AirTies pools analytics with Cujo AI to meet operators’ WiFi demands

As WiFi has become increasingly integral for broadband providers and ISPs, the market for routers, hubs and extenders has split between retail and service provider products. While vendors such as Netgear, Linksys and TP-Link continue to compete on features, service providers are more concerned about ease of deployment and automation, desperate to avoid escalating support calls, or worse – customer churn out of frustration when WiFi does not work in part of the house.

They are also increasingly concerned over security in the wake of privacy legislation such as the EU’s GDPR, which is why Amazon acquired WiFi mesh router firm Eero, while Turkey’s AirTies in March 2019 announced a partnership with Cujo, a US start-up peddling AI-driven security monitoring.

Now AirTies and Cujo AI have extended their partnership to pool their respective data analytics capabilities, in line with recent growth in demand from service providers.

Having now become resigned to providing WiFi as part of their service, effectively extending their last mile domain beyond the router to the end wireless device, operators have decided they might at least recoup some of the extra costs by harnessing the user data they can now obtain. In this case, AirTies’ customers gain access to data from the Cujo network analytics tool incorporating machine learning algorithms, as part of the AirTies Cloud. By the same token, Cujo AI customers will have access to AirTies’ WiFi data analytics as part of the Cujo AI Lens package, which already glimpses at how customers utilize their home network in near real time.

AirTies has gained the most through this partnership, which for Cujo AI is effectively just another route to market. It is true the Californian start-up can now give its customers access to AirTies WiFi remote diagnostics and troubleshooting capabilities, but lack of that did not prevent it gaining its one high profile tier 1 customer Comcast, which built its WiFi security service, xFi Advanced Security, around Cujo AI. This was launched, initially to 15m homes in January 2019, to meet rapidly rising demand for WiFi security, resulting from privacy concerns and proliferation in the number and scope of connected devices under the IoT banner.

However, such demand arose not so much from consumer customers themselves, many of whom believed they were adequately protected at the device level, but from within Comcast itself through appreciation of the risks posed by public hot spots. Such public networks are more susceptible to various threats, especially man-in the middle attacks that enable data to be eavesdropped, exploiting the fact no network authentication is required. Some public WiFi hotspots are still vulnerable to the infamous KRACK (Key Reinstallation Attack), a form of replay attack on the WiFi Protected Access protocol that secures WiFi connections, discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens at the University of Leuven.

As a result, users have been advised not to engage in sensitive applications such as online banking from public hotspots, which rather compromises their utility. The point here though is that many hotspots are merely homespots, enabled through domestic routers doubling as public access points using a public SSID open to the given operator’s customers. Comcast has one of the world’s largest networks of such homespots, comprising just over 20m routers, potentially rising to 27m if every one of the operator’s broadband customers has its router so enabled. One major reason therefore why Comcast chose Cujo AI was for its ability to address public WiFi threats and go beyond the signature recognition of most WiFi firewalls.

Many coordinated attacks, such as botnet-based DDoS (Distributed Denial of Service) attacks, that target devices through WiFi networks, generate DNS (Distributed Name Service) traffic because they have to establish connections with the given endpoints, requiring conversion between domain names and IP addresses. Defenses against such attacks are therefore possible by recognizing characteristic signatures in such traffic and this has become more sophisticated, through application for example of mathematical graph theory to identify traffic shapes and relationships, such as a high number of domain queries occurring locally within a short time. However, as Cujo AI has noted, more and more DNS traffic is encrypted these days, making it harder to apply conventional signature detection, which is where machine learning can come into play by learning to identify any deviations from the norm and flagging those up for further investigation.

But similar AI and machine learning techniques can also be applied to WiFi analytics and help derive benefits from wireless connectivity for operators and their customers. On the one hand, they can improve in-home WiFi performance and offer better troubleshooting and support. On the other, they can analyze user behavior to tune performance further and also tailor services accordingly, even if Cujo AI is still quite vague about the possibilities.

“Our integration will enable new and existing AirTies customers to deploy Lens alongside the AirTies Cloud agent through a no-cost licensing program. Together, we provide network operators with a way to collect, intuitively analyze and visualize end-user connectivity and utilization data and get answers across operations, business, marketing as well as customer service visibility into devices and applications,” said Andrea Peiro, president of Cujo AI.

This is not particularly enlightening, but clearly Cujo AI is enabling operators to go beyond security and network data to obtain insights from devices and also user actions. In the first instance this allows greater automation and extension of troubleshooting to include some pre-emptive capabilities through observing performance at the device level.

The operator might be able to recommend changes in the position of WiFi extenders within the mesh for example, which is more valuable for larger premises. Such advice is now being enshrined in apps offered by operators, enabling users to identify optimum locations for hubs and extenders just by walking their smartphones around their home. Indeed, a growing number of broadband operators now offer supported mesh kits comprising a hub and up to three extenders for large homes, creating a four-node mesh network. However, about 99% of homes are covered adequately by just two nodes, that is a hub and a single extender.

Cujo AI is also now talking about application level analytics, extracting usage and behavioral data that can be correlated with devices and individual users, delivering information on how, when and where content is consumed. This has potential for exploitation in marketing and service development, or even content acquisition.

But for now, operators are most interested in the firm’s capabilities for automating security management while exploiting data for capacity planning, their primary desire being to have as easy a life as possible in these early days of WiFi being the new last mile. Cujo AI’s main competitors are still in the security domain, including other start-ups peddling AI and machine learning in preference to traditional techniques such as deep packet inspection (DPI).

These new firms, including Cujo AI, argue that DPI is outmoded, partly because it cannot work on encrypted data. Machine learning on the other hand can in principle be tuned to identify anomalous patterns in any form of data.

Cujo AI is also facing competition from traditional cybersecurity vendors like McAfee and Symantec that are moving into home and hotspot protection, but they are having to adapt their legacy technology for the scale of broadband operators while incorporating AI techniques. Cujo AI believes it has a window to exploit, being larger than most other start-ups as a result largely of the Comcast deployment, as well as a more flexible and scalable technology platform than the incumbents.