Mobile users have ever increasing demand for ubiquitous network access. To fulfill such demand, ISPs have to increase their base station density, resulting in significant cost. WiFi, being now commonplace, can be turned to a ready-to-use infrastructure. Apart from WiFi hotspots deployed by ISPs, home users start showing interest in sharing bandwidth with others.
However, today's WiFi hotspots, whether commercial or home WiFi shared (e.g. Fon) have the following drawbacks:
Social Networks provide a large scale, well established, ready-to-use social graph, and has high penetration in users' daily life. This makes social networks an attractive candidate for authentication services.
Our Social Network-Enabled EAP method (SNEAP) integrates the authentication services in social networks with the widely-adopted EAP framework. In addition, the extensibility of EAP and our software-based solution allow easy incremental deployment, and our chosen platform offers broad hardware compatibility.
Our goals & challenges:
SNEAP Solution Overview
SNEAP is a complete software solution, and its prototype uses the Facebook API. SNEAP mainly consists of three components:
Step 1. SNEAP AP Registration
We developed an Ajax application running inside AP's web admin interface, allowing owner to register his/her WiFi AP to our SNEAP Facebook application. Once authenticated, Facebook forwards the AP owner's Facebook ID and authentication token to our SNEAP radius server to finish the SNEAP AP registration process.
Step 2. SNEAP Client-AP Authentication
The SNEAP-enabled WPA-supplicant software first associates with the SNEAP AP, and carries out the one-way authentication with the SNEAP radius server. In this process, a TLS tunnel is established between client and AP, and therefore all the communication from this point onwards is secured. Also, the radius server notifies the AP to issue just enough Internet access for this client to complete the rest of the authentication operations. Next, the client authenticates with our SNEAP Facebook application. Once authenticated, the client will obtain an authentication token from Facebook, and forward the token to our radius server. Upon receiving the authentication token, the SNEAP radius server will carry out friendship verification for the client and the AP owner using the Facebook API. Lastly, the SNEAP radius server notifies the SNEAP AP to issue the full Internet access for the successfully authenticated SNEAP client.
SNEAP Prototype Screenshots
SNEAP AP Registration
the supplicant pops up browser for Facebook authentication