Wi-Fi: Rich Airwaves

The Wi-Fi services have started making their presence felt in In dia. Signs
of Wi-Fi services at airports, hotels, convention centers, cyber cafes, and
coffee outlets are much evident. Most of the telecom service providers,
including ISPs, have got on to the Wi-Fi bandwagon. This includes state-telcos
BSNL and MTNL as well. Most of the push has actually come from ISPs such as
Dishnet and Sify. While Sify has almost blanket coverage in Bangalore, Dishnet
Wireless has also joined the race by launching a countrywide initiative to
provide Wi-Fi services. There are approximately 250 active public hotspots in
the country. According to an estimate, there are 200 hotels in India, which are
Wi-Fi enabled. Almost all major airports are also Wi-Fi enabled. There is no
doubt that a beginning has been made and the number of users is increasing
slowly. Besides these public places, large and medium enterprises are also using
it for their internal access. Then, there are home users who are using it.

Challenges

The
idea of wireless Internet access has not really caught the fancy of Indians. For
example, even though GPRS services have been on offer for more than four years,
they have only a handful of subscribers. Lack of good user experience owing to
slow data rate has been the main deterrent. Wi-Fi was thought to be a step ahead
of GPRS for mobile wireless access, through laptop, as the technology allowed
for much higher speeds. But, technical glitches, security-related issues, and
lack of aggressive pricing have added to the woes of Wi-Fi users. According to S
Kailasanathan, managing director, Microsense, "The main challenge faced by
Wi-Fi service providers (WISPs) is to bring about a lifestyle change. Laptop
owners will need to feel that Wi-Fi access is the best way for them to access
the Internet, as they move around the city or travel to other cities."

Due to lack of any quality of service norms, the Wi-Fi experience that most
of the users have is far from satisfactory due to several technological
glitches. Pricing of the service and billing related problems persist.

According
to Harish Chib, VP operations, Elitecore Technologies, a provider of convergent
billing, provisioning, and customer acquisition solutions and Internet
management solutions, "Finding a cost-effective and highly efficient
billing solution, delivering quality of service, interoperability with other
Wi-Fi hotspots or networks, and security are some of the challenges faced by
service providers." There are challenges on the equipment front also. Says
Chib, "Equipment vendors face the problem of larger area access with
limited access points. This in turn translates into an infrastructure and cost
problem for service providers."

Service Provider Push

For W-Fi service to become a success, it has to be on a large scale and
users should get anytime, anywhere access. Things seem to have moved in this
direction. The launch of Wi Fi services by the state telcos-BSNL and MTNL-is
a step in that direction. BSNL's current focus is on providing wireless access
to major airports while MTNL under the WiFine brand has made a silent foray into
the Wi-Fi domain. But, BSNL plans to expand its Wi-Fi network further. MTNL
currently offers services 12 locations in Delhi and Mumbai. In Delhi, it offers
services at Pragati Maidan, India's largest convention center, where large
number of laptop-wielding corporate users throng. It is also offering services
at domestic terminal of Delhi airport. This was preceded by aggressive and
ambitious rollout of Wi-Fi service by Dishnet Wireless, a division of Sterling
group. After selling its DSL services to Tatas, the company is focusing on new
areas such as Wi-Fi and WiMax. It is already providing Wi-Fi acess at Barista
coffee chain, also owned by the Sterling group. Incidentally, since April 2005,
Tata Indicom which started Wi-Fi service in July 2003, decided to discontinue
the service and agreed to transfer the assets to VSNL for

Rs 2.99 crore.

Then there are companies like

Microsense, whose primarily focus is a revenue share model with hotels and
coffee outlets. It recently entered into an agreement with Café Coffee Day to
provide Wi-Fi Internet service to visiting customers. More than 50 Café Coffee
Day outlets have been already made Wi-Fi enabled. Apart from this, it also
operates services in 60 hotels across 19 cities, which include: Taj, ITC
Welcomegroup Sheraton, Le Meridien, Park Hotels, Marriott, Hyatt, and Shangri
La.

Favorable Regulatory Atmosphere

The Broadband Policy 2004, treated terrestrial wireless as an upcoming
technology platform for broadband and decided to delicence 2.40—2.48 GHz band
for low-power outdoor use on nonprotection, noninterference, and nonexclusive
basis. It also facilitated the notification regarding delicensing of 2.40—2.4835
MHz band for low-power indoor applications, permitting use of all technologies,
which inter alia include those based on IEEE 802.11b and 802.11g standards.

Further, the government has also decided in principal to delicense the 5.15—5.35
GHz band for the indoor use of low power Wi-Fi systems. For the purpose of
outdoor use, the band 5.25—5.35 GHz would also delicensed in consultation with
the DoS (department of space). It was also decided that delicensing of the band
5.15-5.25 GHz would be considered after the process of vacation.

Local Government Initiatives

Apart from service providers, there has been increased enthusiasm amongst
the state governments and smaller cities towards Wi-Fi. Mysore has become one of
the few cities in the world with a citywide wireless Internet network. The
solution was provided by WiFiyNet. More such initiatives are likely to
accelerate the growth of Wi-Fi citywide network.

Simplify the Process

Service providers and the location owners (hotels, airports, etc.) need to
work together to simplify the procedure for cutomers to get hooked onto to a
Wi-Fi network. Currently, the customers are experience immense difficulties, as
donot have access to any information about the availability of Wi-Fi service and
the ways of using it. The process of getting a Wi-Fi card and hooking on to the
network should be streamlined to provide hassle-free access to the corporate
users. The ideal situation would be a prepaid card, which can work across
locations and multiple hotspots, just like roaming on a mobile network.

Sudesh Prasad

"WISPs need to bring about a change in lifestyles"

S Kailasanathan, managing director, Microsense

What has been the response from your customers to the Wi-Fi service?

For obvious reasons, response from customers in the premium hotels and
airports has been good. In the lower class of hotels, laptop carriers are fewer
in number, but as the number of laptops grows, usage in such hotels is expected
to grow. Usage in coffee shops has also been satisfactory.

What are the challenges faced by the service providers and equipment
vendors?

The main challenge faced by Wi-Fi service providers (WISPs) is to bring
about a lifestyle change. Laptop owners will need to feel that Wi-Fi access is
the best way for them to access the Internet as they move around the city or
travel to other cities. As the number of hotspots increases, customers realize
that wherever they are there is a Wi-Fi hotspot close to them, usage will grow.

Do you think vendors have been able to address the issue of security in
Wi-Fi?

Security in Wi-Fi is sufficiently addressed in the infrastructure by
Microsense. Corporate users login day in and day out at our hotspots for
accessing VPN, including multiple users making simultaneous connections to the
same corporate VPN server. This is a feature tested and verifed by the Intel
Wireless Verification Program. Intel has verfied our hotspots to be in
conformance to their standards.

Even noncorporate users, who do not use VPN, can have secure connectivity but
this is a matter of not only the infrastructure at the hotspots, but also
settings in their laptop. A program of educating the users is required as we go
forward.

Wireless security options

By itself, there's not much IT professionals can do to strengthen Wi-Fi
security, beyond making sure standard defaults are reset and stronger SSIDs are
used. That said, there are plenty of additional security options and add-ons
that savvy IT professionals use to create much-improved security regimes for
WLANs. A chain is only as strong as its weakest link, but information security
is as strong as its strongest link (as long as that link applies to sensitive
information in transit). Thus, deficiencies in WLAN security that derive from
specifics of the 802.11 implementation are relatively easy to overcome, using
one or more of the following methods or approaches which basically augment or
supplement 802.11 security with stronger tools and technologies:

IPSec (IP Security) protocols: IPSec protocols provide mechanisms for
establishing security associations between pairs of devices. In fact, IPSec may
be used to establish private end-to-end communications between pairs of
computers, so that an additional layer of security is imposed above and beyond
whatever Wi-Fi controls may be in place. This mechanism is quite similar to that
used in VPNs (virtual private networks), in which additional security is used to
make connections across inherently unsecure links.

VPN links: Special added protocol layers and encryption services allow
traffic between a sender and a receiver to be further secured while in transit
across public or other unsecure network links (such as the Internet). Most
experts recommend the use of VPN or similar technologies any time sensitive data
must traverse unsecure links or media (such as WLANs).

IKE (Internet Key Exchange): The IKE protocols are often used with VPN
or IPSec technologies, because they provide a secure means to exchange shared
keys across inherently unsecure links (such as WLANs). Essentially, IKE comes
into play as communications between pairs of devices are negotiated and provides
a mechanism for exchanging highly sensitive data (such as shared keys).

MAC address filtering: This mechanism registers valid MAC (media
access control) addresses in use (these are burned into network access devices
during manufacture and are designed to be unique) and permits only recognized
MAC addresses to establish communication with wireless access points. But
although this mechanism sounds foolproof, it isn't: software tools permit such
addresses to be imitated, or spoofed, and ongoing monitoring of wireless
communications often allows valid MAC addresses to be learned over time. MAC
address filtering is most effective when it's used in conjunction with the
other approaches mentioned in this list.

Stronger encryption keys: Various wireless implementations use longer,
stronger keys for WEP or other wireless protocols. Although all WEP
implementations are subject to the weaknesses of 24-bit IVs, other stronger
protocols are not. These keys are best used in the context of IKE, Kerberos,
RADIUS, VPN, and/or IPSec approaches.

RADIUS (Remote Authentication Dial-In User Server/Service): RADIUS is
designed to provide reliable, secure third-party authentication services for all
kinds of remote network access, including wireless access. Environments that use
RADIUS can rely on strong authentication from a RADIUS server and secure
mechanisms for key exchange between entering workstations and the access point.
(RADIUS provides key exchange and management mechanisms that Wi-Fi itself
lacks.) Because RADIUS is widely used, and is available in implementations for
Windows, Macintosh, and most Unix or Linux servers, this turns out to be a
surprisingly workable solution.

Kerberos: Kerberos is a standard set of Internet protocols, services,
and identity proofs that's becoming part and parcel of authentication in many
networking environments (particularly those based on Unix, Linux, or Windows).
By providing mechanisms to publish asymmetric user keys or certificates and
managing validity information for such keys, Kerberos provides both strong
authentication and strong encryption services that may be used in tandem with
wireless networking. Kerberos is highly recommended.

TLS (Transport Layer Security): TLS is a session protocol that
provides privacy for Internet sessions between an application and a client or
user. In wireless applications (where it's sometimes known as WTLS), it allows
a client to access a server through an access point for authentication, and then
helps choose encryption mechanisms and keys to use before allowing network
access or any exchange of real data. This is also highly recommended.

Broadcast key rotation: Access point vendors enable mechanisms to
create and manage short-lived, dynamically generated broadcast WEP keys for
access to services such as DHCP (Dynamic Host Configuration Protocol) or ARP
(Address Resolution Protocol). (This can occur before log on and cannot
therefore be secured with stronger authentication or encryption mechanisms that
ultimately depend on valid proofs of user identity to control access.) Short
timeouts on key life make it extremely difficult to crack such keys, but they
only work for broadcast services (such as DHCP and ARP) and offer no
improvements for user security. Because earlier WEP implementations often shared
keys for both broadcast and unicast communications, this mechanism does boost
communications security overall.

Closed system: A technique developed by Lucent wherein access points
do not broadcast SSID beacon frames (and thereby do not advertise SSID
information at all). This defeats simple scanning tools that can otherwise find
wireless networks inside their broadcast ranges with ease. This helps prevent
so-called war driving attacks where outsiders cruise neighborhoods looking for
wireless networks to freely access.

Through judicious use or combinations of these various approaches, it's
possible to strengthen wireless security appreciably, and to mitigate potential
vulnerabilities or exposures that Wi-Fi could otherwise present.

Source: www.hp.com

"Bandwidth availability is a constraint"

By itself, there's not much IT professionals can do to strengthen Wi-Fi
security, beyond making sure standard defaults are reset and stronger SSIDs are
used. That said, there are plenty of additional security options and add-ons
that savvy IT professionals use to create much-improved security regimes for
WLANs. A chain is only as strong as its weakest link, but information security
is as strong as its strongest link (as long as that link applies to sensitive
information in transit). Thus, deficiencies in WLAN security that derive from
specifics of the 802.11 implementation are relatively easy to overcome, using
one or more of the following methods or approaches which basically augment or
supplement 802.11 security with stronger tools and technologies:

IPSec (IP Security) protocols: IPSec protocols provide mechanisms for
establishing security associations between pairs of devices. In fact, IPSec may
be used to establish private end-to-end communications between pairs of
computers, so that an additional layer of security is imposed above and beyond
whatever Wi-Fi controls may be in place. This mechanism is quite similar to that
used in VPNs (virtual private networks), in which additional security is used to
make connections across inherently unsecure links.

VPN links: Special added protocol layers and encryption services allow
traffic between a sender and a receiver to be further secured while in transit
across public or other unsecure network links (such as the Internet). Most
experts recommend the use of VPN or similar technologies any time sensitive data
must traverse unsecure links or media (such as WLANs).

IKE (Internet Key Exchange): The IKE protocols are often used with VPN
or IPSec technologies, because they provide a secure means to exchange shared
keys across inherently unsecure links (such as WLANs). Essentially, IKE comes
into play as communications between pairs of devices are negotiated and provides
a mechanism for exchanging highly sensitive data (such as shared keys).

MAC address filtering: This mechanism registers valid MAC (media
access control) addresses in use (these are burned into network access devices
during manufacture and are designed to be unique) and permits only recognized
MAC addresses to establish communication with wireless access points. But
although this mechanism sounds foolproof, it isn't: software tools permit such
addresses to be imitated, or spoofed, and ongoing monitoring of wireless
communications often allows valid MAC addresses to be learned over time. MAC
address filtering is most effective when it's used in conjunction with the
other approaches mentioned in this list.

Stronger encryption keys: Various wireless implementations use longer,
stronger keys for WEP or other wireless protocols. Although all WEP
implementations are subject to the weaknesses of 24-bit IVs, other stronger
protocols are not. These keys are best used in the context of IKE, Kerberos,
RADIUS, VPN, and/or IPSec approaches.

RADIUS (Remote Authentication Dial-In User Server/Service): RADIUS is
designed to provide reliable, secure third-party authentication services for all
kinds of remote network access, including wireless access. Environments that use
RADIUS can rely on strong authentication from a RADIUS server and secure
mechanisms for key exchange between entering workstations and the access point.
(RADIUS provides key exchange and management mechanisms that Wi-Fi itself
lacks.) Because RADIUS is widely used, and is available in implementations for
Windows, Macintosh, and most Unix or Linux servers, this turns out to be a
surprisingly workable solution.

Kerberos: Kerberos is a standard set of Internet protocols, services,
and identity proofs that's becoming part and parcel of authentication in many
networking environments (particularly those based on Unix, Linux, or Windows).
By providing mechanisms to publish asymmetric user keys or certificates and
managing validity information for such keys, Kerberos provides both strong
authentication and strong encryption services that may be used in tandem with
wireless networking. Kerberos is highly recommended.

TLS (Transport Layer Security): TLS is a session protocol that
provides privacy for Internet sessions between an application and a client or
user. In wireless applications (where it's sometimes known as WTLS), it allows
a client to access a server through an access point for authentication, and then
helps choose encryption mechanisms and keys to use before allowing network
access or any exchange of real data. This is also highly recommended.

Broadcast key rotation: Access point vendors enable mechanisms to
create and manage short-lived, dynamically generated broadcast WEP keys for
access to services such as DHCP (Dynamic Host Configuration Protocol) or ARP
(Address Resolution Protocol). (This can occur before log on and cannot
therefore be secured with stronger authentication or encryption mechanisms that
ultimately depend on valid proofs of user identity to control access.) Short
timeouts on key life make it extremely difficult to crack such keys, but they
only work for broadcast services (such as DHCP and ARP) and offer no
improvements for user security. Because earlier WEP implementations often shared
keys for both broadcast and unicast communications, this mechanism does boost
communications security overall.

Closed system: A technique developed by Lucent wherein access points
do not broadcast SSID beacon frames (and thereby do not advertise SSID
information at all). This defeats simple scanning tools that can otherwise find
wireless networks inside their broadcast ranges with ease. This helps prevent
so-called war driving attacks where outsiders cruise neighborhoods looking for
wireless networks to freely access.

Through judicious use or combinations of these various approaches, it's
possible to strengthen wireless security appreciably, and to mitigate potential
vulnerabilities or exposures that Wi-Fi could otherwise present.

Source: www.hp.com

"Bandwidth availability is a constraint"

Harish Chib, VP, operations, Elitecore Technologies

How do you see the growth of Wi-Fi service in India?

A number of public hotspots exist in India. That hotels are the driving
force at the moment is common knowledge-airports too, although their
number would not be comparable to hotels. Apart from these two entities,
public hotspots are coming up. There are above 250 public hotspots in India.

But we expect the number of hotspots, as well as usage, to go up in the
future. This will happen when the service becomes independent of access
technology with reliable, single authentication; billing and payment window;
interoperability and seamless roaming; as well as the availability of compelling
content.

How has the response been from the Wi-Fi users?

Given the constraints of payment, roaming, high charges, and limited
applications the current usage is quite encouraging. The number of regular users
would be a little over 25,000. But, we should remember that Wi-Fi is still in a
stage of infancy, with great potential for expansion.

What are the major constraint in the growth of Wi-fi in India?

The number of locations, at the moment, are too few for easy access and
seamless roaming. Bandwidth availability is a constraint, given the scattered
nature of some places like airports. WiMax will play a large role in easing this
constraint. High price per use is a major factor. Without roaming facility,
coupled with the high price, usage does get quite limited unless the
duration of stay at the hotspot is quite long. Eg., when a single hour's Wi-Fi
use costs as much as a full day's normal ISP charges for Internet access, it
does act as a deterrent. But with lower prices (which will come with higher
usage and competition) and easy roaming, where the user can aggregate usage
hours, this constraint will ease.

What are the challenges faced by service providers and equipment
vendors?  

Service providers face the challenge of finding a cost-effective and highly
efficient billing solution, delivering quality of service, interoperability with
other Wi-Fi spots or networks, and security. Equipment vendors face the problem
of larger area access with limited access points. This in turn translates into
an infrastructure and cost problem for service providers.

What will drive user adoption of Wi-Fi?

In comparison to Wi-Fi connectivity, data cards are quite expensive. But
comparison arises, since Wi-Fi today does not serve the purpose of true
mobility. Service providers are currently targetting Wi-Fi as a replacement of
wireline-which has its own benefits, but this is just one side to the whole
issue. While cellular services like GPRS and CDMA data services with their
on-the-move connectivity take care of the mobile needs of users, hotspots
provide static locations of connectivity that are cost-effective, their
benefit being higher data capacity. These are complementary solutions that can
benefit from each other. But this would require seamless switch from cellular to
Wi-Fi connectivity whenever a Wi-Fi zone is reached.

What does the future hold for Wi-Fi?

Just as telecom has seen market consolidation with a handful of
large service providers, Wi-Fi too will see the same happening. Firstly,
the issues of single billing, intero-perability, and advanced content
cannot be covered by standalone operators of single hotspots. Managed service
providers with a network of hotspots under them can function effectively,
ensuring all these services. This is where the market is headed.

Secondly, while early users are visionaries who willingly face technology
obstacles to understand and use the emerging technology, scale lies with the
masses who need some amount of handholding and easy availability of help-which
a large managed service provider is capable of providing. At the moment, the
scenario is that public hotspot providers themselves are not highly
technology conversant which in turn limits their capacity to provide help to
users. So emergence of the large managed service provider will
enhance Wi-Fi expansion.