Wi-Fi Protected Setup

Last updated
The WPS push button (center, blue) on a wireless router showing the symbol defined by the Wi-Fi Alliance for this function. Cisco router WPS button.jpg
The WPS push button (center, blue) on a wireless router showing the symbol defined by the Wi-Fi Alliance for this function.

Wi-Fi Protected Setup (WPS), originally Wi-Fi Simple Config, is a network security standard to create a secure wireless home network.

Contents

Created by Cisco and introduced in 2006, the purpose of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. It is used by devices made by HP, Brother and Canon for their printers. WPS is a wireless method that is used to connect certain Wi-Fi devices such as printers and security cameras to the Wi-Fi network without using any password. In addition, there is another way to connect called WPS Pin that is used by some devices to connect to the wireless network. [1] Wi-Fi Protected Setup allows the owner of Wi-Fi privileges to block other users from using their household Wi-Fi. The owner can also allow people to use Wi-Fi. This can be changed by pressing the WPS button on the home router. [2]

A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key (PSK). [3] Users have been urged to turn off the WPS PIN feature, [4] although this may not be possible on some router models. [5]

Modes

The standard emphasizes usability and security, and allows four modes in a home network for adding a new device to the network:

PIN method
In which a PIN has to be read from either a sticker or display on the new wireless device. This PIN must then be entered at the "representant" of the network, usually the network's access point. Alternately, a PIN provided by the access point may be entered into the new device. This method is the mandatory baseline mode and everything must support it. The Wi-Fi Direct specification supersedes this requirement by stating that all devices with a keypad or display must support the PIN method. [6]
Push button method
In which the user has to push a button, either an actual or virtual one, on both the access point and the new wireless client device. On most devices, this discovery mode turns itself off as soon as a connection is established or after a delay (typically 2 minutes or less), whichever comes first, thereby minimizing its vulnerability. Support of this mode is mandatory for access points and optional for connecting devices. The Wi-Fi Direct specification supersedes this requirement by stating that all devices must support the push button method. [7]
Near-field communication method
In which the user has to bring the new client close to the access point to allow a near field communication between the devices. NFC Forumcompliant RFID tags can also be used. Support of this mode is optional.
USB method
In which the user uses a USB flash drive to transfer data between the new client device and the network's access point. Support of this mode is optional, but deprecated.

The last two modes are usually referred to as out-of-band methods as there is a transfer of information by a channel other than the Wi-Fi channel itself. Only the first two modes are currently[ when? ] covered by the WPS certification. The USB method has been deprecated and is not part of the Alliance's certification testing.

Some wireless access points have a dual-function WPS button, and holding this button down for a shorter or longer time may have other functions, such as factory-reset or toggling WiFi. [8]

Some manufacturers, such as Netgear, use a different logo and/or name for Wi-Fi Protected Setup; [9] the Wi-Fi Alliance recommends the use of the Wi-Fi Protected Setup Identifier Mark on the hardware button for this function. [10]

Technical architecture

The WPS protocol defines three types of devices in a network:

Registrar
A device with the authority to issue and revoke access to a network; it may be integrated into a wireless access point (AP), or provided as a separate device.
Enrollee
A client device seeking to join a wireless network.
AP
An access point functioning as a proxy between a registrar and an enrollee.

The WPS standard defines three basic scenarios that involve components listed above:

AP with integrated registrar capabilities configures an enrollee station (STA)
In this case, the session will run on the wireless medium as a series of EAP request/response messages, ending with the AP disassociating from the STA and waiting for the STA to reconnect with its new configuration (handed to it by the AP just before).
Registrar STA configures the AP as an enrollee
This case is subdivided in two aspects: first, the session could occur on either a wired or wireless medium, and second, the AP could already be configured by the time the registrar found it. In the case of a wired connection between the devices, the protocol runs over Universal Plug and Play (UPnP), and both devices will have to support UPnP for that purpose. When running over UPnP, a shortened version of the protocol is run (only two messages) as no authentication is required other than that of the joined wired medium. In the case of a wireless medium, the session of the protocol is very similar to the internal registrar scenario, but with opposite roles. As to the configuration state of the AP, the registrar is expected to ask the user whether to reconfigure the AP or keep its current settings, and can decide to reconfigure it even if the AP describes itself as configured. Multiple registrars should have the ability to connect to the AP. UPnP is intended to apply only to a wired medium, while actually it applies to any interface to which an IP connection can be set up. Thus, having manually set up a wireless connection, the UPnP can be used over it in the same manner as with the wired connection.
Registrar STA configures enrollee STA
In this case the AP stands in the middle and acts as an authenticator, meaning it only proxies the relevant messages from side to side.

Protocol

The WPS protocol consists of a series of EAP message exchanges that are triggered by a user action, relying on an exchange of descriptive information that should precede that user's action. The descriptive information is transferred through a new Information Element (IE) that is added to the beacon, probe response, and optionally to the probe request and association request/response messages. Other than purely informative type–length–values, those IEs will also hold the possible and the currently deployed configuration methods of the device.

After this communication of the device capabilities from both ends, the user initiates the actual protocol session. The session consists of eight messages that are followed, in the case of a successful session, by a message to indicate that the protocol is completed. The exact stream of messages may change when configuring different kinds of devices (AP or STA), or when using different physical media (wired or wireless).

Band or radio selection

Some devices with dual-band wireless network connectivity do not allow the user to select the 2.4 GHz or 5 GHz band (or even a particular radio or SSID) when using Wi-Fi Protected Setup, unless the wireless access point has separate WPS button for each band or radio; however, a number of later wireless routers with multiple frequency bands and/or radios allow the establishment of a WPS session for a specific band and/or radio for connection with clients which cannot have the SSID or band (e.g., 2.4/5 GHz) explicitly selected by the user on the client for connection with WPS (e.g. pushing the 5 GHz, where supported, WPS button on the wireless router will force a client device to connect via WPS on only the 5 GHz band after a WPS session has been established by the client device which cannot explicitly allow the selection of wireless network and/or band for the WPS connection method). [11] [12]

A Telstra 4GX Advanced III mobile broadband device showing WPS pairing options for a particular radio/band. WPS Band Selection Option Display.jpg
A Telstra 4GX Advanced III mobile broadband device showing WPS pairing options for a particular radio/band.

Security

A generic service bulletin regarding physical security for wireless access points WPS PhysicalSecurityBulletin.png
A generic service bulletin regarding physical security for wireless access points
A wireless router showing printed preset security information including the free Wi-Fi Wirelessrouter securityinfoprinted.jpg
A wireless router showing printed preset security information including the free Wi-Fi

Online brute-force attack

In December 2011, researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to be performed on WPS-enabled Wi-Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network, and the only effective workaround is to disable WPS. [4] The vulnerability centers around the acknowledgement messages sent between the registrar and enrollee when attempting to validate a PIN, which is an eight-digit number used to add new WPA enrollees to the network. Since the last digit is a checksum of the previous digits, [13] there are seven unknown digits in each PIN, yielding 107 = 10,000,000 possible combinations.

When an enrollee attempts to gain access using a PIN, the registrar reports the validity of the first and second halves of the PIN separately. Since the first half of the pin consists of four digits (10,000 possibilities) and the second half has only three active digits (1000 possibilities), at most 11,000 guesses are needed before the PIN is recovered. This is a reduction by three orders of magnitude from the number of PINs that would be required to be tested. As a result, an attack can be completed in under four hours. The ease or difficulty of exploiting this flaw is implementation-dependent, as Wi-Fi router manufacturers could defend against such attacks by slowing or disabling the WPS feature after several failed PIN validation attempts. [3]

A young developer based out of a small town in eastern New Mexico created a tool that exploits this vulnerability to prove that the attack is feasible. [14] [15] The tool was then purchased by Tactical Network Solutions in Maryland for 1.5 million dollars. They state that they have known about the vulnerability since early 2011 and had been using it. [16]

In some devices, disabling WPS in the user interface does not result in the feature actually being disabled, and the device remains vulnerable to this attack. [5] Firmware updates have been released for some of these devices allowing WPS to be disabled completely. Vendors could also patch the vulnerability by adding a lock-down period if the Wi-Fi access point detects a brute-force attack in progress, which disables the PIN method for long enough to make the attack impractical. [17]

Offline brute-force attack

In the summer of 2014, Dominique Bongard discovered what he called the Pixie Dust attack. This attack works only on the default WPS implementation of several wireless chip makers, including Ralink, MediaTek, Realtek and Broadcom. The attack focuses on a lack of randomization when generating the E-S1 and E-S2 "secret" nonces. Knowing these two nonces, the PIN can be recovered within a couple of minutes. A tool called pixiewps has been developed [18] and a new version of Reaver has been developed to automate the process. [19]

Since both the client and access point (enrollee and registrar, respectively) need to prove they know the PIN to make sure the client is not connecting to a rogue AP, the attacker already has two hashes that contain each half of the PIN, and all they need is to brute-force the actual PIN. The access point sends two hashes, E-Hash1 and E-Hash2, to the client, proving that it also knows the PIN. E-Hash1 and E-Hash2 are hashes of (E-S1 | PSK1 | PKe | PKr) and (E-S2 | PSK2 | PKe | PKr), respectively. The hashing function is HMAC-SHA-256 and uses the "authkey" that is the key used to hash the data.

Physical security issues

All WPS methods are vulnerable to usage by an unauthorized user if the wireless access point is not kept in a secure area. [20] [21] [22] Many wireless access points have security information (if it is factory-secured) and the WPS PIN printed on them; this PIN is also often found in the configuration menus of the wireless access point. If this PIN cannot be changed or disabled, the only remedy is to get a firmware update to enable the PIN to be changed, or to replace the wireless access point.

It is possible to extract a wireless passphrase with the following methods using no special tools: [23]

Related Research Articles

<span class="mw-page-title-main">IEEE 802.11</span> Wireless network standard

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of medium access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.

<span class="mw-page-title-main">Wireless LAN</span> Computer network that links devices using wireless communication within a limited area

A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. This gives users the ability to move around within the area and remain connected to the network. Through a gateway, a WLAN can also provide a connection to the wider Internet.

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, hotels, libraries, and airports.

<span class="mw-page-title-main">Universal Plug and Play</span> Set of networking protocols

Universal Plug and Play (UPnP) is a set of networking protocols on the Internet Protocol (IP) that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices, to seamlessly discover each other's presence on the network and establish functional network services. UPnP is intended primarily for residential networks without enterprise-class devices.

<span class="mw-page-title-main">Wireless access point</span> Device that allows wireless devices to connect to a wired network

In computer networking, a wireless access point (WAP) is a networking hardware device that allows other Wi-Fi devices to connect to a wired network or wireless network. As a standalone device, the AP may have a wired or wireless connection to a switch or router, but in a wireless router it can also be an integral component of the networking device itself. A WAP and AP is differentiated from a hotspot, which can be a physical location or digital location where Wi-Fi or WAP access is available.

Wired Equivalent Privacy (WEP) is an obsolete, severely flawed security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by its key of 10 or 26 hexadecimal digits, was at one time widely used, and was often the first security choice presented to users by router configuration tools.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access points without the traditional requirement for a wired backbone to link them. The notable advantage of WDS over other solutions is that it preserves the MAC addresses of client frames across links between access points.

<span class="mw-page-title-main">Wi-Fi hotspot</span> Wi-Fi access point

A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

IEEE 802.11r-2008 or fast BSS transition (FT), is an amendment to the IEEE 802.11 standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure client transitions from one Basic Service Set to another performed in a nearly seamless manner. It was published on July 15, 2008. IEEE 802.11r-2008 was rolled up into 802.11-2012. The terms handoff and roaming are often used, although 802.11 transition is not a true handoff/roaming process in the cellular sense, where the process is coordinated by the base station and is generally uninterrupted.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

AOSS is a system by Buffalo Technology which allows a secure wireless connection to be set up with the push of a button. AirStation residential gateways incorporated a button on the unit to let the user initiate this procedure. AOSS was designed to use the maximum level of security available to both connecting devices, including both Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA).

In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

<span class="mw-page-title-main">Wi-Fi Direct</span> Wi-Fi standard for peer-to-peer wireless connections

Wi-Fi Direct is a Wi-Fi standard for wireless connections that allows two devices to establish a direct Wi-Fi connection without an intermediary wireless access point, router, or Internet connection. Wi-Fi Direct is single-hop communication, rather than multi-hop communication like wireless ad hoc networks. The Wi-Fi Direct standard was specified in 2009.

SecureEasySetup, or SES is a proprietary technology developed by Broadcom to easily set up wireless LANs with Wi-Fi Protected Access. A user presses a button on the wireless access point, then a button on the device to be set up and the wireless network is automatically set up.

IEEE 1905.1 is an IEEE standard which defines a network enabler for home networking supporting both wireless and wireline technologies: IEEE 802.11, IEEE 1901 power-line networking, IEEE 802.3 Ethernet and Multimedia over Coax (MoCA).

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

<span class="mw-page-title-main">KRACK</span> Attack on the Wi-Fi Protected Access protocol

KRACK is a replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

References

  1. "Where is the WPS Pin located on my hp printer?". Optimum Tech Help. 2023-01-19. Retrieved 2023-07-12.
  2. Higgins, Tim (13 March 2008). "How is WPS supposed to work?". SmallNetBuilder. Retrieved 2020-05-01.
  3. 1 2 Viehböck, Stefan (2011-12-26). "Brute forcing Wi-Fi Protected Setup" (PDF). Retrieved 2011-12-30.
  4. 1 2 Allar, Jared (2011-12-27). "Vulnerability Note VU#723755 - WiFi Protected Setup PIN brute force vulnerability". Vulnerability Notes Database. US CERT . Retrieved 2011-12-31.
  5. 1 2 Gallagher, Sean (2012-01-04). "Hands-on: hacking WiFi Protected Setup with Reaver". Condé Nast Digital. Retrieved 2012-01-20.
  6. P2P Spec 1.2, clause 3.1.4.3
  7. P2P Spec 1.2,
  8. Tenda W311R+ product page: long press causes factory reset. Retrieved 18 January 2016; Draytek: Vigor 2820 Series manual: short press toggles WiFi
  9. "Netgear N600 Wireless Dual Band Gigabit ADS2+ Modem Router DGND3700 User Manual" (PDF). www.netgear.com. Retrieved January 16, 2016.
  10. "Wi-Fi Alliance Brand Style Guide 2014" (PDF). www.wi-fi.org. Wi-Fi Alliance. April 2014. Archived from the original (PDF) on January 17, 2016. Retrieved January 16, 2016.
  11. "D-Link DSL-2544N Dual Band Wireless N600 Gigabit ADSL2+ Modem Router User Manual, Version 1.0", Page 11, Retrieved 26 January 2016.
  12. NetComm NF8AC User Guide, Page 11, http://media.netcomm.com.au/public/assets/pdf_file/0004/142384/NF8AC-User-Guide.pdf, Retrieved October 16, 2016.
  13. "Windows Connect Now–NET (WCN-NET) Specifications". Microsoft Corporation. 2006-12-08. Retrieved 2011-12-30.
  14. "reaver-wps" . Retrieved 2011-12-30.
  15. "Reaver demonstration on WPS - proof of concept".
  16. Dennis Fisher (2011-12-29). "Attack Tool Released for WPS PIN Vulnerability" . Retrieved 2011-12-31. This is a capability that we at TNS have been testing, perfecting and using for nearly a year.
  17. Slavin, Brad (January 18, 2013). "Wi-Fi Security – The Rise and Fall of WPS". Netstumbler.com. Retrieved December 17, 2013.
  18. "pixiewps". GitHub . Retrieved 2015-05-05.
  19. "Modified Reaver". GitHub . Retrieved 2015-05-05.
  20. Scheck, Steven (2014-09-04). "WPS – Advantages and Vulnerability". ComputerHowtoGuide. Retrieved 2023-07-12.
  21. Hoffman, Chris (2017-07-10). "Wi-FI Protected Setup (WPS) is Insecure: Here's Why You Should Disable It". How-To Geek. Retrieved 2023-07-12.
  22. Tomáš Rosa, Wi-Fi Protected Setup: Friend or Foe, Smart Cards & Devices Forum, May 23, 2013, Prague, Retrieved October 16, 2016.
  23. 1 2 "An Emphasis On Physical Security For Wireless Networks", Bryce Cherry on Youtube, retrieved 2023-07-12