As demands for fully secure WiFi grow, AI takes a growing role

With WiFi taking an increasingly strategic role for many telcos and cablecos, the value of enhanced security for these connections is going up, especially since GDPR laws have put privacy on everyone’s agenda.

That is why Amazon has been playing up the security qualities of Eero, the WiFi mesh router firm it acquired recently. And by the same token, Turkey’s AirTies, which has carved out a strong position as a WiFi mesh specialist, last month announced a partnership with Cujo, a US start-up peddling AI-driven security monitoring.

Cujo started out in 2015 building what looked like a basic firewall with integrated antivirus and anti-malware protection, aiming to guard against the usual combination of phishing and scamming attacks. Its selling point was being based at the gateway to the home WiFi network in the router, but it was the addition of more adaptable monitoring and of course the allure of AI that has attracted the attention of bigger players, along with meticulous logging of emerging threats on a central database.

Its biggest coup so far has been the USA’s largest cableco, Comcast, which built its WiFi security service, xFi Advanced Security, around Cujo AI. This was launched initially to 15m homes in January 2019. Fraser Stirling, SVP of digital home, devices and AI at Comcast Cable, said this was to meet rising demand for WiFi security, resulting both from privacy concerns and also proliferation in the number and scope of connected devices under the IoT banner.

To some extent, there are two dimensions to consumer WiFi security, one applying to the home and the other to public hotspots. In the latter, there is greater risk of man-in the middle and other attacks that enable data to be eavesdropped, exploiting the fact no network authentication is required. Some public WiFi hotspots are still vulnerable to the infamous KRACK (Key Reinstallation Attack), a form of replay attack on the WiFi Protected Access protocol that secures WiFi connections, discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens at the University of Leuven.

As a result, users are still well advised not to engage in sensitive applications such as online banking from public hotspots. Furthermore, public and private WiFi overlap, given that many hotspots are merely homespots, enabled through domestic routers doubling as public access points using a public SSID open to the given operator’s customers. Comcast has one of the world’s largest network of such homespots, comprising just over 20m routers, potentially rising to 27m if every one of the operator’s broadband customers had its one enabled. One reason Comcast chose Cujo AI was for its ability to address public WiFi threats and go beyond the signature recognition of most WiFi firewalls.

The point here is that a lot of coordinated attacks, such as botnet-based DDoS (Distributed Denial of Service) attacks, that target devices through WiFi networks, generate DNS (Distributed Name Service) traffic because they have to establish connections with the given endpoints, requiring conversion between domain names and IP addresses. Defenses against such attacks are therefore possible by recognizing characteristic signatures in such traffic and this has become more sophisticated, through application for example of mathematical graph theory to identify traffic shapes and relationships, such as a high number of domain queries occurring locally within a short time. However, as Cujo AI has noted, more and more DNS traffic is encrypted these days, making it harder to apply conventional signature detection, which is where machine learning can come into play by learning to identify any deviations from the norm and flagging those up for further investigation.

AI and machine learning techniques are also being applied to WiFi analytics. Operators used to regard WiFi as a thorn in their side, raising customer support costs and causing aggravation with little upside for them. That has changed with the realization that WiFi is now their last mile, like it or not, and that by improving their customers’ experience of it they can reduce churn. They can improve in-home WiFi performance and also offer better troubleshooting and support. This is usually achieved now through some form of hybrid model combining cloud and router-based analytics, around a mesh configuration where possible or relevant.

We have covered the debates over different approaches in great length before, trying to step through the almost religious, wars that beset this field of technology. Two points that everyone agrees on, though, are that – except for the simplest or smallest dwellings such as single-room units – it is better to have at least two access points (APs); and that a hybrid model delivers better performance than either cloud or router on their own.

Of course, a router is well placed to analyze the entire health of a given home’s WiFi network, unlike any end point such as a phone or laptop. At the same time the cloud can take a higher level view still, responding for example to interference between multiple WiFi networks in an MDU. The cloud can make decisions based on the results of previous similar outcomes derived from analysis ofms of customers. Furthermore, latencies are now low enough for more decisions to be made in the cloud, where greater processing resources are available. But some will still need to be made locally.

Given the fluid and still unmanaged nature of most domestic WiFi networks, subject to actions beyond the operator’s control such as moving APs or even pulling out a plug inadvertently, the overriding priority for many operators is visibility for accurate monitoring and analytics to determine actions. Visibility on its own can actually increase costs because it creates more scope for troubleshooting and even demand for the dreaded on-site engineer visits, without corresponding ability to automate as much of the troubleshooting and analysis as possible. This is where AI and ML come in, although they have come fairly late to the game, partly because WiFi troubleshooting and analytics are themselves still young fields.

But interest in application of deep machine learning in particular to both WiFi and cellular networks has mushroomed in the last year or two, with many more technical papers being published, which will feed through into commercial products.

The primary benefit will be to process and analyze the vast amounts of data now generated by WiFi. One of the challenges is that a lot of the data is unstructured and also unlabeled, which makes it less suitable for the current generation of supervised machine learning models employed in wireless networking, because this involves laborious manual labelling. This rather defeats the point at the outset, since the aim is to reduce human effort. The future therefore lies with unsupervised machine learning capable of extracting insights from unlabeled data that the system cannot immediately recognize. This takes the pattern recognition and analysis to a higher level, better able to detect anomalies that may represent attacks or more likely QoS issues that might need to be addressed.

Security rears its head again here because unsupervised algorithms may also be more vulnerable to adversarial attacks, as has been demonstrated in recent experiments. This is a story for a future day but emphasizes again that AI is no silver bullet against hacking, but just the next weapon in the arms race.