In response to this trend of disregarding communications security in exchange for easier deployment, the Wi-Fi Alliance (http://www.wi-fi.org/) developed the Wi-Fi Protected Setup (WPS) standard in 2007 with the goal of making it easier to setup secure wireless networks for the consumer and small business market. By 2011, this technology made its way into physical security products that use wireless communications, such as cameras and access card readers. While ease of installation may have been the driving factor for the development of this technology, the real benefit was getting over the hurdle of implementing IT security to the data being sent over the network.
The standard offers two simple setup options to greatly reduce installation time: the PIN method and the push button configuration method.
In the personal identification number (PIN) method, products are assigned a specific PIN sequence that can be broadcast to the wireless access point. Using a graphical user interface (GUI), the user selects which devices will be recognized by the network by entering their corresponding PINs. For instance, a network camera has a PIN assigned to it that is defined in the documentation of the product or on a sticker directly attached to the device. After being physically installed and powered on, the user or installer opens the GUI of the wireless router and enters the PINs of those products that were installed. The camera is now added to the network and is communicating in a secure manner.
The second and more popular implementation of WPS is the push button method, considered the penultimate of simplicity. The installer mounts the device and then pushes two buttons – one on the router and the other on the product itself. For a network camera, for instance, it’s simply a matter of physically installing the device then pushing the designated buttons on the access point and camera. The camera automatically registers itself and begins communicating securely over the wireless network.
Both of the PIN and push button methods avoid having to know the SSID or passphrase and minimize setup time, but the real benefit is that the communication between the camera and the network is now encrypted, which in many installations used to be the exception not the rule – especially in the small business environment.
No solution is 100 percent foolproof
From an ease of use perspective, WPS seems to solve the wireless networking learning curve in typical small system deployments. But does it actually provide the amount of security needed? The answer is a resounding, yes, but with a caveat.
WPS simplifies the setup of WPA2 and directly creates a secure connection based on an industry standard that frequently was ignored in the past due to the complexity of early setup methods. Unfortunately, in 2011, an exploit was published online which enables individuals to procure a WPS-enabled access point’s PIN using a brute force attack.
This type of attack is employed by hackers trying to decrypt an encrypted transmission and involves trying all variants of the encryption key. The longer the key, the more time it takes a computer to crack it. In the case of Wi-Fi protected setup – the push-button or PIN method – the keys are only eight digits long and can be deciphered in a manner of hours. To put this into perspective, traditional WPA2 setup methods use a key length of 14 alphanumeric characters or more, which increases the timeframe for a brute force attack from minutes to years based on today’s computing power.
If the WPS method is used and decoded by an attack, the hacker has access to the network as if encryption was never enabled. As a result of this exploit, most network administrators require WPS to be disabled during installation of the wireless router, thus causing many security integrators to stop using the encryption method.
Does this make WPS irrelevant? That depends on the target. For instance, is it likely that the local pizza shop that opts for a wireless video solution is going to be a hacked? Even if the shop is hacked, with limited bandwidth to the Internet gained by stealing services from outside the building or in another room, what could this hacker be trying to achieve by tapping into their network? On the other hand, a small bank branch that has the same camera count and is also using a wireless solution might consider network security as a mission critical component. In this case, an integrator would either opt for a wired solution or use the traditional method of manual setup.
To encrypt or not to encrypt: that is the question