Wi-Fi Protected Setup Arrives

By Eric Griffith

January 08, 2007

A one-step way of protecting WLAN connections is ready, with major vendor support.

At CES 2007 in Las Vegas today, the Wi-Fi Alliance said it has certified the first products supporting Wi-Fi Protected Setup (WPS). This is an optional technology meant to make it easier for home and small office network operators – those without an IT staff — to deploy secure wireless LANs.

Parks Associates forecasts that 90% of homes with networks will use Wi-Fi by 2010; the Alliance's own surveys show security is among the top three issues most important to consumers with a WLAN. However, only 2 in 5 people have turned it on, according to JupiterResearch. Wi-Fi security has always been notoriously hard to configure for the layman — even for some experts. WPS is seen as the next, best step to making security a seamless part of the install process.

WPS requires support of Wi-Fi Protected Access (WPA) or WPA2, a super-set of the 802.11i security specification from the IEEE. Legacy products with WPA/WPA2 only can still join the network, but they have to go through the usual extra steps required today.

WPS will not work with wired equivalent privacy (WEP). If you have even just one device on the network that supports only WEP, you can't use WPS — WEP use forces the entire network down to that lowest common denominator.

WEP has long been considered flawed and easily cracked by anyone with the time and tools to bother — but it also continues to be the only security option found on some Wi-Fi products, even today. Karen Hanley, senior marketing director for the Alliance, says, "We're continuing to reach out to companies to get certified. As of March 2006, WPA2 was mandatory for certification. We encourage vendors to use the strongest level of security."

The setup of a WPS network is simple. Use a push button configuration (PBC) on the Wi-Fi router, or enter a 4- or 8-digit PIN code if there's no button. Each client laptop, camera, game device, phone, or what-have-you supporting WPS will come with a hard-coded PIN code. Set an initial client up to talk with the router/gateway and it becomes the master device used to enter PIN codes of other clients that want network access. There's no standard graphical interface for entering the PIN; the Alliance is leaving that up to the vendors.

Eventually, the Alliance says WPS could be deployed using a USB memory stick, by copying settings when plugged into a router, then plugging the same stick into each client -- or by using near-field communications (NFC). NFC means using a token or card that doesn't even plug in; the user would just pass it by the client system to copy the settings via a short-range wireless signal. Both of these options require the vendors to build in the technology.

Products supporting Wi-Fi Protected Setup will have the following "identifier mark" on their packaging once they pass Alliance certification tests:

Older products that support WPA/WPA2 could be upgradeable via software/firmware to support the WPS PIN-code setup. Such products will need to go through testing again before they can carry the seal or use the term Wi-Fi Protected Setup, which is a trademark of the Alliance. "Branding-wise, we have a brand review and trademark function, and we discourage the use of our trademark unless certified," says Hanley. Vendors can't support WPS without being Wi-Fi Certified.

Several Wi-Fi chip, software and hardware vendors had a hand in helping to develop the WPS specification. Hanley says there were 20 to 30 voting members of the taskgroup working on WPS. It is also the first true specification from the Alliance -- in the past, it has worked only on specifications from the IEEE and other bodies.

"This is not only our first specification, but it's a nod to what the marketplace needs in terms of ease-of-use," Hanley says.

Many of the vendors who worked on the specification are represented on the list of initial products — really, reference designs used by original equipment manufacturers (OEMs) to make products — that are certified to become part of the WPS testbed used by the Alliance certification labs. They include Atheros, Broadcom, Conexant, Intel, Marvell and Ralink.

Atheros and Broadcom both had previous technologies to automate Wi-Fi security setup using software or push buttons. Atheros said today that it will keep the name of its technology, called JumpStart, but will upgrade to version 2.0 as it becomes fully compatible with WPS.

Buffalo Technology is also on the list of WPS certified products, with its AirStation Wireless-A&G High Power Access Point (model WHR-HP-AMPGV) and AirStation Wireless-A&G High Power Notebook Adapter. Buffalo was the earliest proponent of PBC security setup for Wi-Fi with its AirStation One-Touch Secure System (AOSS) tech, way back in 2004. This tech will continue to appear in Buffalo products, including new hardware introduced at CES such as the LinkTheater Wireless-A&G Media Player. Buffalo plans to implement both AOSS and WPS together. A button on a Buffalo product would activate both, enabling PBS connections to both legacy AOSS clients and new WPS clients.

The Wi-Fi Alliance later this year will start testing of the 802.11n specification as it reaches the Draft 2.0 stage with the IEEE. This is a first for the Alliance, which in the past has waited until specs were fully ratified by the IEEE's 802.11 Working Group. However, the number of products coming out with Draft-N support forced their hand — otherwise, consumers would be left to fend for themselves, as they have with Draft 1.0 products. That testing will coincide with the WPS testing, bringing the easy security to the higher-performing products.  

"We are encouraged by the response to WPS," says Hanley, who adds that the labs are ready for testing. She expects that plenty of new products with WPS — even some supporting the NFC and USB setup — will ship within the next six months.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.