|
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a network security standard to create a secure wireless home network. The PIN method (see below) could fail against brute-force attacks. Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. Prior to the standard, several competing solutions were developed by different vendors to address the same need. A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS PIN feature, although this may not be possible on some router models. == Modes == The standard emphasizes usability and security, and allows four modes in a home network for adding a new device to the network: * ''PIN method'', in which a personal identification number (PIN) has to be read from either a sticker or display on the new wireless device. This PIN must then be entered at the "representant" of the network, usually the network's access point. Alternately, a PIN provided by the access point may be entered into the new device. This method is the mandatory baseline mode and everything must support it. The Wi-Fi Direct specification supersedes this requirement by stating that all devices with a keypad or display must support the PIN method.〔P2P Spec 1.2, clause 3.1.4.3〕 * ''Push button method'', in which the user has to push a button, either an actual or virtual one, on both the access point and the new wireless client device. On most devices, this discovery mode turns itself off as soon as a connection is established or after a delay (typically 2 minutes or less), whichever comes first, thereby minimizing its vulnerability. Support of this mode is mandatory for access points and optional for connecting devices. The Wi-Fi Direct specification supersedes this requirement by stating that all devices must support the push button method.〔P2P Spec 1.2, clause 3.1.4.3〕 * ''Near field communication method'', in which the user has to bring the new client close to the access point to allow a near field communication between the devices. NFC Forum–compliant RFID tags can also be used. Support of this mode is optional. * ''USB method'', in which the user uses a USB flash drive to transfer data between the new client device and the network's access point. Support of this mode is optional, but deprecated. The last two modes are usually referred to as out-of-band methods as there is a transfer of information by a channel other than the Wi-Fi channel itself. Only the first two modes are currently covered by the WPS certification. The USB method has been deprecated and is not part of the Alliance's certification testing. Some wireless access points have a dual-function WPS button, and pressing this button for long will cause a factory-reset. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Wi-Fi Protected Setup」の詳細全文を読む スポンサード リンク
|