What is Dynamic Personal Pre-Shared Key (DPPSK)?
Dynamic Personal Pre-Shared Key (DPPSK) is a cloud authentication method, offered in Nebula Professional Pack, that delivers secure WiFi access by providing each device and network user with a unique password. Just like WPA2-Personal, users must input their own personal password to access the wireless network as part of the WiFi onboarding process for enhanced security, whereas the traditional pre-shared keys (PSKs) are shared with multiple or sometimes, even all network users.
Stronger Security for Simple WiFi Onboarding
Many organizations choose 802.1X on WiFi (WPA-Enterprise) as an effective WiFi authentication method since it uses a different encrypted key for each authenticated user to ensure a high level of wireless security. The method has been viewed as the gold standard for secure WiFi authentication for many years, however, it requires additional infrastructure (RADIUS server and client software/OS), as well as the networking setup expertise to manually configure it.
Nebula now offers a new cloud authentication method through the Dynamic Personal Pre-Shared Key (DPPSK) feature – made available the first time to the SMB market. Just like WPA2-Personal, the traffic between the AP and wireless clients is all encrypted. The algorithm used in encrypting the wireless traffic is a combination between the client’s hardware information and the password. In a typical WPA2-Personal security, all wireless clients may only use the same password. This means that if a hacker trying to steal personal information is aware of the shared WiFi password of an establishment, the hacker can unencrypt the wireless traffic much more easily.
However, With DPPSK, each wireless client can access the WiFi using different passwords. This creates an environment where each wireless client’s traffic uses a unique encryption key for enhanced security. In addition, with a quick setup in NCC, the passwords can be customized to expire or last for a particular timeframe; thus, making the management of WiFi access for multiple users much more simple, convenient and secure.
Image 1: With DPPSK, the traffic between the AP and wireless clients is all encrypted using different passwords.
How to Use DPPSK and Generate Keys for Secure WiFi Onboarding
The following section, we will explain how to use DPPSK feature in a real-world setting.
Scenario: In a hotel setting. 12 guests have booked rooms for 7 nights and all paid for the WiFi service during their stay. The hotel staff needs to provide a unique WiFi codes for each hotel guest for them to access the guest WiFi network.
- Set up Guest WiFi: Go to Access point > Configure > SSID Overview
Change the SSID name to “Hotel – Guest”, enable the Guest Network, and then click Save.
- Configure WLAN Security settings: Go to Access point > Configure > Authentication
Select SSID “Hotel – Guest”, choose DPPSK as WLAN security. (It is optional to input a backup password), and then click Save.
- Print WiFi Codes: Go to Access point > Configure > Cloud Authentication
Select “DPPSK” as an Account type, and then click “+Add” button.
Users have an option to generate a single DPPSK or in batch. In this hotel-setting scenario, please select “Batch create DPPSK”.
The wireless client can use the DPPSK password to access the wireless network.
- Dynamic VLAN assignment
- When creating single DPPSK, the username can be setup (optional) for client tracking
Image 2: Setting up Guest WiFi
Image 3: Selecting the SSID for Guest WiFi
Image 4: Selecting DPPSK as WLAN security
Image 5: Generating DPPSK in batch
Enter “12” in Number of accounts, key in the “email address” that you would like the DPPSK codes to be sent, and enter “7 days” in Expire in, and then click “Create user” button.
Image 6: Entering the guest WiFi requirements for DPPSK
The email with DPPSK WiFi codes and expiration dates will be sent the email address you specified, as below.
Image 8: The wireless clients uses the DPPSK password to access the wireless network.
As below, Go to Access point > Monitor > Client
The network admin. can also monitor the guest connection on Nebula Control Center (NCC).
Image 9: The network admin. can monitor the guest connection via DPPSK
Additionally, the Nebula’s DPPSK feature also supports the following:
Image 10: The username can be set up to monitor the client connection.
DPPSK + API
Nebula’s DPPSK technology is also one of the first solutions to open up its API to vertical partners who can now deliver cloud-manageable WiFi onboarding services. For instant, Nebula has recently completed its integration with Wiflex from Complit Networks in Belgium. This integration allows the mutual users from both sides to utilize the Wiflex onboarding system with Nebula’s DPPSK solution to achieve more secure, easy, and cloud-manageable WiFi onboarding services for their businesses. For more information about this integration, please visit: Nebula DPPSK