Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

Wireless Features

Tags:

Introduction

WPS Logo

When I posted the How is WPS Supposed to Work? article, I expected to have the error of my ways shown to me in short order. But instead of a barrage of "You bonehead! This is how you do it..." comments, the article received only a few responses, most of which reported similar experiences.

The Wi-Fi Alliance provided no information, either, just an query via its PR agency asking which products had been tested. It turns out, however, that one reader, known only as "UTO", had the golden clue, which I'll share with you shortly.

So due to the scarcity of useful information on the workings of Wi-Fi Protected Setup, I'm going to use this Need To Know to flesh out the subject. I hope that it will save others the hassle of having to discover by experimentation information that should have been provided by the product manufacturers that are (so very) slowly incorporating WPS into their products.

As noted in the first article, WPS is a wireless security setup protocol announced in August 2006 that the Alliance brokered as a way to get Buffalo, Intel, Atheros, Broadcom and Microsoft to stop working at cross-purposes.

WPS combines elements of Broadcom's Secure Easy Setup, Buffalo's AOSS (AirStation One-Touch Secure System), Atheros' JumpStart, Intel’s Smart Wireless Technology and Microsoft's WCN (Windows Connect Now) into a single method for getting a wireless network securely set up quickly and easily.

We put both AOSS and Secure Easy Setup through their paces back in 2005. While both had their problems, both did succeed in automatically making a secure connection. But neither system would interoperate with the other; the problem that WPS set out to solve. Here we are three years later with the technology available to do what was done in 2005, but still not widely deployed for various reasons known only to the chip, product makers and Wi-Fi Alliance.

I suspect that part of the reason is that unlike WPA and WPA2 security, WPS is an optional certification. While many draft 11n routers are WPS certified, products introduced even as recently as last year, such as the Linksys WRT150N, still don't support it.

WPS support in client devices is even harder to find and must be supported in manufacturer-provided client applications. This is because Windows XP provides no WPS support and Windows Vista supports only the PIN method (more on that shortly). And even then, the router and client device must be initially connected via Ethernet (!) for Vista to support the WPS PIN session. (Subsequent client additions can be done via wireless connection, however.)

WPS Basics

The best source of WPS technical detail is the "Wi-Fi CERTIFIED¬ô for Wi-Fi Protected Setup" (PDF link) white paper—once you wade through the first 4 or 5 pages of marketing-ese.

WPS currently supports two methods: Personal Information Number (PIN) and Push Button Configuration (PBC). The spec also includes a third method, Near-Field Communication (NFC) but there are currently no products that support NFC. To quote from the white paper:

"The Wi-Fi Protected Setup specification mandates that all Wi-Fi CERTIFIED products that support Wi-Fi Protected Setup are tested and certified to include both PIN and PBC configurations in APs, and at a minimum, PIN in client devices."

The difference between the two methods is pretty much described in their names. The PIN method involves entering a client device PIN, obtained either from a client application GUI or a label on a device, into the appropriate admin screen on a Registrar device.

Quoting further:"A Registrar ... issues the credentials necessary to enroll new clients on the network. In order to enable users to add devices from multiple locations, the specification also supports having multiple Registrars on a single network. Registrar capability is mandatory in an AP."

The PBC method requires the user to push buttons on the Registrar and Client devices within a two-minute period to connect them. (The two-minute period also applies to the PIN method.) The buttons can be physical, as they typically are on AP / router devices or virtual, as is normal on client devices.

More Wireless

Featured Sponsors



Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Top Performing Routers

AC3200
AC2600
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

Just wondering if anyone knows the answer to this observation I made today. I found that on my ASUS RT-AC68U (running Asuswrt-Merlin 380.59) I can tr...
Hello all. So me and the guys I work with have been learning about IPsec VPNs, and in particular we have purchased a number of different VPN routers ...
I'm new to the forum and Asus-Merlin but have a fair amount of experience with DD-WRT and Tomato. I recently purchased the RT-AC66W, did some homewor...
Hi everyone, I read through this forum in a lot of detail, and I saw other articles around this, but nothing that solves what i'm looking for. Here i...
‚ÄčOur V9 wireless test process introduces new test clients and new ways of using them. Read on SmallNetBuilder

Don't Miss These

  • 1
  • 2
  • 3