Secure hotspot authentication through a Near Field Communication side-channel

We present a Wi-Fi hotspot authentication system that relies on a Near Field Communications (NFC) side-channel to address the security issues of Wi-Fi configuration and access in public locations. The proposed solution defines an architecture that simplifies Wi-Fi access point configuration for the end user, while simultaneously increasing user security and privacy in public networks. This is achieved by embedding network and security information in NFC enabled devices (e.g. tags) that allow the user to connect to secure wireless networks without a pre-established relationship. By using an asymmetric cryptographic system, it is possible to address several security threats such as an evil twin attack, hotspot or captive portal eavesdropping, and even Man-in-the-Middle attacks. We also present an experimental prototype that stores access point information on NFC tags, allowing NFC-enabled devices to securely connect to a wireless network and verify the access point's identity.