Mandarin Oriental Hotel Group eyes enhanced wireless security

Mandarin Oriental Hotel Group (MOHG) wants to further enhance Wi-Fi security acrMandarin Oriental Hotel Group (MOHG) wants to further enhance Wi-Fi security across its hotel chain without compromising performance and ease of access that could hamper customer experience.

“Over the years, we have solved the issues of performance as well as hand-off roaming – which is the capability that allows access points (AP) to communicate in order to provide users seamless, continuous wireless coverage where one AP picks up a connection when the another goes out of range. Next on my wish list is to be able to further enhance our Wi-Fi security by deploying dynamic pre-shared keys (DPSKs) to initiate a secured connection,” said Bong Valdez, vice president of technology Asia, MOHG told Computerworld Hong Kong.

MOHG has 29 hotets worldwide, including Mandarin Oriental Hong Kong in Central and Excelsior Hotel in Causeway Bay.

DPSK is a wireless security feature being offered by Ruckus Wireless where each device is automatically given a unique private key without users doing anything after the first log-on to the WLAN.

Traditional Pre-shared keys (PSK) are shared by all users on a WLAN, giving it inherent vulnerabilities. If the passphrase is compromised, traffic for the entire WLAN is subject to eavesdropping and decryption by any passive observer. Further, to maintain security, all devices on the WLAN will need to be re-provisioned—this is true for all forms of passphrase compromise, including intentional or unintentional sharing, cracking, or device theft.

According to Valdez, a determined person with a lot of patience can easily get access to a hotel wireless network.

“In most hotels, the Wi-Fi password is the guest’s last name followed by the room number. If I know that a Mr. Kwan is staying in this hotel and I get his room number, I could probably guess his Wi-Fi password,” he said.

With DPSK, each and every associated device is issued its own unique passphrase, which is used for authentication and to create encryption keys.

“By provisioning each device uniquely, you get the benefits of per-device or per-user credentials found in 802.1X, but you maintain the usability and network simplicity benefits of PSK. Credentials can be created and revoked individually, and controlled with expiration intervals. Each DPSK can also be tied to a unique role or policy (even on a single WLAN), such as VLAN, ACLs, rate limits, and more” said Linda Hui, managing director, Ruckus Hong Kong & Taiwan.

Taking a leap of faith

MOHG had equipped its hotels with Wi-Fi connectivity more than 10 years ago at a time when questions were still being raised about bandwidth capacity, speed and overall performance.

Valdez admitted that mistakes had been made when they first embarked on their Wi-Fi journey by installing consumer-grade access points in its properties more than a decade ago.

“When we were renovating our hotel in Singapore in the late 1990s, we were putting 500 access points, one in each room manually. It was not centrally managed and not centrally configured, so you can imagine the nightmare. And we were not assured of coverage. Laptops were the only mobile devices being connected to the internet then, the smartphone as we know now are not in the horizon then. But we do have some internal applications where we require hand-off roaming all over the building. And if I were from one end of a hallway to the other end, my connection was cut off in the middle although there is an AP there,” Valdez recalled.