Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
| Hi-index | 0.00 |
We introduce virtual prepaid tokens (VPTs), a novel billing scheme that allows users to obtain access at WiFi hotspots without having an account with a hotspot provider or a physical prepaid token (PPT). Upon arrival at a hotspot, a user buys a VPT online, using a third-party payment server with which the user already has an account. Experiments show that users can buy a VPT and gain full Internet connectivity in less than 15 seconds, i.e. much less time than it would take to create another account or to buy and activate a PPT. VPTs can be used in hotspots that use a captive portal or 802.1x for user authentication. The latter alternative enables better security. We also contribute a novel technique that allows a single access point to authenticate users by either method. Hotspots can use this solution for migrating to 802.1x without disrupting legacy captive-portal users. Experiments demonstrate that the proposed technique has little overhead and interoperates broadly.