Any business traveler will recognise this: you arrive, tired after a long flight…take a shuttle to your hotel, where you queue to check in, and do all sorts of formalities including most commonly showing picture ID, having your credit card swiped to cover the hotel rate and incidentals, sign various pieces of paper, make sure, that your loyalty program is recorded with the hotel — and finally get a key to your (hopefully upgraded) hotel room.
At this point, all you really want is to get to your room, have a nice shower, brush your teeth, do a quick FaceTime (time-zone permitting) or ship an email back home to let your loved-ones know that you have arrived well — and then either crash to sleep off jet-lag, or head out for the days business …
…except, the latter part rarely is that easy: you need to access the hotel WiFi, which typically involves a captive portal, various passwords – which you may or may not have gotten at check-in, and which you may or may not have managed to somehow misplace on the short walk from the reception to the room (yes, speaking from experience …)
And once you have the password, you need to type it in to all your devices. And, this sometimes needs to be done on a daily basis. On all your devices. Including those which do not have a keyboard or a touch-screen (e.g., your favourite portable AirPlay speaker, or other IoT device).
This, after the hotel already having checked your passport, swiped your credit card, and given you a physical key to allow you access to your reserved room…
This is really the same when visiting another company: you typically check in at the reception desk, which verifies your ID, prints a visitor badge for you, and summons your host to escort you around. If you’re lucky, you’ll also get a WiFi password … which you then, again, have to enter into all your devices — at a time when you’d better be spending your time discussing/negotiating/talking with you host …
Last week, a group of my students defended their PSC (a scientific group project), entitled “Constellation” – which had as objective to alleviate all that pain through technology.
Their ground observations were, that:
- once you’re inside a hotel room, it would be because you somehow have the key to that hotel room, or are the guest of someone who has the key
- once you’re inside my office, then you’d either have the key to my office (i.e., be me) or be a guest of mine.
And that, really, should be enough authentication. In other words, considering a floor-plan like this (stolen from the slide-deck of the student presentation):
If you turn on your device in the common areas (indicated in red: hallways, restrooms, …) then you may get redirected to a captive portal, or simply denied access. However if you turn on your device in one of the “green rooms” then your device is recognised as “under the authority of the person in charge of that room” and is granted access automatically.
The really cool thing would be, of course, if once a device has been “turned on inside a green room” the WiFi system remembers this and allows the device to roam also into the common areas. In the hotel scenario, after having turned on your device in your room, you’d want to go to the bar (for example) while remaining connected.
Especially for connected devices that do not have a keyboard, this is an incredible simplification of life — but, requires being able to precisely geolocate each device inside the building.
Of course, WiFi geolocalisation isn’t exactly new. High-end expensive WiFi access points exist which – given sufficient calibration and tuning – support this functionality. Of course, note the words “expensive”, “sufficient calibration”, and “tuning” – meaning that this isn’t actually commonly deployed. In none of my >1000 hotel stays since the year 2000 have I seen WiFi access control implemented by way of geolocalisation.
This group of students set out with the objective of finding a way to solve this but using ridiculously inexpensive WiFi access points with really minimal calibration – gently and attentively supported by Pierre Pfister (X08 & Cisco PIRL) through the entire academic year..
Our friends at Cisco PIRL provided us with a set of (non-Cisco) consumer-grade WiFi access points, like these:
(Not sure who provided the biscuits …) and they set out a-hacking. The project was actually significant in breadth, touching on a number of different technologies, which can be grouped into three main categories:
- Hacking OpenWRT
- Homenet integration
For localisation, the starting point was (of course) naive triangulation – intensive calibration required – but the grouped up with an advanced application of Machine Learning for increasing the precision and for reducing both the number of access points and the calibration efforts.
This was actually remarkable: the students presented their project in a building to which they had not had access more than 30min before the exam – which was largely enough for them to set up a functional deployment of their system & demonstrate it convincingly.
The WiFi access points ran OpenWRT, into which their work was integrated – and a key concern was to be able to run their system on the very limited hardware of the access points. To this point, they came up with several clever tricks, including to run the “machine learning” part (the most heavy element) “off-line”: they would connect the system to a computer only while the system was “learning” (to detect if a user is inside or outside a room), then automatically export the inference rules as a massive “if-then-else” tree which – while being many, many lines of code, could easily run on the limited hardware of the WiFi access points.
Roaming users, who connect initially inside a “green room” and then later move into the “red room” common area were managed by integrating essentially ACLs into Homenet – cleverly building off the work of Pierre Pfister (X08 & Cisco PIRL), and thus extending the Homenet stack with some interesting new functionality.
Of course, the whole system runs IPv6-native, and – frankly – just worked when demonstrated. The precision is impressive, and the system responsive – and, it leaves a nice platform for further experiments and developments. The next step will be to install a semi-permanent platform in the Ecole Polytechnique Drahi Innovation and Entrepreneurship center, where my offices are, and use this extensively operationally, simply for “WiFi access”.
However clearly, given the precision and responsiveness that is supported, this is an excellent platform for also proposing other location-based services. This, however, will be the subject of a later post.
The whole thing is being pushed onto GitHub, and as appropriate upstreamed to Homenet, OpenWRT etc. Stay tuned for more information on all this.
Impressive piece of work even if it is more about “authorization” than “authentication” but really cool.
As usual, I like the way the blog entries are written with a self-mocking tone