First things first, there are many technical terms and acronyms out there that we’d like to help clarify. Here at Eleven, the solution that enables the revolutionary Wi-Fi experience we’ll be talking about in this blog series is called Personal Pass Key (PPK). Ruckus calls their solution Dynamic Pre-Shared Key (DPSK), Aruba has their Multi Pre-Shared Key (MPSK) solution, Cisco Meraki refers to it as Identity Pre-Shared Key (IPSK), and there are others.
Some other acronyms we’ll use in this two-part blog post are:
- SSID (Service Set Identifier): the name of your wireless network
- PSK (Pre-Shared Key): the password to your SSID; also known as passkey
- PAN (Personal Area Network): a network for interconnected personal devices
- WPA2 (Wireless Protected Access 2): security encryption protocol for Wi-Fi networks
Single PSKs and Captive Portals Don’t Always Cut It
When many of us think about logging on to a Wi-Fi network, it involves selecting our network SSID and entering the PSK to get connected. This Wi-Fi authentication method uses the WPA2 Personal protocol, which is intended for home use. The other type of encryption, WPA2 Enterprise, uses IEEE 802.1X for enterprise-grade authentication.
Access networks refer to the spectrum of Wi-Fi networks that are found everywhere between home and enterprise networks, including apartment buildings, shopping malls, hotels, universities, and many more. Today, most public access networks deploy a captive portal to authenticate and authorize the user and associate the MAC address of their device with their account. For some venues and industries, the captive portal experience works just fine. But for others, it’s a disruptive burden, especially as MAC randomization becomes more widespread and users will have to log in to a captive portal over and over again, leading to a lot of frustration.
Historically, SSIDs and PSKs existed in a 1:1 relationship on WPA2 Personal networks, meaning that only one PSK would unlock each SSID. Multiple people could have copies of the key, similar to door locks, but it’s still the same key. While using the same PSK for a few folks in the same house is fine, it won’t cut it for access network operators who need enhanced network control and security.
Revolutionary new technology now enables a single SSID to have multiple keys. While WPA2 Enterprise is still the gold standard for enterprise network security, WPA2 Personal with multiple passkeys enables access networks of all shapes and sizes to gain more control, offer more security, and improve the user experience without the added complexity or cost that comes with a WPA2 Enterprise network. In addition, while a WPA2-Enterprise network allows for more robust control over who has access to your network, it requires an external authentication system.
Rethinking Wi-Fi Access with Personal Pass Key
Eleven has leveraged WPA2 Personal encryption with multiple PSKs to create our Personal Pass Key experience. The beauty of Personal Pass Key is that it makes access networks more closely mirror the at-home Wi-Fi experience without forgoing enterprise-level control and security. Instead, individual users are assigned a unique PSK, select their SSID, enter their PSK, and get connected.
On the back end, Personal Pass Key enables administrators to control when and how users can access the network and automatically create and assign users to their own PAN. For example, if set up like a typical network using a single PSK, all users would be able to see each other’s devices, leading to poor security and user experience. On the other hand, a typical enterprise setting would not allow any devices to “see” each other, hindering everyday activities like screencasting and printing. With Personal Pass Key, we solve both of these challenges by creating a PAN, enabling you to see your own devices but not your neighbor’s.
Our Personal Pass Key experience was purpose-built for the multifamily industry, where the tenant Wi-Fi experience needs to be home-like in an enterprise-like setting. For security and experience reasons, tenants could not all share the same PSK and asking them to sign in daily via a captive portal is not realistic. Thus, the Personal Pass Key experience was born to serve customers including apartments, senior living facilities, university dorms, and beyond.
Better Network Security By Design
With one network per building, only authorized users will have access to the building’s Wi-Fi network. When multiple Wi-Fi networks are available in a traditional “bring your own ISP account” setting, it can be easier for a hacker to join a network, especially when users use simple, easy-to-remember PSKs. Also, each unique PSK makes it possible to differentiate each user from others on the network. So, even on an extensive network in an apartment building, your devices are isolated and only have access to your own devices. Other users on the network cannot interact with your devices.
Furthermore, there is virtually no chance for unauthorized users to spy on or monitor the network traffic. Data encryption in Wi-Fi is essential because no one else can view the data traffic coming in or out. A user with the correct PSK only has access to the data and information that they are utilizing. Someone could not watch or monitor the data fly by because of the shared radio spectrum. On a typical single PSK network, each device connected can be at risk of being monitored or watched to instigate malicious intent like identity theft or corporate espionage.
In Part II of our Personal Pass Key blog, we will discuss the user experience, the magic of our key matching service, and more. In the meantime, learn more about the Personal Pass Key experience.