Strengthen eduroam Security
with the eduroam Configuration Assistant Tool (CAT)
Why do we need eduroam CAT?
Malicious actors operating rogue hotspots using commoditized toolkits can intercept authentication traffic to harvest credentials on all Wi-Fi connections, including eduroam. Given that user credentials are often shared across resources, this presents a significant risk to your users and institution.
eduroam CAT lets you configure a profile using secure methods to connect to legitimate authentication servers operated by your organization. When your students, staff, and researchers apply this profile to connect to eduroam, their devices and credentials will no longer be at risk of interception attacks.
Your users can configure CAT on iOS and Android devices using the “geteduroam” app or on laptops via the configuration tools here. You will be able to monitor uptake of CAT on user devices and enforce its use if you choose.
Anonymous Outer IDs
Another benefit of implementing CAT is the ability to activate “Anonymous Outer IDs”, which prevents your users’ personally identifiable credentials from being viewed or tracked by eduroam service providers. This means that rather than an airport or coffee shop having a record of jane.smith@yourinstitution.ca authenticating on eduroam at their location, their records would show a randomized character string (e.g., VGm07Qi6z2@yourinstitution.ca.
For details on Anonymous Outer ID, please refer to documentation on our website.
Activating CAT
- Email tickets@canarie.ca to request access to the eduroam CAT configuration portal.
- Your institution’s primary technical contact will be provided an invitation to access the cat.eduroam.org site. Technical instructions to configure the CAT profile for your institution can be found here.
- Information required to complete the configuration will be sent to you, including guidance on how to monitor usage and techniques for enforcement.
The CAF team can help you through the CAT implementation process.
Send your questions to tickets@canarie.ca and or contact us via Slack #eduroam-cat-profile.
Promoting CAT to Students, Researchers, and Staff
You can promote CAT to your user community and guide them through the process with the following tools:
