The Secrets to WPS Success
My first article was born out of frustration with not being able to get a WPS session to successfully complete on any of the products that I have been testing. The "final straw" product, by the way, was a D-Link DIR-615 tested with a DWA-642 Notebook adapter. And the real shorts-twister was seeing a successfully-completed WPS session with no encryption enabled and no warning! These were all products that had passed Wi-Fi WPS Certification, too!
As mentioned earlier, the key to the mystery was provided by reader "UTO" who suggested resetting the router to defaults and retrying the WPS session or resetting the WPS mode to "Unconfigured". I didn't pay attention to the comment at the time. But the Configured / UnConfigured issue came up during discussions with D-Link as we tried to debug the WPS failures.
D-Link explained: "WPS has a "Configured" mode and an "Unconfigured" mode. A router, straight out of the box is in "Unconfigured" mode. If you were to take this completely defaulted router, plug it in and press the buttons, you will get a secured link".
And, sure enough, when I tried this, the DIR-615 and DWA-642 completed a WPS session in about 10 seconds, including enabling security.
D-Link further explained: "If you take a router straight out of the box and change the SSID and nothing else, WPS is still set to "Configured" and when you press the buttons, you will get an unsecured link. If you take the router out of the box and set the SSID and Security, then push the buttons, you will get a secure link".
It turns out that it's my practice to change the SSID in the routers that I test because the Azimuth system used for performance testing identifies devices by SSID. I have gotten into the habit of doing the change when I start bench testing, so that I don't forget later when I move the products into the Azimuth.
Since part of the WPS process is to generate a unique SSID (typically a combination of the default SSID and the last four digits of the product's MAC address), WPS code in the firmware checks to see if the SSID has already been changed. If it has, it considers the Registrar to be "Configured" and doesn't mess with the SSID or security mode settings. When a WPS session is initiated, it just propagates the "Configured" settings to the Client device, whether or not wireless security has been enabled.
While it makes sense for WPS to not change settings if security has already been set on the router, it doesn't make sense to me to consider a router with a changed SSID, but no security enabled to be "Configured"! At the very least, an alert should be thrown that the link is in an unsecure state at the completion of a WPS session where security has not been enabled.
I should note that the D-Link routers show a warning (Figure 13) if you have WPS enabled and manually enable any wireless security options (WEP, WPA or WPA2). But you don't get the warning if you just change the SSID, which is why I had no clue as to the implications of this seemingly innocent change.
Figure 13: WPS Setup Warning
So much for the AP / Registrar side. The other WPS essential is clients that support it. And this is where the industry—including the Wi-Fi Alliance—has made an unholy mess. While manufacturers have been relatively good about shipping new wireless routers with WPS supported, they have been doing a lousy job on the client side.
From what I can tell, part of the problem is political and a hold-over from the proprietary auto-secure-setup wars days. While manufacturers can see the value of making it easy for other manufacturers' client devices to connect to their AP, they apparently don't see the value of making their clients easy to connect to other manufacturers' APs. (This is a puzzler to me, since I have to believe that they margins are better on clients than on wireless routers! So why wouldn't they want to sell more wireless adapters?)
Another barrier is, of course, Microsoft, which seems uninterested in getting WPS support into its built-in Wireless Zero Configuration utility. WPS has no support in XP and Vista supports only the PIN method via an initial wired (!) setup.
So, as they did with WPA and the "supplicants" required to make it work, product manufacturers have to jump into this WPS breach. This basically means pushing back on wireless chipmakers to implement the required WPS client-side functions. For clients based on Atheros chipsets, this comes in the form of something that you may have already noticed and been wondering what it was.
Figure 14 shows the Network Connection properties for the Atheros XSPAN-based D-Link DWA-642. I have highlighted two drivers that you should know about.
Figure 14: Atheros drivers
The Jumpstart Wireless Intermediate Driver (Jumpstart was Atheros' contribution to the WPS melange) is installed by Atheros-based clients that support WPS. According to Andy Davidson, Sr. Director of Software Engineering at Atheros, this driver contains the guts of what is needed to implement client-side WPS.
It is interesting that, according to Andy, this driver will add WPS client functions to any other manufacturer's wireless client! So once it is installed, it will automatically link to all other installed network adapters and any adapters that you subsequently install. Of course, unless the client application works along with this driver, the user still won't see any WPS functions.
The Wireless Intermediate Driver is Atheros-specific and provides WPA / WPA2 supplicant functions. It should not automatically link to non-Atheros products and you should uncheck it if you find it linked. This driver doesn't really have anything to do with WPS. But I've always wondered what it was doing and, now that I know, thought I'd share the information.
Even though WPS was announced in August 2006 and Wi-Fi Certification testing started in January / February 2007, most new Wi-Fi products—even the "matching" clients to the latest and greatest draft 11n routers that do support WPS—are not shipping with WPS support. And adding WPS support to old products? Fuggeddaboudit!
Manufacturers would rather spin new generations of draft 11n products than work on upgrades to the current ones. So don't count on manufacturers actually delivering upgrades for product that you're using today. Past product transitions show they always prioritize pumping out new stuff over upgrading old.