Browse Prior Art Database

Methods to authorize adoption of a WLAN Access Point to a Controller hosted on Cloud

IP.com Disclosure Number: IPCOM000248066D
Publication Date: 2016-Oct-21
Document File: 8 page(s) / 537K

Publishing Venue

The IP.com Prior Art Database

Abstract

As depicted in Fig.1, a cloud-based controller is a multi-tenanted wireless controller hosted on internet. The cloud-based controller treats each customer as a separate tenant and each tenant connects to the cloud-based controller over internet. Currently, a tenant activates an AP on the cloud for adoption to the cloud controller by entering AP's serial number and MAC-address in the cloud's webpage. Once activated by entering the details, the AP can adopt to the cloud controller. Upon adoption AP gets complete access to tenant's network – including WLAN passphrases – and thereby tenant's data. Hence, securing adoption of Access Point to the cloud is paramount.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 18% of the total text.

Page 01 of 8

1 Methods to authorize adoption of a WLAN Access Point to a Controller hosted on Cloud

Methods to authorize adoption of a WLANAccess Point to a Controller hosted on Cloud


1. Terminology

AP

HTTPS

ISP

MAC Address Media Access Control Address, a unique 6 bytes

MAC OUI MAC Organizational Unique Identifier, the first 3 bytes of MAC reserved for an organization to identify the series of MAC(s) belonging to it.

WLAN

Wireless Local Area Network


2. Introduction

As depicted in Fig.1, a c loud-based controller is a multi-tenanted wireless controller hosted on internet. The cloud-based controller treats each customer as a separate tenant and each tenant connects to the cloud-based controller over internet. Currently, a tenant activates an AP on the cloud for adoption to the cloud controller by entering AP's serial number and MAC-address in the cloud's webpage. Once activated by entering the details, the AP can adopt to the cloud controller. Upon adoption AP gets complete access to tenant's network - including WLAN passphrases - and thereby tenant's data. Hence, securing adoption of Access Point to the cloud is paramount.


3. Problem

The adoption process stated above is insecure, since both serial number and MAC address of an AP can be modified and since the cloud cannot ascertain over the internet whether an AP claimed to be belonging to a tenant is really coming from the tenant's network. In effect, an unscrupulous user can get a private AP a n d thereby get a tenant account on the cloud, modify AP's MAC address and serial number to that of an AP belonging to another tenant, then plug-in the AP to internet to get it is adopted as the tenant's AP. Such adoption will enable the unscrupulous user to target any tenant in order to gain access to not only the tenant's AP configuration - including WLAN passphrases - but also other network configurations and thereby tenant's private and sensitive data. Similarly, an activated AP stolen from the tenant's premises can adopt to the cloud thereby becoming a tool to wield greater damage, unless both the theft is identified and the AP deactivated - more importantly, so soon as to prevent any intrusion. Even a minor delay in identification of such a theft can perpetuate illegitimate access to tenant's network and data with no way of identifying or preventing such a leaked access. Thus,

the

Wireless Access Point or WLAN Access Point

Hyper Text Transport Protocol over SSL, is one of the secure method of communicating with a server

Internet Service Provider


Page 02 of 8

2 Methods to authorize adoption of a WLAN Access Point to a Controller hosted on Cloud

urgency of plugging this loophole is only exceeded by the cost of illegitimate access it exposes the cloud tenants to.


4. Limitations of known solutions


4.1. One approach of ensuring that the AP belongs to the tenant is to maintain list of public IP-

Tenant n

AP

Cloud-Based

Controller

addresses from which a tenant's adoption requests ingress. However, not o...