On the Feasibility of Attribute-Based Encryption for WLAN Access Control

User authentication at Wi-Fi Access Points (APs) is becoming an important issue. Wi-Fi APs are indeed ubiquitous, but existing authentication methods such as WPA/WPA2 static pre-shared secret key (PSK), or 802. IX-based online authentication services (e.g., RADIUS servers/proxies) have their theoretical or practical limitations. In a previous work, we proposed WI-FAB, a new authentication mechanism which neither requires online backend access control infrastructure, nor relies on a static pre-shared secret key. In this paper, we extend WI-FAB by removing the need for having a central authority for user authentication and credential issuing. Our main contribution is twofold: (i) adopting decentralized multi-authority CP-ABE, we support the users who have authentication/authorization credentials from multiple authorities. We decouple the user credentials issuing from the management of the WPA2-PSK, so that neither the credential issuing authority can track the users, nor the AP can access the real identity of the users. Considering an extensive attack model, we show that the proposed approach is secure and preserves the privacy of the users. (ii) We provide a real-world implementation of the proposed approach on off-the-shelf embedded hardware to demonstrate its feasibility and efficiency.