Private PSK increases security for those who can’t get everyone on 802.1x. But didn’t Ruckus do this already?
Wi-Fi vendor Aerohive has introduced a scheme to make Wi-Fi more secure, authenticating individual users on a company network, even when the network doesn’t use the top privacy option offered by Wi-Fi standards.
The most secure corporate Wi-Fi networks use the 802.1x standard, included in Wi-Fi’s WPA2 security spec. This refers any users to a company authentication service such as Radius. However, Wi-Fi also allows for an alternative , WPA-Personal, in which all users use one pre-shared security key (PSK). That is intended for small offices that don’t have a Radius server – but is much more widely used in large offices, in practice, says Aerohive.
“Companies are using PSK because they have legacy clients that can’t handle WPA2, or because they have guest users,” said Adam Conway, vice president of product management at Aerohive. “It doesn’t matter if the majority of users are authenticated by 802.1x, the network is only as secure as the weakest link.”
Aerohive’s Private PSK distributes different pre-shared keys to each new client. They are sent by email, so the user must access email by a different route (say a Blackberry or shared terminal) to get the key for Wi-Fi access. Because there is one key per users, the company can apply different policies to each user, giving them access according to their business role.
The system may not be unique, however, as Ruckus Wireless announced a similar system, Dynamic PSK, last October. Both companies claim to have patents pending on the technologies.