Categories

• Amy
• bike-related
• brushes with celebrity
• deep thoughts
• Dragon*Con
• food
• funny
• geekiness
• life events/news
• linkfood
• Links
• memes
  • Video Picks
• memories
• music
  • Com-Pak Music Theater
  • Huntsville Master Chorale
• new things
• random
• rant
• site updates
• Travel
• Uncategorized

Archives

• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• April 2008
• March 2008
• February 2008
• January 2008
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• April 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005
• August 2005
• July 2005
• June 2005
• May 2005
• March 2005
• January 2005
• December 2004
• November 2004
• August 2004
• July 2004
• June 2004
• May 2004
• April 2004
• March 2004
• November 2003
• October 2003
• April 2003
• February 2003
• January 2003
• October 2002
• September 2002
• July 2002
• May 2002
• September 2001
• November 2000

Meta

• Log in
• Valid XHTML
• XFN
• WordPress

Archive for the ‘geekiness’ Category

Wi-Fi Protected Setup - a good idea badly implemented?

This post is a rant about what I think is a pretty decent idea gone pretty badly wrong. The idea is something called “Wi-Fi Protected Setup.” I have not been able to find any other information on the web that talks about the particular problems I’ve seen (and what I believe to be a not-insignificant security hole), so why not rant about it here a bit?

Wi-Fi Protected Setup (WPS), as I said, seems to me to be a pretty good idea for solving a valid problem: historically, setting up a secure wireless network is not easy for the average home user. The user has historically been expected to set up a number of security-critical settings when first installing the wireless access point (”AP”, usually a wireless router), such as SSID, security/encryption type, and a passphrase. Once all that is set up, each wireless “client” device must select the correct wireless network (by SSID) and then be given the network’s passphrase in order to connect. For those of us familiar with security and networking, this is pretty simple. For the average home user, it can be quite confusing.

My understanding of the idea behind WPS is to help the average user bypass a lot of these steps and still end up with a secure network. In an example WPS setup (described by a whitepaper available from the Wi-Fi Alliance web site), the process might look like this:

• power up the new AP
• attempt to connect to the wireless network with a client device
• verify that the client and AP really should be connecting by:
  • pressing buttons (could be either physical or virtual) on both ends, which starts a limited-time window for allowing the connection, or
  • entering a PIN number provided by the client into the AP

This process would automatically set up an SSID (hopefully unique) and passphrase (hopefully pseudorandom) on the AP and transfer that information to the client. For each new client, the process is simply repeated (with the difference that the SSID and passphrase are not reset for the subsequent added clients). The pushbuttons/PIN help verify that only known clients are added to the network, and the user is spared a lot of setup. I quite like the theory.

In practice, of course, not all wireless APs and clients support WPS. In particular, the Wireless Zero Configuration utility in Windows XP does not support WPS. My web research also suggests that while Vista supports WPS, it does so in a way that requires a wired Ethernet connection for the initial AP setup. I’m not a Vista user, so I can’t verify this personally. For any AP or client which does not support WPS, the standard “manual” method for connecting to the network must be used: the network’s passphrase must be known and must be provided to the client.

My particular rant in this post, however, has to do with the way that Intel chose to implement WPS in their Wi-Fi Configuration Utility (an optional component supplied with their driver which replaces the Windows built-in Wireless Zero Configuration utility) and how it interacts with the WPS implementation in a Linksys wireless router which I have personally used.

Intel chose to implement a PIN-based method for authorizing clients on a network. My reading of the WPS descriptions that I’ve seen (including the aforementioned white paper) seems to imply that the PIN method is intended to work by taking a PIN provided by the client and providing it to the AP. That makes sense to me. In that model, the only time a client can join the network (using WPS) is if its PIN is provided to the AP. Access for doing that is presumably restricted to someone who controls the network.

However, upon detecting a network which supports WPS, the Intel utility asks the user for a “device ownership password” associated with the AP. Once the user obtains this “password” (which is really a WPS PIN) from the AP and types it into the PC, the connection is established. The Linksys router I used humors this behavior by providing a WPS pin (in addition to having both a physical and a web-based virtual button and a place to type in a client’s PIN). The router’s PIN is provided in the web interface and is printed on a sticker attached to the bottom of the router. Here’s the kicker, though: the Linksys router’s PIN is chosen at the factory and cannot be changed by the end user.

I see two security holes here. First, the PIN is a relatively short numeric value. Since all a WPS client needs is that PIN in order to gain access to the network, that effectively creates a very weak “password” (regardless of the size or complexity of the actual WPA/WPA2 passphrase). The bigger problem, however, is that once that PIN has been given out, it can be used again, potentially by a new unauthorized user. Since the PIN cannot be changed, the router’s owner has no way of preventing this from happening. The web interface on the router supposedly gave a way to turn off WPS, but it did not appear to work. I was still able to use the PIN to gain access even after turning that option off.

On Intel’s side, there is yet another problem. Not all APs which support WPS provide a PIN. Some can only accept a client PIN (which seems to me to be what was intended in the design of WPS). The Intel utility does not provide a client PIN. It requires a PIN from a WPS-supporting AP. If the AP doesn’t have a PIN, then you’re pretty much stuck. I did not see a way to bypass that prompt and manually connect using the network’s WPA/WPA2 passphrase. The only way I saw around it was to run the Intel setup utility and remove the Wi-Fi Protected Setup feature altogether (which, fortunately, can be removed separately while leaving the rest of the utility intact). At that point, the network can be added manually.

This seems like an example of a good idea implemented very badly. I think the whole model of the AP providing the PIN to be used by the clients is backwards. It places control in the hands of the clients instead of the AP. It also reduces security by depending on a relatively short numeric value. I could almost live with that, though, if there was a way to change the PIN or disable WPS on the Linksys router. What really surprises me is that I have not seen anyone else on the net mention this. I may be missing something. The Cisco-Linksys WPS interaction I’ve described above is from my own experience, but it’s possible that I’ve done something incorrect. If anyone can see the hole in my description, please comment on this post and explain. If I’m right, though, then this looks like a pretty broken system.

geekiness, rant Comments 0 Jun 15th, 2009

Your obscure reference of the day

After skimming this page, I’ve decided that the circle of fifths is the Smith chart of music.

If you’re a regular reader on this site and that comparison made sense to you, then your name is probably either Stephen Granade or John Wilson. Let me know if I missed anyone.

geekiness, music Comments 5 Sep 25th, 2008

Back from vacation

I do believe a week away was exactly what I needed, and now I’m back.

I’ll try to discipline myself over the next week or so to actually write about what I did while I was away. To start with though, here’s a quickie for you.

While we were in the “Sky Church” at the Experience Music Project, I started hearing a song that I immediately started humming along with but didn’t immediately place. Turns out it was an artist named Petra Haden doing an almost completely a cappella remake of Journey’s “Don’t Stop Belivein’”. Turns out there was a competition for creating videos to go with that song and the others on the same compilation album, and YouTube has the video for this one. I don’t particularly like the spoken word portion. It doesn’t fit with the hyper-accuracy of the rest of the song, but I forgive it anyway.

P.S.
This song was recorded for an album full of “guilty pleasure” songs. Bonus points for the first person to recognize and comment on the other guilty pleasure song reference in this one.

geekiness, music Comments 0 Jul 28th, 2008

The redshirt

I feel like just about everyone who reads this site has seen the movie Galaxy Quest. I found it on the TiVo tonight and watched it again. It’s just spot-on brilliant parody.

You all know that, though. This post is about Guy Fleegman, the character in the movie who we learn played the part of “Crewman Number 6″, who was killed in one of the original Galaxy Quest episodes. All throughout the movie Guy is mortified that he’s going to be killed. The rest of the Galaxy Quest cast constantly try to console him, and Guy does indeed make it to the end of the story. As a reward for his help and to prove that he’s an important character, they give Guy a role in the new adventures of Galaxy Quest. That’s all back story. What I didn’t realize until just tonight is that I think the joke goes one layer deeper. I’ll let you guys decide if I’m right.

Guy’s character in the new series is “Security Chief ‘Roc’ Ingersol.” If the new Galaxy Quest series is basically Star Trek: TNG, does anyone else remember the Enterprise D’s first security chief and what happened to her in the very first season?

I could be reaching, but I don’t think I am.

funny, geekiness Comments 1 Jul 3rd, 2008

What nice guys already knew…

It’s not like this one’s a surprise, but it’s interesting to see actual research on it…
Bad guys really do get the most girls

geekiness, linkfood Comments 2 Jun 30th, 2008