Wi-Fi Protected Setup (WPS) will use push-button or PIN to simplify secure network setup: The Wi-Fi Alliance has rolled out its long-expected and openly discussed WPS system for its members to choose to implement and have certified as a component of their Wi-Fi devices. With WPS, a router can provide strong WPA/WPA2 encryption keys to client devices with the push of a button or the entry of a 4- or 8-digit personal identification number (PIN). The PIN can be generated by software or preprogrammed into a client device and printed on an included card. Push-button authentication will work essentially like Buffalo's AOSS method; PIN authentication like Atheros's JumpStart (which Atheros notes is compatible in version 2.0 with WPS).
With WPS, however, the system will automatically set the SSID or network name as part of the setup process. That's both for simplicity's sake, and for security reasons. WPA/WPA2 uses the SSID as part of the process by which it generates the encryption elements used to protect network traffic. There's been some speculation that default networks name like "default" could be paired with massive, precalculated databases of short dictionary-based passphrases.
Products with WPS enabled should be available in the first quarter of 2007, but the Alliance announced several pieces of equipment--mostly reference design from chipmakers--that were certified as part of the process of finalizing the standard. This includes designs from Atheros, Broadcom, Buffalo, Conexant, Intel, Marvell, and Ralink.
Future releases will support near-field communications (NFC), in which one device is held near another to initiate a key exchange; and USB-based support in which a memory stick is inserted into a gateway or computer, and then inserted in each client device to add them to the network. Wi-Fi Alliance managing director Frank Hanzlik said in an interview that there was backing for all four forms of WPS association because "you might have vastly different products over time that might want to be able to capitalize on this." Some equipment may have no display whatsoever, like putative wireless headphones that might have a volume adjustment and nothing else.
WPS should eliminate the awkward entry of WPA passphrases now required on devices that lack keyboards. If I never have to use a directional arrow or a phone interface to "type" letters again for a passphrase, it will be too soon.
Hanzlik said that WPS provides a standards-based method for its members to implement simplified security, although each member may choose a different user interface to wrap around the process. He noted that WPS would tend to remove security as a differentiator among products, but that vendors appeared ready to do so, based on the broad participation in the Alliance's development.
This is the first standard to come out of the Alliance, rather than the IEEE or other groups, Hanzlik noted, because the particular combination of factors--which include user experience and usability--weren't under discussion in other industry forums. The standard will be available for download for a nominal fee. WPS is also unique in requiring WPA or WPA2 support in all devices. "By design, this does not support WEP," Hanzlik said.
WPS's timing is good for equipment makers because of the near-term gelling of the IEEE 802.11 Task Group's Draft 2.0. The Alliance will have a certification program for Draft 2.0. Hanzlik noted, "That is exactly what we hoped--that we'd have this out there with enough time that all the folks getting ready to bring out the new 802.11n draft certified products come June would be able to incorporate this."
Hanzlik expects that manufacturers will offer WPS upgrades for some older client equipment, as PIN authentication for WPS could be handled through existing client software and Web-based gateway configuration. The Alliance would likely not separately test legacy equipment that receives upgrades, but all new devices that want to sport WPS would go through certification.