here are used to control access to the premium levels of service, with some hotels moving to a tiered model where you can get a slower access speed for free with the room price and the ability to pay for higher speed as needed. I believe this model is ripe for disruption where access is made easy for users and tiered connection speeds are still able to be paid for, adding the revenue used to maintain the service. I haven’t seen a compelling business yet offering this service, however.

The final group to look at is people providing location based access services. Although RTLS has been used for a number of years in hospitals and other situations requiring tracking of assets, there was not a huge use case for captive portals for traditional RTLS. In the last few years there has been an emergence of uses around tracking shoppers and other casual users that combines RTLS with a user registering either with a ‘social login’ or with a loyalty program of a retailer to track shopping habits so that physical stores and locations can have a better idea of what interests users in those locations. The value for this is specifically for optimizing the layout of stores for users to easily find what most interests them and for advertising in store displays that are personalized for the interests of the users. This can be done without the user logging in by using the more anonymous MAC addresses of the device However, this is just a modernization of traditional store based tracking that looks at items brought to optimize store layout. There is a privacy aspect to this as well, where an app installed by the user or a captive portal signup means a more positive acknowledgement of consent to be tracked and making the value to the end user more visible. This is similar to loyalty programs that track user purchases in return for offering addition discounts of interest. As usual there is a balance here between the users needs, in this case privacy and transparency into what their data is used for, and the value to the business of getting good info into the likes and dislikes of a customer in their store. Captive portals in this situation can be used to be more open with shoppers about what is being collected and how it is being used.

In this short tour of different use cases for captive portals I have attempted to show that the use or not of captive portals is not simply a matter of a single value to both end users and the businesses using the captive portal. There is friction on both sides as to the differing needs and it’s not an easy definition to say that captive portals have no use at all and just get in the way of users. At best it is a balancing act between the value to those deploying the portals and those who have to use them. At times, the value of making it as frictionless as possible to end users outweighs the business value. In other cases it may provide a much better value to both to have a captive portal.

Wi-Fi Calling with iOS8 and T-Mobile

I was sitting at home watching an Apple oriented video podcast that was discussing how Wi-Fi calling was now available in iOS 8 and that T-Mobile was one of the first carriers rolling this out. I realized that this may help me specifically with some of the dropped call issues I had been experiencing. I then grew curious, T-Mobile was offering a ‘customized’ router to subscribers that professed to offer home users better connectivity than their current gear. How did that work I wondered. With that I set about finding out by switching on Wi-Fi calling in my phone and doing some packet captures with the handy Remote Sniffer provided in my home Aerohive AP-370.

First of all I investigated how Wi-Fi calling actually worked. Digging around on the Internet turned up that it was a form of GAN/UMA that T-Mobile was using. Essentially this sends packets that would normally be sent over the GSM network via the Internet. With a bit more digging, however, I discovered on Reddit that T-Mobile used to use UMA but are now deploying IMS. The essential point for WLAN engineers such as myself is that we now have encrypted voice traffic going over our networks to the Internet which route to whichever provider is allowing their subscribers to use this service. As an aside, this isn’t a new thing as T-Mobile has been doing it since 2007 for Android phones.

Wi-Fi Calling Capture

So lets break down what’s going on here. T-Mobile being focused on the home use case is providing a high end router to customers which essentially provides QoS enabled connectivity so voice packets from their phones using Wi-Fi calling are prioritized properly for home users. That’s a win for them in that they will get great voice calls from their phones on their new router. What happens when those same users bring their phone into work and connect to the enterprise WLAN cause their office ‘just never had good cell reception’? Now we have a lot more devices doing what looks like ESP encrypted traffic that has voice priority (6) set on the packets.

Wi-Fi Calling QoS Capture

I would say as a WLAN designer, you should be taking into account that a lot of BYOD devices, specifically phones, will mean an increase in voice traffic on both your WLAN and the rest of your LAN. Read up on how it works at my pal Andrew’s blog, Revolution WiFi. I especially recommend his series of posts on Voice-Enterprise and Roaming.

The Internet of Cycling ‘IoC’ or Bike Area Networks

My good buddy, Devin Akin in a blog over at AirTight Networks has kicked off a discussion about a subject that is both over-hyped and under-hyped at the same time, the so called Internet of Things. Over-hyped because there are a lot of people running around breathlessly talking about how its going to change everything in the world and under-hyped because it’s actual real-world impact is going to be a lot more significant than we think. At least in my little corner of the security world. The way I’m going to emphasize this is by describing a bunch of ‘things’ related to one of my favorite activities cycling (BTW, that link is a very interesting article on cycling, you should go read it, seriously).

Back from a great day's riding

To give a little bit of history, I’ve been an avid cyclist since I was a very small scrawny kid and I made a deal with my mum to get a new ten speed where I saved up half the money from doing a paper run and she supplied the other half. I loved it Even into adulthood, I cycled every chance I could. I moved to Switzerland and cycled to and from work, to the UK, same, basically everywhere I could get my hands on a bike and the space to do it, I chose to cycle. This changed when I moved to the US in 1996 because I landed in Los Angeles. This city is one of the few that I have lived in which has a complete, unabashed love of the car. They built huge freeways just to prove it and celebrated going fast on them. What they didn’t build was places for cyclists and I had to drive long distances to get to work. I still had a mountain bike, which I rode when I could on trails away from the streets as much as possible, but I was not able to do it often as I wanted to.

My noble steed

After moving to Denver, I spent a good few years on the road almost constantly and during that purchased the above bike which I rode much less than I wanted to because, well, excuses. I one day had a wake up in that I discovered I was becoming decidedly unfit from to many years of eating well and not exercising well so I made a decision to change that. My way of doing that was to go back to something I know I loved to do and that to me felt natural, cycling to work each day. It was easy to incorporate into my daily routine as I was spending a lot of time working in a downtown Denver office now plus, no more excuses.

One thing that has really changed a lot about cycling now from when I did it a lot before moving to the USA is that now there are so many gadgets that can do things and tell you things about your cycling to keep your interest and enthusiasm up. I haven’t by any means purchased a lot of things, but I have a heart rate strap, speed and cadence meter which all connect via bluetooth to my phone which itself outputs what’s going on to a display built for that purpose. This is what the internet of things is about, giving you access to a whole lot of information you previously didn’t get from something you have or do and giving you the ability to use it in new ways. For me now, I can track my health while cycling, tweet messages to friends about how far I’ve ridden (automatically, as I’m riding) compile multiple statistics about my rides combining GPS and other data and uploading it to sites like Strava or RideWithGPS. This is great stuff and really lets me scratch my geeky itch about cycling.

To continue this a little more, I’m going to do a bit of speculating as to how this could advance even more in the future. You can criticize me later as to which come true and which never will. I can see bike riding as becoming more a ‘bike area network’ of sensors and various wireless devices. These devices, much as cars are beginning to, will talk to other riders, exchanging information as we ride, giving us useful feedback about what parts of the ride are congested and perhaps even giving us realtime mapping of different routes with travel times. I can see the bike detecting a possible blowout of a tire and flashing a warning, giving maintenance information that the chain needs oiling or even just more advanced monitoring of the rider’s health without anything more than putting your hands on the handlebars. The thing is, all this information won’t just stay in the rider’s phone or bike, it will be automatically and constantly uploaded to the internet with a minimal amount of effort.

I know what you’re thinking, people won’t want to do that, but people already do things like this all the time that take more effort, such as manually uploading data from their ride to Strava for all to see. If the manufacturers of the bikes and devices that do this make it easy and convenient for people, they’ll do it just to show other people what they are up to. The security issues here start as soon as people start to believe they can make money of hacking into those systems. Sure, Joe Blog’s ride and health data might be meaningless to anyone but himself and his ride buddies, but you can say that about a lot of data out there on the internet today that gets stolen from highly public servers. If someone is more important as well, perhaps Joe’s CEO who happens to ride with him, then the data gets even more interesting to nefarious types.

This is to me the next logical step beyond the wireless networks users are demanding at work. They will eventually want to be connected everywhere and with everything they can think of and use that data in new an unique ways to enhance their lives. Even if I just think about how much I’ve gotten from the few simple gadgets I have on my bike now, with an internet connection and see that we are really just getting going with it now, I believe there will be some amazing things that will arrive with the Internet of Things. The thing is, where there is a load of money to be made, there will be also a lot of people out there trying to steal a bit of it for themselves. That’s what is going to keep me busy and working for many years to come. Now perhaps I’ll just go off and patent ‘bike area networks’ while I still can.