Wireless

Bringing Wi-Fi Security to the Next Level

Luther Smith
Director, Wireless Technology

May 4, 2021

WBA PKI Framework Enables RadSec Connection Security

In 2020, the COVID-19 pandemic nearly eliminated travel. Today, as restrictions are lifted, we’re seeing travel levels increase—particularly locally. Soon, we should all be able to return to the world of far-reaching travel.

Whether for trips across town or journeys around the globe, Wi-Fi accessibility is a critical necessity in the 21st century. Using various Wi-Fi roaming technologies such as Passpoint®, Wireless Broadband Alliance (WBA) WRIX and OpenRoaming™, we can enjoy the Wi-Fi connected broadband experience wherever we go. And as we move about, there are many Wi-Fi networks available to us from various operators; most are secured by some level of security, whether a shared secret, captive portal or Extensible Authentication Protocol (EAP), also known as 802.1x.

Many service providers are moving to EAP for user authentication, a tactic that not only simplifies access to their own Wi-Fi network but also enables a secure roaming experience for their users. To allow users to be authenticated and gain access to roaming Wi-Fi networks, user credentials need to be routed to the home service provider. This interconnection between the roaming partner and the home service provider has typically been over IPSec tunnels. The introduction of RadSec is changing the method of interconnection. RadSec offers a full end-to-end secure path and the ability to use dynamic interconnections.

RadSec interconnection security is based on the mutual exchange of certificates between the two operators, enabling authentication of the operators and encryption of the information exchanged. To standardize these certificates, WBA members (under the leadership of CableLabs) undertook the creation of a solid RadSec PKI framework.

The WBA team led by CableLabs are proud to have completed the PKI framework and have made it available for deployment and use by all members of the WBA, marking the closure of the WBA Roaming Evolution Working Group. The PKI framework includes the PKI Certificate Policy (CP), Trust Root Certificate Authority (CA) agreement, Policy Intermediary CA (I-CA) agreement, Issuing I-CA agreement, End-Entity agreement, Operator Deployment Guidelines and End-Entity Deployment Guidelines.

The completion of the PKI framework is ready to advance and make Wi-Fi roaming simpler. There are several roaming implementations that will benefit from the PKI framework, including specific inter-operators’ roaming deployments, the WBA Wireless Roaming intermediary eXchange (WRiX) and OpenRoaming.

The WBA PKI framework is currently available to WBA members and PKI certificates by Kyrio®, a wholly owned subsidiary of CableLabs. Moving forward, the WBA Roaming Work Group will continue to manage the PKI framework and documentation including the new project, “Profiles & RCOIs Prioritization”.

For more information about the WBA PKI framework contact pmo@wballiance.com and to get your RadSec certificates, contact PKIOPS@kryio.com.

SUBSCRIBE TO OUR BLOG

Kyrio

NDA Vendor Forum Takeaways: Working with Kyrio

Mitchell Ashley
President & General Manager, Kyrio

Apr 12, 2017

Guest blog post by Mitchell Ashley, President and General Manager of Kyrio. Last week I had the privilege of unveiling the new Kyrio at the NDA Vendor Forum. The NDA Vendor Forum is an annual event for us to brief the supplier community on all the activities at CableLabs, Kyrio and UpRamp. It’s a great opportunity to get up to speed on where the industry is headed and its priorities. As the leading innovation resource for everything networkable we provide technology solutions and enable new marketplaces for safer, better and faster ways to network. So businesses and their customers can thrive.

(more…)

News

NetworkFX is now Kyrio

Mitchell Ashley
President & General Manager, Kyrio

Feb 2, 2016

Today we are announcing the re-branding of NetworkFX to our new name, Kyrio. The driving strategy of Kyrio is to expand the impact of technologies created at CableLabs, beyond the well proven technology transfer model that's made CableLabs a successful global cable industry R&D organization.

Kyrio (then NetworkFX) was founded in 2012 to bring our managed Public Key Infrastructure (PKI) security services to industry associations, device manufactures and businesses beyond the traditional cable market. The same managed PKI service securing cable devices and broadband networks for the past 15 years now secures the Wi-Fi Alliance and OpenADR smart grid ecosystems and large enterprises.

Why Kyrio

So why Kyrio? The origin of Kyrio comes from the Greek word kyrios meaning "lord" or "master", representing the deep technology heritage and skills of the the people at Kyrio and our collective industries. Our name also embodies the curiousness that drives us to bring new technologies and services to market.

Expanded Offerings

Since 2012, Kyrio has expanded into additional service offerings. In addition to managed PKI security services, Kyrio provides the Go2Broadband service, wi-fi testing services, and piloting a wi-fi roaming hub service with wi-fi network providers.

Learn more

Visit our newly launched website and blog post to learn more about us. And thank you for welcoming us as we reintroduce ourselves as Kyrio.

Mitch Ashley is President and General Manager at Kyrio.